Key Derivation

Key derivation is the process of deriving new keys from a “base” key and some “base” derivation data. This is important to enable pseudonymity by using different keys with different peers and services.

The current recommended method is a deterministic hash method that is similar to BIP-32. It uses a base key and a randomly generated base 32 byte hash value. Then by adding the index and base hash value using some specific calculations a new hash is derived. That hash is added to the base key to derive a new key. The hash can be communicated to anyone who needs to derive the key without providing the full derivation data. The method of adding the hash to the key can be done with public or private keys and will result in the same corresponding keys. This allows services to derive public keys without knowing the private keys which would be required to sign messages or encrypt/decrypt messages.