I need to deterministically extend public and private keys (ethereum). How can I do this, who can suggest an algorithm?

CodePudding user response：

The blog post linked in the question comments mentions risks related to generating vanity addresses from a deterministic source of randomness.

A vanity address is an address that contains a predefined set of bytes, for example starts with 4 zeros. These vanity tools use a loop to generate a random private key, its corresponding address, and validate if the address matches the criteria. If the address doesn't match the criteria, it runs another iteration of the loop.

Simplified example, looking for address starting with 0x1

1. Generate private key 0x123, its corresponding address is 0x456. Doesn't match the criteria, trying again.
2. Generate private key 0xd3f, its corresponding address is 0xb7c. Doesn't match the criteria, trying again.
3. Generate private key 0x837, its corresponding address ix 0x154. Success.

Some of these vanity tools generate private keys by using a deterministic seed generating algorithm, so it is possible (with some brute force guessing) to recreate the specific private keys that were used and reclaim access to these addresses.

A solution that is considered safe is to let each user generate their own pseudo-random seed. A great example is tracking the movements of their mouse cursor as you can see on this page.

Or generally, accept the seed from multiple sources - e.g. /dev/random from multiple physical machines.

Edit: Generating multiple addresses from an xpub:

const HDNode = ethers.utils.HDNode.fromExtendedKey("xpub661MyMwAqRbcGXSTUwJkaLaZFy6xdVk8XuRuSEFThgCPFEjrh9WAyREtMhuHA7XMMDXXTm41GfjKDCsLJ2fGfVp1ACyuDKwsShNcGWenHET");
const address0 = HDNode.derivePath("0").address;
const address1 = HDNode.derivePath("1").address;