So, a few comments:
- BIP32 was originally designed only to produce secp256k1 private keys. If the output space has to be of a particular size, perhaps it would be helpful to redefine this proposal a bit to parameterize the key-derivation algorithm used to obtain the application-specific secret key. Something like
m / purpose' / algorithm' / ...where algorithm dictates what algo to use (instead of being a hard node), or re-interpretingmto be the algorithm type (m := secp256k1) and adding a registry of other algorithms (maybej := altbn128, which would look likej / purpose' / ...) - What type of Key Safety requirements do we need? This proposal will keep the original master key a secret (which seems like an obvious requirement), but how will application keys be requested? What prevents a malicious application from requesting keys for something it has no business accessing? This will be too complicated to rely on a wallet implementation to get right, or push to the end-user to approve applications to have access to particular paths.
Some other proposals: