The Limits of Bitcoin Derivations: Can All Seeds Produce All Public Keys?
Bitcoin’s unique cryptography is based on the BIP 32 derivation path, which allows users to create multiple public keys from a single seed. However, while this concept may seem like it offers limitless possibilities for generating new keys, a closer examination reveals that not all seeds can produce every possible combination of derivations.
What are BIP 32 Derivations?
In Bitcoin’s BIP 32 protocol, a “seed” is a key used to derive multiple public keys from. These derivation paths are created using the following rules:
- Each derivation path consists of a set of two parameters:
m
, which is the parent key (a leaf node) andn
, which is the number of times the root key should be concatenated.
- The first parameter,
m
, can be either a single leaf node (e.g., 0) or an empty string (''
).
- The second parameter,
n
, specifies how many times the parent key should be concatenated.
By combining these two parameters in various ways, users can create multiple derivations that ultimately produce different public keys. For example:
| m | n | Derivation Path |
| — | — | — |
| 0 | 2 | “m=0,n=2” |
| 0 | 3 | “m=0,n=3” |
| 1 | 2 | “m=”,n=2″ |
| … | … | … |
Theoretical Limits of Derivations
When examining the possible combinations of BIP 32 derivation paths, it becomes apparent that not all seeds can produce every possible combination. The main reason for this limitation is that each seed is associated with a specific set of public keys.
In Bitcoin, a user’s private key (i.e., their seed) corresponds to one unique public key (P). To create multiple public keys from the same seed, users need to derive different roots from the same parent key. However, since each derivation path requires two parameters (m
and n
), there are only 2^n possible combinations.
For example, consider a user with a seed that produces two distinct public keys:
- P1 (root) | Hash of root | Derivation Path
| — | — | — |
| a | abcdefg | “m=0,n=2” |
| h | xyzdefgh | “m=”,n=2″ |
As you can see, there are only two possible derivation paths for each seed (since m
and n
can take values from 0 to 1). This is because each derivation path requires a specific combination of the parent key (m
) and number of concatenations (n
). No matter how many seeds you have, not all combinations of derivations will produce every possible public key.
Conclusion
While it may seem like Bitcoin’s BIP 32 derivation system allows for limitless possibilities for generating new keys, the reality is more nuanced. The theoretical limits of derivations mean that not all seeds can produce every possible combination of roots and derivatives, resulting in a finite set of public keys associated with each seed.
In practice, users can still create multiple distinct public keys from a single seed using various techniques, such as using different values for m
or n
. However, the inherent limitations of BIP 32 derivations mean that not all seeds will produce every possible combination of derivation paths, ultimately limiting the number of available public keys.