AOPP & xPub Sharing: A Match Made in Heaven
When transacting with self-hosted wallets, virtual asset service providers (VASPs) generally need to obtain proof of ownership over the address(es) involved on the client side. While there are multiple ways of achieving this, the Address Ownership Proof Protocol (AOPP) has emerged as, by far, the most convenient way for VASPs to obtain a signature-based ownership proof over a single address of a self-hosted wallet.
Address Ownership Proofs for Deposit Transactions
To withdraw funds from a VASP, this single proof is entirely sufficient. For the deposit case, however, things are more complicated for UTXO-based blockchains like Bitcoin. For those, there will generally be more than one address originating funds within a single transaction. To accept a deposit transaction, a VASP would thus, in principle, need a proof-of-ownership of all addresses on the input side. This would quickly become cumbersome and unexplainable to the user.
What we would like is for a single signature proof to project its ownership claims to other associated addresses owned by the same self-hosted wallet. Luckily, there exists a widely understood concept that achieves exactly that: xPub sharing. Before explaining its significance for proof-of-ownerships, let’s take a brief excursion to see how xPubs work.
Hierarchical Deterministic Wallets and xPubs
Self-hosted crypto wallets often have a simple backup in the form of 12 to 24 common English words. From those, they can generate an unlimited number of private keys and addresses for countless different blockchains. How does this work? Behind the scenes, so-called “hierarchical deterministic derivation” is doing its magic. This is a systematic way of deriving private keys in a tree-like structure where each level allows you to derive many child private keys from a single parent private key.
Thanks to the ingenious details of how the key derivation works, wallet owners can opt to share some information (the xPub) at a particular node in the tree such that all child public keys in the subtree rooted at that node can be derived from it. This is done without leaking private key information, thus keeping the user’s funds safe. Also, the public keys in the rest of the tree remain hidden. This makes xPub sharing a very sharp tool to share read access to a particular part of one's wallet with another party.
AOPP and xPub Sharing
What happens if we combine a single signature proof obtained with AOPP with xPub sharing? Since the VASP can derive public keys from the xPub, he can verify that the signature proof belongs to an address within that xPub-tree. This means we have exactly achieved our goal that the signature proof extends across a set of addresses related to the same wallet. A deposit transaction to a VASP can now be accepted from a proof-of-ownership perspective if all input addresses are located in the xPub tree.
Privacy and Trust Considerations
Sharing a large set of addresses with a VASP might sound like a scary idea from a privacy point of view. However, most wallets are set up in such a way that xPub sharing is only possible at a fairly low level in the tree. This means, for example, that addresses belonging to other cryptocurrencies will never be able to be derived. Furthermore, the user is free to set up a distinct wallet that is only used to deposit to a VASP, and won’t incur privacy tradeoffs when sharing the xPub. Finally, there is usually already a fair amount of trust involved between a user and a VASP regarding privacy-sensitive data (the user’s KYC data, for example), which can easily cover the watch-only information of an xPub.
Curious to find out more about Address Ownership Proof Protocol? Reach out to us.