Time to admit defeat on this. I think I spent 24 hours trying to make it work with my standard that I want, but nope. I've been hitting the same wall everyone else has and can't break/pass it. Maybe one day i could, but not today sadly. Archiving this (in my head) and moving on.

Yes I had a similar idea along time ago / a bit after i join nostr, but what i was trying to achieve the past week was, from the looks of it, was an impossibility (until i or someone else figures out a workaround solution somehow). What can be done: Parent npub > hardened(child-0) Parent npub says to the world 'I authorize this random npub to represent me' The parent knows that the child actually came (derived) from them, but because it is hardened, the public can never confirm this, as such, to the public, they view this as a 'random npub'. Can the public verify that a child came from a parent? Yes, if the child isn't hardened, however, as a result, if the child private key leaks, then the parent private key also leaks, defeating point of this whole thing. The problem that I couldn't solve: Can the public verify that a child came from a parent, without risking the parent private key? Unfortunately the answer after trying was: no. I've hit the wall same as everyone else and couldn't figure out a workaround.

Why is it necessary to prove that a child comes from a parent? What are the benefits?

Clunky solution for number 1: >Create a 12-word mnemonic phrase for a reproducible Border Wallet. >Pick a 24-word mnemonic phrase from there. >Publish 1kind event with the original 12-word Border Wallet. >If the private key leaks, Rotate to other 24-word mnemonic phrase from the original Border Wallet. >publish how you got the private key/NPUB and the 24-word mnemonic phrase. Timestamp it before the attacker on both the old and new npub. >Third parties can verify that you are the original owner. Just rotate the keys as you wish.