The Limits of Bitcoin Derivations: Can All Seeds Generate All Public Keys?
Bitcoin’s unique cryptography is based on the BIP 32 derivation path, which allows users to create multiple public keys from a single seed. Although this concept provides seemingly unlimited possibilities for generating new keys, a closer look reveals that not all seeds can generate every possible combination of derivations.
What are BIP 32 derivations?
In Bitcoin’s BIP 32 protocol, a “seed” is a key from which multiple public keys are derived. These derivation paths are created according to the following rules:
- Each derivation path consists of a set of two parameters:
m, the parent key (a leaf node), andn, the number of concatenation of the root key.
- The first parameter,
m, can be either a single leaf node (e.g. 0) or an empty string ('').
- The second parameter,
n, specifies the number of times the parent key should be chained.
By combining these two parameters in various ways, users can create multiple derivations that ultimately produce different public keys. For example:
| m | n | derivation path |
| — | — | — |
| 0 | 2 | “m=0,n=2” |
| 0 | 3 | “m=0,n=3” |
| 1 | 2 | “m=”,n=2″ |
| … | … | … |
Theoretical Limits of Derivations
When examining the possible combinations of BIP 32 derivation paths, it becomes clear that not all seeds can produce every possible combination. The main reason for this limitation is that each seed is associated with a specific set of public keys.
In Bitcoin, a user’s private key (hence their seed) corresponds to a unique public key (P). To create multiple public keys from the same seed, users must derive different roots from the same parent key. However, since each derivation path requires two parameters (m and n), there are only 2^n possible combinations.
For example, let’s take a user with a seed who produces two different public keys:
- P1 (root) | hash of root | derivation path
| — | — | — |
| a | abcdefg | “m=0,n=2” |
| h | xyzdefgh | “m=”,n=2″ |
As you can see, there are only two possible derivation paths for each seed (since m and n can take values ββββfrom 0 to 1). This is because each derivation path requires a specific combination of the parent key (m) and the number of concatenation (n). No matter how many seeds you have, not all derivation combinations will produce every possible public key.
Conclusion
While it may seem that Bitcoin’s BIP 32 derivation system provides unlimited possibilities for generating new keys, the reality is more nuanced. The theoretical limits of derivations mean that not all seeds can generate every possible combination of roots and derivations, resulting in a finite set of public keys associated with each seed.
In practice, users can still create multiple distinct public keys from a single seed using various techniques, such as using different values ββββfor m or n. However, the inherent limitations of BIP 32 derivations mean that not all seeds generate every possible combination of derivation paths, ultimately limiting the number of public keys available.
