nips/06.md
Arman The Parman 991afd90f4
Update 06.md
Added note about Shnorr signatures, and removed point 3 as it is true only for ECDSA signatures.
2024-06-20 00:09:57 +10:00

2.4 KiB

NIP-06

Basic key derivation from mnemonic seed phrase

draft optional

BIP39 is used to generate mnemonic seed words and derive a binary seed from them.

BIP32 is used to derive the path m/44'/1237'/<account>'/0/0 (according to the Nostr entry on SLIP44).

A basic client can simply use an account of 0 to derive a single key. For more advanced use-cases you can increment account, allowing the generation of practically infinite keys from the 5-level path with hardened derivation.

Other types of clients may choose to get fancy and use other derivation paths for their own alternative purposes.

Because Nostr uses Schnorr signatures standard for the curve secp256k1, public keys have extra compression compared to Bitcoin ECDSA compressed public keys, meaning that the y-coordinate is not only omitted, but parity is not even indicated with the '03'(odd), nor '02' (even) prefixes. In other words, only the x-coordinate is included without any extra prefix marker. This matters in three contexts (there may be others):

  • When borrowing code from Bitcoin public/private key ECDSA cryptography. This will output 33-byte public keys with a 02/03 prefix (compressed) or 04 (uncompressed). The first byte (prefix) needs to be removed.
  • Conversion of a public key, to bech32. The pure x-coordinate value without prefix must be used as the input, not a compressed public key.

Test vectors

mnemonic: leader monkey parrot ring guide accident before fence cannon height naive bean
private key (hex): 7f7ff03d123792d6ac594bfa67bf6d0c0ab55b6b1fdb6249303fe861f1ccba9a
nsec: nsec10allq0gjx7fddtzef0ax00mdps9t2kmtrldkyjfs8l5xruwvh2dq0lhhkp
public key (hex): 17162c921dc4d2518f9a101db33695df1afb56ab82f5ff3e5da6eec3ca5cd917
npub: npub1zutzeysacnf9rru6zqwmxd54mud0k44tst6l70ja5mhv8jjumytsd2x7nu


mnemonic: what bleak badge arrange retreat wolf trade produce cricket blur garlic valid proud rude strong choose busy staff weather area salt hollow arm fade
private key (hex): c15d739894c81a2fcfd3a2df85a0d2c0dbc47a280d092799f144d73d7ae78add
nsec: nsec1c9wh8xy5eqdzln7n5t0ctgxjcrdug73gp5yj0x03gntn67h83twssdfhel
public key (hex): d41b22899549e1f3d335a31002cfd382174006e166d3e658e3a5eecdb6463573
npub: npub16sdj9zv4f8sl85e45vgq9n7nsgt5qphpvmf7vk8r5hhvmdjxx4es8rq74h