But the whole point is isolation of private keys!. Ok I will just give away my implementation idea here to explain, So basically the exchange market is 100% cold because it doesn't even hold pre-generated address pool to assign to users. It only holds a single master public key. Whenever a user asks for thier deposit address a single invocation of addrGen(MPubK, userid) would always generate instantly the same address (Note that there is no private keys involved here!), On the secure super duper server that does not directly communicate to the exchange the coins can be spent by addrPrivGen(MPrivk, userid) <-(Not that addrPrivGen takes significantly more time since you actually have to generate from 1 up to userid number of private keys, but that private key will be able to spend the coins in that address).
The dangers of exposing MPK are only limited to expose all possible public keys in the sequence.
Note that this idea is DONE bitcoin side... with oh many new ideas coming this way
Ahhh, so u want it for cold wallet, now everything is clear. (you should have started, that user won't have access to priv key
)
But As I've written:
I was thinking more about it, and it wouldn't be as straightforward as I thought, mainly because curve25519 is not bijective.
(But it would still be partially doable...)
Funny thing, I was thinking about making escrow for NXT, but haven't thought about MPK
I need to think about it, but I think that on super-duper secure server, you'd have to do check first, as there's chance, that addrGen(MPubK, userid) would generate key, that does NOT have corresponding private key... (
curve25519(priv, basepoint)-> public is not surjective)
)