Derived Keys

• Purpose: Derived keys are used to provide a layer of anonymity by acting as temporary, disposable key-pairs for specific transactions or limited-time operations.

• Identity Abstraction: Organizations or parties use derived keys to abstract their identity, allowing them to interact anonymously within a system.

Generation

• Private Key Maintenance: The user retains their private key, which is never shared.

• Random Salt Generation: The user generates a random salt, a unique value used in the key derivation process.

• Salt Sharing: The user shares this salt with other involved parties. The salt allows these parties to derive the corresponding public key from their own extended public key.

• Public Key Derivation: The other party can use the shared salt to derive the corresponding public key. This public key can then be used to verify identities and perform cryptographic operations.

• Signing with Private Key: The original user can derive the specific private key using the same salt and use it to sign transactions or messages.

• Verification: The other party, knowing the salt and public key, can verify the signed messages, ensuring that the transaction or communication is legitimate.

Only the parties with the shared salt can perform these operations, which keeps the identity and transaction details private from third parties.

PrivateKey derivation and PublicKey derivation

• Private Key Derivation: The private keys is derived directly from a seed or master key using cryptographic algorithms like BIP-32 or SLIP-0010. This process involves a hierarchical deterministic (HD) structure where the child private keys are generated from a parent private key using hardened key derivation paths.

• Public Key Derivation: In contrast, public keys can be derived either from the corresponding private key or, in some non-hardened scenarios.

INFO

For more detailed information, checkout: Sui's Key Derivation Scheme

Address Resolution Service (ARS):

Derived keys ensure that data on the public blockchain cannot be traced back to a single organization or sender. To accomodate trade while maintaining anonymity using derived keys, the Address Resolution Service (ARS) is used.

ARS helps mapping addresses with derived keys along with access control mechanism ensures that only authorized entities can resolve a single-use address to its origin, with necessary verifications.