Deterministic key derivation + EdDSA

(Konstantinos Chalkias) #1

I am looking on the Hierarchical Deterministic Key Derivation possibility, similarly to BIP32. I need to answer the following:

  1. Do we aim to allow signing and decryption with the same private key? Currently, we only utilise signatures and as I understand a TLS layer will be used for secure communication.
  2. Do we need non-hardened keys (ParentPublic -> ChildPublic)?
  3. As EdDSA is an alternative to Schnorr signatures, we could assume that s (named a in our code) is the actual private key and r=H_{b,.. ,2b-1}(k,M)} is only used to avoid nonce generation during signing (we can omit r for encryption purposes). Is there any specific feature of Twisted Edwards curves that do not allow us to only use the KeyPair = s,sB to {en,de}crypt, so we do the same with BIP32 for non-hardened keys?