BLS Keys

BLS keys are used to securely sign data in a verifiable way. One of the key features that sets BLS apart from other cryptographic methods is the ability to aggregate multiple signatures together and still maintain verification ability without having to know any of the involved secret keys.

In Chia, a mnemonic phrase is used to create a seed, which is then used to generate a Private Key. This master Private Key can then be used to derive child-keys in a Hierarchical Deterministic (HD) manner. We can then reference these keys based on their HD Path.

The HD Path is much like a website URL or filesystem path, where m represents our master key, followed by 12381 which represents a BLS specific path, and then 8444 representing Chia specifically. In Chia, the main key paths in use are the Farmer key located at m/12381/8444/0, the Pool key located at m/12381/8444/1, and the Wallet key located at m/12381/8444/2.

A key feature of Chia is the ability to derive Observer Keys. With non-observer keys, you can only derive a child-key from a private key, but with Observer Keys you can generate an unhardened Public Key which can be used to derive child-keys beneath it. This functionality is what allows XCH Balance to derive wallet addresses from a user’s Master Public Key or Wallet Public Key. The main security drawback of observer keys is that if you accidentally reveal a single child Private Key, along with the parent Public Key, then your parent private key and all sibling keys can be calculated as well. For example, if someone had your Master Public Key and your Farmer Private Key, they would be able to calculate your Master Private Key and all child-keys. For this reason, it is strongly recommended to use your Wallet Public Key on this website instead of your Master Public Key. To learn about deriving a Wallet Public Key, see Using This Site.

Non-Observer addresses can only be derived using Private Key derivation, but each child-key is cryptographically separate and can not be used to derive sibling or parent keys. Because of this, any balance held on a non-observer address will not be visible when using an Observer Public Key to derive addresses.