I’m trying to replicate some of Electrum’s features to help me understand the Bitcoin protocol. From what I gathered from BIP-32, there are three subkey derivation functions:
- Private parent key –> Private child key
- Public parent key -> public child key
- Private parent key -> public child key
I started with the following sample mnemonic: ancient inflict imitation valve load doctor march tackle time risk shoot urban. It was successfully derived. master private key and master public key. However, when I try to derive the public key associated with the path shown as follows: m/0/0 Results are inconsistent depending on your wallet. I’ve tried many code tweaks with varying results. The expected results are:
- Public key: 022586d491bc387b161959e25d05772e98814da69215a3152b54e4d1ae0c1a4168
- Address: bc1q83ljq9ad7rck4vdz0l7f7rr2zsprgn8rtvpmpa
I believe this is due to a misunderstanding of the function itself. A few things that aren’t clear to me are:
- why chain code If they seem to have been obtained through different processes, are they the same?
This extension, called the chaincode, is identical for the corresponding private and public keys and consists of 32 bytes.
- Wouldn’t the public key normally be expected to be derived independently from the private key via scalar multiplication? There seems to be two additional routes An extended public subkey according to BIP-32, i.e. derived in some other way from a public parent key or a private parent key.
- The private parent key –> public subkey path contains “neutered” Keys. What are the “neutered” keys and what is this?