• Welcome to forex.pm forex forum binary options trade. Please login or sign up.
 

HD Wallets, XPUB and child private key leaks

Started by Bitcoin, Mar 20, 2022, 06:26 am

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Bitcoin

HD Wallets, XPUB and child private key leaks

So some generalisations on xpubs and current wallet providers.



  • Ledger and Trezor wallets can create xpubs which can show all transactions of a wallet

  • When a passphrase is added, this counts as a new set of private keys along with a new xpub

  • The children public addresses created from sending/receiving bitcoin are bound only to the xpub from the mnemonic phrase + passphrase i.e. if you create a new passphrased wallet it will have a new xpub

  • Children created by these wallets are not hardened

  • If an xpub is leaked for a mnemonic phrase + passphrase, if you have any of the children's private keys, you can compromise the entire wallet linked to the xpub and all other children, hardened or non-hardened BUT the attacker will not be able to compromise any other meomonic phrase + paassphrase you have as it has a different xpub, and ultimately different children


My question, assuming the above is correct, it's becoming more commonplace for 3rd parties (i.e. tax tools) to make use of xpubs - I want to know how it's even possible to leak a childs private key on a trezor or a ledger as none of the outputs are able to leak these, unless I'm wrong.


Just want to make sure I'm not leaving myself too open.


Source: HD Wallets, XPUB and child private key leaks