How do you get blinded xpubs? Does it use hash to curve? Cashu uses this and i found it interesting.
I think about this stuff often.
Login to reply
Replies (7)
The protocol for blinded xpubs is actually pretty straightforward and easily done today (higher risk of losing funds though if you don’t know what you’re doing).
Here’s the original proposal and recovery examples using even something like caravan today: 
GitHub
GitHub - mflaxman/blind-xpub: A bitcoin proposal for how to blind xpub(s) such that possession of a given seed phrase reveals nothing about what it protects.
A bitcoin proposal for how to blind xpub(s) such that possession of a given seed phrase reveals nothing about what it protects. - mflaxman/blind-xpub
That’s what’s important about having a good domain model- it makes it easier to reason about code paths that should already be available to you.
Our current, rigid BIP32 path standards and the way many signers implement them are the real limiting factor to broader blinded xpub adoption.
Is the goal a BIP? Or would that be too constraining,
It could be but BIPs are a lot of work, more political than technical and it doesn’t need a BIP to work. Just broader understanding and adoption.
Makes sense. And i see the blinding is sprinkling in some entrophy to the descriptor path. Neat!