I understand that BIP44 has one edge case vulnerability where if a hacker gets his hands on an Xpub and a private key from its descendants, he can compute the Xprv pair of the original Xpub and therefor get access to every single private key of its descendants.
I'm trying to implement a system where Xpub can be shared without risking too much security and wanted to confirm my understanding. Here's the situation:
- Let's say Alice has a wallet with multiple accounts, for example
m/44'/0'/2', and so on.
- Alice shares just one Xpub at path
- Bob can derive the descendant public key tree with paths such as
m/44'/0'/0'/0/2, and so on.
- Bob ONLY has access to the derived PUBLIC KEYS at above paths.
- For some reason, Alice's PRIVATE KEY at path
In this case, is the worst case scenario that Alice gets compromised up to
m/44'/0'/0' only, and her other key trees
m/44'/0'/2', and so on are safe? (Meaning her private keys like
m/44/0'/2'/0/2, are not affected by the leak)