Differences among the keys


I am reading DPKI paper. And I come across some keys:like master private key, subkey.
I can not figure out what are they.
I previously think that the master private key is private key which can be used to sign the credentials.
Then the subkey is public key? Or something else? Why they have the different name here? To differentiate from the concepts in PKI?


I’m not sure exactly which paper you have read, but it sounds like you might be learning about an HD Keys scheme. HD = “Hierarchical Deterministic”. An HD Keys scheme is one where you create a master private key, and then you derive many public+private keypairs from that master one. Each derived keypair is a “subkey”.

In HD Keys schemes, you can end up with trees of keys, and you can revoke entire branches. Also, you can prove that a key is derived from your master key, without revealing the master key, and without that relationship being detectable prior to your proof.


Thanks @danielh. for your reply.
I am reading the DPKI. A White Paper from Rebooting the Web of Trust.

The knowledge of HD should be the background knowledge.


Hi @danielh,
is Sovrin using HD Keys scheme? From my understanding it is.

Many thanks ahead and best regards



Sovrin is not actively using Hierarchical Deterministic Keys schemes at present. However, some HD Keys schemes are relevant to future plans for key management.