Skip to content

Update 0015-slatepack.md - fix for mimblewimble/grin-wallet#663 #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Anynomouss wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update 0015-slatepack.md - fix for mimblewimble/grin-wallet#663 #92

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6e6a041
Update 0015-slatepack.md - doc fix to address mimblewimble/grin-walle…
Anynomouss Oct 9, 2025
ed420d6
Update 0015-slatepack.md
Anynomouss May 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions text/0015-slatepack.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,9 +78,15 @@ ed25519 keys are bech32 encoded as `SlatepackAddresses` rather than x25519 keys

#### Key Generation

Keys used in `SlatepackAddresses` are derived from a path from the master seed in a given wallet account. Currently the wallet uses separate derivation paths: one for the private bytes used for the blinding factor keys and one for the private bytes used to derive the ed25519 keys used to derive Tor onion addresses. ed25519 keys used for a `SlatepackAddress` are derived from this second derivation path of the master seed.
Keys used in `SlatepackAddresses` are derived from a path from the master seed in a given wallet account. Currently the wallet uses separate derivation paths: one for the private bytes used for the blinding factor keys and one for the private bytes used to derive the ed25519 keys used to derive Tor onion addresses. ed25519 keys used for a `SlatepackAddress` are derived from this second derivation path of the master seed.
Find below an example of ouptput and key derivation.

`SlatepackAddress` keys may be derived in parallel to the blinding factor derivation path such that a unique `SlatepackAddress` is derived each time a new blinding factor is derived for a transaction to satisfy the requirement for a unique `SlatepackAddress` to be used for each transaction by default.
|Account|OutputKeys |SlatepackAddress key(s)|
|-------|------------|----------------------|
|m/0 | m/0/1/x |m/0/1/x |
|m/1 | m/1/1/x |m/1/1/x |

In _grin-wallet_ the x for slatepack address generation is currently fixed (`x=0`) per account. `SlatepackAddress` keys may be derived in parallel to the blinding factor derivation path such that a unique `SlatepackAddress` is derived each time a new blinding factor is derived for a transaction to satisfy the requirement for a unique `SlatepackAddress` to be used for each transaction by default.

@aglkm aglkm May 29, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If my understanding is correct and in derivation path (depth=2) we use: 0 for outputs and 1 for slatepack addresses, then the above example is wrong.
Should be:

Account OutputKeys SlatepackAddress key(s)
m/0 m/0/0/x m/0/1/x
m/1 m/1/0/x m/1/1/x

@Anynomouss Anynomouss May 29, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are correct. I think I copy pasted a column and forgot to change the values 🤦‍♂️.


In a future update it may be desirable to encode the derivation path for the `SlatepackAddress` for a given encrypted `SlatepackMessage` somewhere so that the x25519 decryption keys can be derived without grinding down the path to find the right key to use.

Expand Down