Wallet HD Derivation Kit

Threat model

Assets and boundaries

Mnemonics, passphrases, seeds, private keys, and extended private keys are spend-authorizing secrets. Extended public keys and address batches are privacy-sensitive metadata. The library boundary begins with caller-supplied bytes and ends with a deterministic result; storage, process isolation, UI capture, clipboard, logs, and transport belong to the host application.

Considered attackers

Mitigations

Strict bounds/checksums, maintained curve libraries, explicit chain context, no hardened xpub derivation, no Solana public derivation, bounded batches, private-only APIs, hidden/permission-checked CLI input, exact dependencies, signed tagged releases, SBOMs/attestations, fuzzing, public vectors, and seven-runtime differential conformance.

Non-goals

Protection from a compromised host, malicious caller, side-channel-capable co-tenant, exposed process memory, insecure backups, weak passphrases, clipboard capture, or incorrect transaction-signing policy is outside this package. High-value systems should use independently audited hardware-backed key isolation.