Hierarchical Deterministic wallets aka HD wallets are a feature of bitcoin and similar cryptocurrencies with the goal of providing improved privacy and usability. Essentially, with some seed (i.e., a private ECDSA key) at the root you can derive so-called xPub keys (Extended Public Keys) which look completely random but in reality are deterministically computable bitcoin addresses which are controlled by the root private key.
For instance you can compute different xPubs to receive payments from different customers into the same (cold) wallet. The xPubs can even be computed by the sender. Such an approach provides much flexibility and clarity regarding who has paid what and for what purpose, and it is simple to use.
Another example would be employees receiving their pay in bitcoin. Using a HD wallet, they can provide a new xPub for each monthly payment, meaning that even people watching the blockchain cannot infer who is being paid what.
There are two ways of deriving xPubs from a root: hardened and non-hardened. To get the benefits above one typically has to use the non-hardened approach (as the hardened requires access to the private key). The problem is that non-hardened derivation has the security problem, that if the private key corresponding to an xPub address (derived from some parent or root) is somehow leaked, then the private keys of *all* “siblings” and the parent can be exfiltrated.
The antidote to this is hardened derivation, but this comes at a cost, namely that the xPubs cannot be computed from the parent public key alone, which reduces the usefulness of an HD wallet.
Multiparty computation (MPC), or Threshold Cryptography, offers a way to improve this state of affairs. Using MPC the private key is never in any one place (even when signing). Due to this, the security of the individual private keys can be greatly improved and the risk of exposure reduced. As a consequence, the security weakness of non-hardened key derivation is reduced.
%252C%2520Shadow%253DTRUE.svg)
.png)
