well I've put some reading glasses on but I'm still trying to understand a couple of things
In what follows the hash function hash(i, s) 7→ (α1, . . . , αm) produces an
m-tuple of integers modulo p
I've copy and pasted above from section 4 of the paper but some of the symbols have changed so you might have to refer to the original paper
Anyway I don't really understand exactly how this m-tuple is derived, can someone write out an explicit example
Less-short answer: We didn't even bother to explicitly define how one generates descendant keys beyond the first level.
This is a fundamental part of the wallet so it must be pretty important to define it.
One straightforward way to do it is as follows. (m is overloaded; let n be the number of master keys.) The first n child keys m/0 through m/n-1 are designated as the "master" keys for m/"0", the subsequent n child keys m/n through m/2n-1 are "master" keys for m/"1" and so on recursively. So, for example, m/"0"/0 and m/"1"/0 are both linear combinations of the original n master keys d1,...,dn.
How can you give someone in a department their own set of master keys so that they can derive their own private keys without giving them the ability to derive the actual master keys?
In your example above there are
n master keys and you are using the first
n child keys as the "master" keys for m/"0".
So if you are giving someone the master keys to m/"0" then you are in effect giving them the ability to solve for the actual master keys. I don't understand how you get around this.
Of course these might be stupid questions because I don't fully understand your system but any help in understanding it is appreciated.