delvingbitcoin

Unspendable keys in descriptors

Unspendable keys in descriptors

Original Postby andrewkozlik

Posted on: October 3, 2024 15:18 UTC

The discussion highlights the benefits and approaches for deriving chain code from Extended Public Keys (XPUBs) in a manner that is independent of their order.

This method would address concerns related to the sequence in which wallet policies or descriptors are applied, as well as unexpected behaviors observed with certain multi-signature setups. Proposed solutions include sorting the XPUBs before hashing the concatenated list, hashing each XPUB and then applying an XOR operation on the results, and hashing each XPUB followed by addition modulo 2^256. The latter two suggestions aim to overcome the issue where repeated XPUBs might negate each other in the calculation process, with the addition modulo 2^256 explicitly designed to ensure repeated XPUBs do not cancel out.

An alternative suggestion involves simplifying the process by focusing on a specific part of the XPUB, such as the compressed public key or the chain code itself, for direct use in calculations. This could potentially streamline implementation by allowing direct application of XOR or mod 2^256 sums without the need for hashing. However, this raises concerns about the possibility of malicious manipulation of chain codes by participants aiming to skew the resulting value to their advantage. Despite these concerns, it's argued that the risk does not significantly detract from the proposed methods' feasibility, as similar risks exist with the publication of deceptive XPUBs regardless of the calculation method employed.