I am reading about key derivation in chapter 5 of the book "Mastering Bitcoin" by Andreas, along with this detailed thread and BIP-32. Here are some of my understanding about these two procedures:
k: private key // K: public key // i: index // c: chain code // H: HMAC hashing result // Hleft: the first 32 bits of the hash result. // n: order of Ecliptic Curve. // G: starting point of Ecliptic Curve
Normal Key Derivation
Case 1: parPrivkey -> childPrivkey (and from that, childPubkey)
H = HMAC(cpar, Kpar || ichild)
=> kchild = (kpar + Hleft) mod n
=> Kchild = G*kchild = G*[ (kpar + Hleft) mod n)]
Case 2: parPubkey -> childPubkey
H = HMAC(cpar, Kpar || ichild)
=> Kchild = G*Hleft + Kpar
Hardened Key Derivation
Case 3: parPrivkey -> childPrivkey (and from that childPubkey)
H = HMAC(cpar, kpar || ichild)
=> kchild = (kpar + Hleft) mod n
=> Kchild = G*kchild = G*[ (kpar + Hleft) mod n]
Given those 3 methods I have some pretty confusion:
kchild = (kpar + Hleft) mod n by G to get that in case 2. Nevertheless, since there is a factor mod n at the end, I couldn't tell whether Kchild of case 1 will relate to that of case 2. If it does not, then what's the point of generating just public key without being able to spend the fund sent to to it?Thank you very much in advance.