# # key

## # Mnemonic

Bytom already supports the BIP39 protocol. Learn specific information about the protocol:https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

## # Seed generates private key

• Input: A seed with a length of 64. The source of the seed can be randomly generated or calculated from the mnemonic.
• Output: a private key of a length of 64
$xprv = hmac(sha512, seed, []byte{'R', 'o', 'o', 't'})$ xprv[0] &= 248
$xprv[31] &= 31$ xprv[31] |= 64


## # Private key generates public key

• Input: a private key of length 64
• Output: a public key of length 64
$xpub[:32] = edwards25519.GeScalarMultBase(xprv[:32])$ xpub[32:] = xprv[32:]


## # Sub-private key derivates from private key

• Input: private key with a length of 64, byte array of derivation path
• Output: sub-private key with a length of 64
$xpub = xprv.XPub()$ child_xprv = hmac(sha512, []byte{'N'} + xpub[:32] + derive_path, xpub[32:])
$child_xprv[0] &= 248$ child_xprv[29] &= 1
$child_xprv[30] = 0$ child_xprv[31] = 0
 carry = 0
$for i := 0; i < 32; i++ {$     sum := int(xprv[i]) + int(child_xprv[i]) + carry
$child_xprv[i] = byte(sum & 0xff)$     carry = (sum >> 8)
$}  ## # Sub-public keyderivates from public key • Input: private key with a length of 64, byte array of derivation path • Output: sub-private key with a length of 64 $ child_xpub = hmac(sha512, []byte{'N'} + xpub[:32] + derive_path, xpub[32:])
$child_xpub[0] &= 248$ child_xpub[29] &= 1
$child_xpub[30] = 0$ child_xpub[31] = 0
$f = edwards25519.GeScalarMultBase(child_xpub[:32])$ p = edwards25519.Point(xpub[:32])
$child_xpub[:32] = edwards25519.AddPoint(p, f)  ## # The private key is expanded to the private key for signing • Input: private key of a length of 64 • Output: Extended private key with a length of 64 $ expanded = hmac(sha512, xprv, []byte{'E', 'x', 'p', 'a', 'n', 'd'})
\$ expanded[:32] = xprv[:32]

Last Updated: 7/28/2021, 5:47:49 PM