Ethereum: Understanding Why BIP44 Uses Non-Hardened Paths
In the world of cryptocurrency, private key management is a critical aspect of securing transactions. The Ethereum Virtual Machine (EVM) provides multiple levels of derivation to protect private keys, ensuring they remain secure even in the event of a wallet compromise or theft. However, the default behavior for deriving private keys from a private key derivation function (PRD) such as BIP44 does not always use hardened paths.
What are Hardened Paths?
Hardened paths refer to a specific type of private key derivation that uses multiple rounds of hashing to derive multiple layers of keys. These layered keys are designed to be more secure than regular public-key cryptography, where only the final derived key is used for transactions.
In contrast, non-hardened paths use a single round of hashing to generate the entire keychain, making it more vulnerable to compromise if an attacker gains access to the private key.
BIP44: A Key Derivation Function
BIP44 is a widely used private key derivation function that generates a keychain for Ethereum wallets. The function takes several inputs as parameters and returns a set of keys that can be used to sign or broadcast transactions on the Ethereum network.
However, BIP44’s default behavior does not use hardened paths at all. When generating an account address, the function uses a non-hardened path, which means it only hashes the private key once to derive the key for the specified chain type (e.g., Bitcoin, Ethereum, or other coin). This is in contrast to more secure derivations, such as BIP39 or BIP44’s hardened paths.
Why Hardened Paths are Necessary
Hardened paths offer several benefits over non-hardened paths:
- Improved security: By generating multiple layers of keys, hardened paths make it much harder for an attacker to compromise the private key.
- Increased security: The use of multiple rounds of hashing makes it more difficult for attackers to recover sensitive information from a compromised wallet.
- Reduced risk of wallet compromise: With hardened paths, wallets are less vulnerable to being used as a launchpad or in a phishing attempt.
Conclusion
BIP44’s default behavior does not use hardened paths at all, which is why it may appear less secure than more advanced private key derivation functions like BIP39. However, the benefits of using hardened paths far outweigh any potential drawbacks, making them an essential component of secure Ethereum wallet management.
As the Ethereum ecosystem continues to evolve, it will be interesting to see how developers and users adapt to these changes in private key management. One thing is certain: the use of hardened paths is a step in the right direction towards building more secure and resilient cryptocurrency wallets.