Builder Vault also supports non-hardened key derivation for some Schnorr-based signing schemes, such as EdDSA (Ed25519 and Ed448).

📘

RFC 8032, BIP32, and SLIP10

According to RFC 8032 Section 5.1.5, a private EdDSA key is a seed from which the raw private scalar value is derived. Due to this extra derivation, EdDSA private keys (i.e., seeds) are not compatible with non-hardened BIP32 key derivation. For this reason, SLIP10 (which generalizes BIP32 to other curves) only defines hardened derivation for EdDSA.

When you generate an EdDSA key in the TSM, on the other hand, there is no seed. Instead, the TSM generates a random sharing of the raw private scalar value, as well as a random master chain code. In addition, for each signature, the TSM samples a uniformly random nonce. The fact that the TSM uses raw EdDSA keys like this, allows us to support non-hardened EdDSA key derivation.

The fact that the TSM generates the private EdDSA key as a raw scalar value has consequences if you want to import an EdDSA seed from another wallet into the TSM which uses RFC 8032 derivation. See this section for more about key import.

Code Example

You can code examples showing how to generate derived public EdDSA keys and sign using derived private EdDSA keys according to a non-hardened derivation path in our demo repository (Go, Java, node.js).