Rusty Russell on Nostr: It seems to me that you could prove a hardened derivation or a BIP-39 derivation. ...
It seems to me that you could prove a hardened derivation or a BIP-39 derivation. Unfortunately this reveals your secret key, so you need to either use a (quantum resistant!) ZKP, or a two-stage reveal: hash of the proof, what outputs you will spend, and an indication of what address you want to transfer the coins to, then after that is mined, you do the spend at put the derivation in the annex (or, for non-taproot, in an OP_RETURN).
Published at
2025-03-16 21:00:30Event JSON
{
"id": "fae4aef9854299f491e05da9c17134f5c88762d7d5942d0c8763446ee802268c",
"pubkey": "f1725586a402c06aec818d1478a45aaa0dc16c7a9c4869d97c350336d16f8e43",
"created_at": 1742158830,
"kind": 1,
"tags": [
[
"e",
"17e9bf3756763cf3c44d984a5cb5818b63deb7265377cc94e635bba87e01a5ca",
"",
"root"
],
[
"e",
"3bb7a5c8689bc14b6aa8a88244bc7d1656f351e79e8c8c49944a56493b362472"
],
[
"e",
"509cfbb218d1e6eaefa8f99696d5522cfa817a57e6f0af69e694b79cd447ef93",
"",
"reply"
],
[
"p",
"f728d9e6e7048358e70930f5ca64b097770d989ccd86854fe618eda9c8a38106"
],
[
"p",
"44ff3972ba6aa5a9d42ec245135092e4cbba46a7610ef6fbd3adeb83e8828647"
]
],
"content": "It seems to me that you could prove a hardened derivation or a BIP-39 derivation. Unfortunately this reveals your secret key, so you need to either use a (quantum resistant!) ZKP, or a two-stage reveal: hash of the proof, what outputs you will spend, and an indication of what address you want to transfer the coins to, then after that is mined, you do the spend at put the derivation in the annex (or, for non-taproot, in an OP_RETURN).",
"sig": "0137c2ae21e67fcc4ed38baa2578d5d8826b6dd12ba74d7b07a13687a62b04340323dbba317aa00d9b4668b33132fef2198b031911f054b5013e80b351d3f40d"
}