bip32 hd wallets – How does the extended key derivation process work in Electrum?
I’m trying to replicate some of Electrum’s features in an effort to understand the Bitcoin protocol. From what I gathered from BIP-32, there are three subkey derivation functions:
- Private parent key –> Private child key
- Public parent key -> public child key
- Private parent key -> public child key
I started with the following sample mnemonic: ancient inflict imitation valve load doctor march tackle time risk shoot urban. It was successfully derived. master private key and master public key. However, when I try to derive the public key associated with the path shown as follows: m/0/0 Results are inconsistent depending on your wallet. I’ve tried many chord tweaks (key strengthening, different depths, etc.) with varying results. The expected results are:
- Public key: 022586d491bc387b161959e25d05772e98814da69215a3152b54e4d1ae0c1a4168
- Address: bc1q83ljq9ad7rck4vdz0l7f7rr2zsprgn8rtvpmpa
I believe the main reason for the incorrect results is a misunderstanding of the functionality. A few things that aren’t clear to me are:
- why chain code If they seem to have been obtained through different processes, are they the same?
This extension, called the chaincode, is identical for the corresponding private and public keys and consists of 32 bytes.
- Wouldn’t the public key normally be expected to be derived independently from the private key via scalar multiplication? There seems to be two additional routes An extended public subkey according to BIP-32, i.e. derived in some other way from a public parent key or a private parent key.
- The private parent key –> public subkey path contains “neutered” Height. What is a “neutered” key and what does it mean?
