Pseudo-Random Deterministic Keys with Server-Side Public Keys and Client-Side Private Keys

Today I am happy to unveil the keys app, which is a way to create and manage the keys used in what will soon be the EarthBucks wallet, as well as other EarthBucks products such as messaging.

The keys app is not just an app. It is also an API that is used by the client and the server to generate keys for the wallet and messaging.

The new tool is designed to have the following properties:

• Users have one (active) master key which is used to deterministically derive new keys.
• The new keys should be pseudo-random and unpredictable to third parties.
• The public keys need to be generated on the server so that users can passively receive transactions and messages.
• The private keys need to be generated on the client (your web browser) so that users can sign transactions and messages and there is no central server that can compromise the private keys.

Here’s how it works. Every user on EarthBucks has a master key that is used to log in. For each new key, entropy is generated that is stored in the database. The entropy is a 32 byte random number, called $a$. The server also has a separate piece of entropy called $b$ which is shared across all keys. These two pieces of entropy are combined together using the blake3 mac function to find $c = \text{mac}(a, b)$.

The new key that is generated is not available on the database (in case it were ever compromised) and is only ephemerally available on the server when rendering a new key. Call the user’s master private key $d$. The new derived private key, only available on the client, is $e = d + c \mod n$, where $n$ is the order of the elliptic curve (secp256k1). The new derived public key, derivable on the client, is $E = e \cdot G$ where $G$ is the generator point of the elliptic curve. The public key can also be derived on the server by knowing $C = c \cdot G$, and then $E = C + D$ where $D$ is the user’s master public key (known to the server).

Now that the server can generate new public keys (and the user can generate the corresponding private keys), the next step is to generate the mint transaction in each block and the corresponding payment to each user for mining shares.