Key Derivation

StarkWare recommends two methods for starkKey derivation, depending on the type of the wallet:

  • BIP32 compatible wallets, e.g. Ledger.

  • Non BIP32 wallets.

BIP32 Compatible Wallets

BIP32 compatible wallets should implement EIP-2645. This EIP describes a path, called starkPath and a key derivation algorithm that uses this path to derive the starkPrivateKey.

The starkPath consists of four passed parameters and two internal parameters as described below, and has the following structure: m/purpose'/layer'/application'/ethAddress1'/ethAddress2'/index

Passed Parameters

  • purpose - 2645

  • layer - Differentiate between technologies, defined as sha256(layer) & 1 << 31) - 1. In the context of starkex, the value would be 579218131 as described in EIP-2645.

  • application - Differentiate between applications, defined as sha256(application_name) & 1 << 31) - 1.

  • index - Allows multiple keys per Ethereum address.

Internal Parameters

  • ethAddress1 - 31 LSB of the user Ethereum address (i.e. ethAddress & 1 << 31) - 1

  • ethAddress2 - 31 following LSB of the user Ethereum address (i.e. (ethAddress >> 31) & 1 << 31) - 1

Note that BIP32 compatible wallets are expected to be stateful of their own Ethereum address.

Non-BIP32 Wallets

The derivation of starkKey proceeds in 2 steps:

  1. The user signs a message, using his Ethereum signature (e.g. using MetaMask). It is recommended to use EIP712 in order to provide transparency to the user when they are signing the message. An important recommendation is to add a warning inside the message that the user should only sign this message if it was sent from a specific domain (as in Image 1).

  2. The signature (r,s,v) is used as an input to the grinding algorithm that outputs the starkPrivateKey . You can use StarkEx crypto SDK to derive the key. Call the function getPrivateKeyFromEthSignature to generate the private key from the signature and then privateToStarkKey to comput the StarkKey.

Image 1 - A MetaMask pop-up when a user is requested to sign using the Ethereum key in order to generate a private STARK key. The message contains a warning to sign only messages from a specific domain