zkDaily - 2026-03-07

零知识证明 zkDaily

ZKP Frontier Tracker 🎯

Sat

03.07

2026

Lattice HD Wallets: Post-Quantum BIP32 Hierarchical Deterministic Wallets from Lattice Assumptions

Paper

https://eprint.iacr.org/2026/380

Conor Deegan ML-DSA Raccoon-G

Deegan et al. proposed two post-quantum HD wallet constructions in their paper, recovering BIP32's public key derivation functionality based on lattice assumptions, including schemes using ML-DSA and Raccoon-G.

Notes

Two post-quantum HD wallet constructions recovering BIP32 public key derivation based on lattice assumptions
First uses ML-DSA for hardened derivation with proofs of unlinkability and unforgeability
Second uses Raccoon-G variant enabling non-hardened public key derivation via Gaussian-distributed secrets
Modified Raccoon-G to publish full unrounded public keys preserving linearity
Proved unlinkability and unforgeability under standard lattice assumptions
Introduced method for generating rerandomizable Raccoon-G key pairs from fixed randomness

Collected by @icerdesign

零知识证明 zkDaily

Q&A Deep Dive 💬

Sat

03.07

2026

What is the core idea behind BIP32 hierarchical deterministic wallets?

BIP32 allows a user to derive an entire tree of key pairs deterministically from a single master seed, simplifying key management and backups.

Why is it difficult to support BIP32-style non-hardened derivation in post-quantum systems?

Traditional HD wallets rely on the algebraic structure of elliptic curve public keys that allows simple linear operations to derive child keys. Most post-quantum signature schemes do not provide such structure.

How does the paper argue unlinkability between derived keys?

The authors show that derived keys are statistically close to independently generated keys, making it infeasible for an observer to determine whether two keys originate from the same derivation path.

Prompted by @icerdesign