When a BIP44 XPUB and one of its descendant keys get leaked, what's the worst that can happen?


I understand that BIP44 has one edge case vulnerability where if a hacker gets his hands on an Xpub and a private key from its descendants, he can compute the Xprv pair of the original Xpub and therefor get access to every single private key of its descendants.

I'm trying to implement a system where Xpub can be shared without risking too much security and wanted to confirm my understanding. Here's the situation:

  1. Let's say Alice has a wallet with multiple accounts, for example m/44'/0'/0', m/44'/0'/1', m/44'/0'/2', and so on.
  2. Alice shares just one Xpub at path m/44'/0'/0' with Bob.
  3. Bob can derive the descendant public key tree with paths such as m/44'/0'/0'/0/0, m/44'/0'/0'/0/1, m/44'/0'/0'/0/2, and so on.
  4. Bob ONLY has access to the derived PUBLIC KEYS at above paths.
  5. For some reason, Alice's PRIVATE KEY at path m/44'/0'/0'/0/2 is leaked.

In this case, is the worst case scenario that Alice gets compromised up to m/44'/0'/0' only, and her other key trees m/44'/0'/1', m/44'/0'/2', and so on are safe? (Meaning her private keys like m/44/0'/1'/0/0, m/44/0'/2'/0/2, are not affected by the leak)


Posted 2020-10-19T16:20:16.910

Reputation: 257

Looks like you've answered your own question? If not, what is the question? – Tony Sanak – 2020-10-19T16:42:52.760

1I just wanted to confirm that I am not misunderstood. So does this mean my "answer" to my question is correct? Also am i missing anything else that might go wrong? – Vlad – 2020-10-19T16:45:55.977

No answers