Key Derivation

StarkWare recommends two methods for starkPrivateKey derivation:

  • BIP32 compatible wallets should implement EIP-2645. In this context, wallets are expected to be stateful of their own Ethereum address.

  • Non BIP32 wallets should implement the methodology presented at the bottom of the current page

The starkKey value derives from a path called starkPath that consists of four passed parameters and two internal parameters as described below, and has the following structure: m/purpose'/layer'/application'/ethAddress1'/ethAddress2'/index

Passed parameters

  • purpose - 2645

  • layer - Differentiate between technologies, defined as sha256(layer) & ((1 << 31) - 1))

  • application - Differentiate applications, defined as sha256(application) & ((1 << 31) - 1))

  • index - Allow multiple keys per Ethereum address

Internal parameters

  • ethAddress1 - 31 LSB of the user ethereum address (i.e. ethAddress & ((1 << 31) - 1))

  • ethAddress2 - 31 following LSB of the user ethereum address (i.e. (ethAddress >> 31) & ((1 << 31) - 1))

Derivation methodology for BIP32 wallets

The implementation details are available in EIP-2645 description.

Derivation methodology for non-BIP32 wallets

pk = Ethereum Private Key
sign = ECDSA on secp256k1
ethAddress1 = ethAddress & ((1 << 31) - 1)
ethAddress2 = (ethAddress >> 31 ) & ((1 << 31) - 1)
N = secp256k1 curve order
n = Layer2 curve order (available in the cryptography section)
path = "m/purpose'/layer'/application'/ethAddress1'/ethAddress2'/index"
i = 0
​
root_key = bip39
.fromSecret(pk).derivePath(path)
.getWallet()
.getPrivateKeyString()
while True:
key = _hash(root_key.to_bytes(32,byteorder='big') + i.to_bytes(1,byteorder='big'))
if (key < (N - (N % n))):
return key % n
i++