Are there benefits to creating hardened child keys from unhardened ones?

8 replies 512 views
king_tokenFull Member
Posts: 26 · Reputation: 293
#1Jul 29, 2024, 09:53 AM
Is there any real-world benefit to making a hardened child key from an unhardened parent key in BIP32? Like, are there specific situations or uses where this method of key derivation comes in handy or is often used? Sorry if this seems like a dumb question.
3 Reply Quote Share
pixel2014Hero Member
Posts: 857 · Reputation: 4132
#2Jul 29, 2024, 10:47 AM
If a child private key is not having hardened derivational path, and if its master public key is known, with that, the master private key can be derived, which can used used to generate all other child private keys belonging to that wallet and its coins can be stolen. With hardened keys, that is not possible.
4 Reply Quote Share
BasedGasHero Member
Posts: 460 · Reputation: 2335
#3Jul 29, 2024, 11:31 AM
Yes, Isolation of funds. In case if attacker has access to the extended public keys and one of the private keys derived from it still the remaining funds from the main source will be secure so this is practically useful when accepting payments online stores so that you can avoid losing all your funds if they are hacked.
4 Reply Quote Share
pixel2014Hero Member
Posts: 857 · Reputation: 4132
#4Jul 29, 2024, 03:04 PM
I do not think it is useful this way. While paying online, people can only see the bitcoin address. The private key can not be leaked. When problem can occur is if one of the private keys is leaked and the master public key is also known. All other private keys can be derived from unhardened child private key and master public key. Although, no one will want to be careless with his child private keys and master public keys, but the hardened derivational path makes accessing other child private keys and the master private keys impossible if possible something like that would occur.
1 Reply Quote Share
im_apeHero Member
Posts: 629 · Reputation: 3824
#5Jul 29, 2024, 09:04 PM
It may work in a certain scenario when using one seed for different coins. If you derive their child master keys at non-hardened paths and the coin protocol or the implementation of it is broken and leaks your child private key (broken DSA) and master public key (broken/weak communication protocol), then your "other wallets" could be at risk too.
0 Reply Quote Share
jake.chainSenior Member
Posts: 280 · Reputation: 1307
#6Jul 30, 2024, 12:14 AM
I can't see any reason to do this. You should be using hardened paths at every level which does not require watch only functionality. The whole point of unhardened paths is to allow the export of an xpub to another wallet or service and the generation of new child public keys without needing any of your private keys. By adding an unhardened path before a hardened one, you don't gain anything. You can't derive the hardened path without using the xprv anyway, and exporting the xpub at the unhardened path doesn't let you create a watch only wallet at the hardened path.
4 Reply Quote Share
def1777Full Member
Posts: 194 · Reputation: 685
#7Jul 30, 2024, 05:50 AM
People should always use hardened derivation. Hardened derivation was created because unhardned key derivation has a potential risk. If one of your private keys leaks, all the other ones may be derived from it. Hardened derivation solves that problem. I remember to read it in mastering bitcoin. https://www.oreilly.com/library/view/mastering-bitcoin/9781491902639/ch04.html
3 Reply Quote Share
jake.chainSenior Member
Posts: 280 · Reputation: 1307
#8Jul 30, 2024, 08:12 AM
Hardened and unhardened derivations were defined simultaneously in BIP32. One wasn't created in response to the other. A private key on its own is insufficient to derive any other key, be that parent, sibling, or child. It is the combination of a private key and the parent public key and parent chain code (as is revealed in the parent extended public key) which reduces the equation for unhardene derivation to a single unknown (the parent private key) and allows it to be calculated.
3 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#9Aug 1, 2024, 06:12 PM
I agree that hardened key derivation should be used by the average person, but unhardened derivation was very much purposefully created. It's when you want to share a list of addresses with some third party. For instance, you might have a client who is sending you bitcoin often. Instead of bothering to give them an address, you can just give an extended public key once. You could choose a particular account from the derivation path to be used unhardened just for that particular case, and use hardened everywhere else.
0 Reply Quote Share

Related topics