cashubtc · lescuer97 · Jan 19, 2026 · Jan 21, 2026 · Mar 27, 2026 · thesimplekid
diff --git a/13.md b/13.md
@@ -39,6 +39,18 @@ The HMAC-SHA256 KDF is built as the following:
 2. `hmac_digest = HMAC_SHA256(seed, message)`, where `HMAC_SHA256` is the [hash-based message authentication code](https://en.wikipedia.org/wiki/HMAC) using SHA-256 as the hashing algorithm.
 3. `secret = hmac_digest` and `blinding_factor = hmac_digest % N`.
 
+#### P2PK Derivation
+
+Wallet are able to generate private keys in a deterministic way to have proofs locked to them.
+
+The following BIP32 derivation path for derivation of the key: `m/129373'/10'/0'/0'/{counter}`:
+
+- 129373': Purpose picked for P2PK derivation.
+- 10': Account for generating private keys for usage in P2PK.
+- {counter}: Incrementing counter encoded as an unsigned 64-bit integer in big-endian format.
+
+This will allow wallets to swap proof that are still locked to a public key during a restore process.
-This will allow wallets to swap proof that are still locked to a public key during a restore process.
+Wallets can deterministically generate private keys for P2PK using the following BIP32 derivation path: 
+
+`m/129372'/10'/0'/0'/{counter}`
+
+Where:
+- Purpose' = `129372'` (UTF-8 for 🥜)
+- Coin type' = `10'` - reserved for generating private keys.
+- `{counter}` is an Incrementing counter, encoded as an unsigned 64-bit integer in big-endian format.
+
+This allows wallets to swap Proofs still locked to a corresponding public key during a restore process.
+
+In line with BIP-32, if the resulting private key is out of range (`> N`), it should be discarded.
-This will allow wallets to swap proof that are still locked to a public key during a restore process.
+Wallets can deterministically generate private keys for P2PK using the following BIP32 derivation path: 
+
+`m/129372'/10'/0'/0'/{counter}`
+
+Where:
+- Purpose' = `129372'` (UTF-8 for 🥜)
+- Coin type' = `10'` - reserved for generating private keys.
+- `{counter}` is an Incrementing counter, encoded as an unsigned 64-bit integer in big-endian format.
+
+This allows wallets to swap Proofs still locked to a corresponding public key during a restore process.
+
+In line with BIP-32, if the resulting private key is out of range (`> N`), it should be discarded.
+
 ### Code Examples
 
 #### Versioned Secret Derivation

diff --git a/tests/13-tests.md b/tests/13-tests.md
@@ -91,3 +91,25 @@ The corresponding blinding factors `r` are:
   "r_4": "5550337312d223ba62e3f75cfe2ab70477b046d98e3e71804eade3956c7b98cf"
 }
 ```
+
+## P2PK Derivation
+
+Using [NUT-13](13.md) derivation procedure for P2PK, we derive values starting from the following BIP39 mnemonic:
+
+```json
+{
+  "mnemonic": "half depart obvious quality work element tank gorilla view sugar picture humble"
+}
+```
+
+The public keys derived for the first five counters from `counter=0` to `counter=4` are:
+
+```json
+{
+  "m/129373'/10'/0'/0'/0": "021693d45f4fdf610ae641fedb0944fb460fbb8264f21c19d2626c3da755fcbbcb",
+  "m/129373'/10'/0'/0'/1": "0395461ab678058c0ed6aa39f38dda490eaa163e9ad27070b23ec3d06b41e07535",
+  "m/129373'/10'/0'/0'/2": "02a05e4e593a633e9b4405f01c9632c8afde24cb613017a1aee56fd76291ad26d1",
+  "m/129373'/10'/0'/0'/3": "033addea25c3873b93d67d536c61c9d9c993f6efd8b9dfa657951b66b5001e51dd",
+  "m/129373'/10'/0'/0'/4": "03c964bdf42fc82b6c574615746eeca37527a24f1fdfc1b34a732c53843b5744a5"
+}
+```