Why PQHD?
PQHD is Tidecoin’s post-quantum hierarchical deterministic wallet system. It exists because Bitcoin’s BIP32 wallet model depends on elliptic-curve behavior that does not transfer cleanly to post-quantum signature schemes.
This page is the plain-language explanation. The protocol specification is Protocol / PQHD.
The BIP32 Problem
BIP32 lets a wallet derive child public keys from an extended public key
(xpub). That is useful for watch-only wallets and address generation, but it
depends on elliptic-curve arithmetic.
In a quantum setting, exposing public keys is more dangerous because Shor’s
algorithm can recover the corresponding private key from a public key once a
sufficiently large fault-tolerant quantum computer exists. An xpub model built
around exposed public derivation is the wrong foundation for a post-quantum
wallet.
There is also a practical issue: NIST post-quantum signature schemes do not provide the same homomorphic public child derivation that BIP32 uses.
What PQHD Does Instead
PQHD uses hardened-only derivation. That means every child key is derived from secret material, not from public derivation data.
The path shape is:
m / purpose' / coin_type' / scheme' / account' / change' / index'All elements are hardened. The scheme' element selects the post-quantum
signature scheme, such as Falcon-512 or ML-DSA-65.
Why Hardened-Only Matters
Hardened-only derivation gives up one BIP32 convenience: you cannot publish an
xpub and let an untrusted server derive all future child public keys.
That tradeoff is intentional. In a post-quantum wallet, avoiding public derivation is cleaner than trying to recreate the xpub model with primitives that were not designed for it.
Watch-only and offline workflows still exist, but they use descriptors, addresses, UTXO state, and PSBT metadata rather than an xpub-style public derivation root.
Multi-Seed and Multi-Scheme
Tidecoin Core can track multiple PQHD seeds in one wallet and set default receive/change scheme policy. That supports:
- separating account domains;
- importing recovery material without mixing it into normal receive paths;
- testing activation-gated schemes on testnet or regtest;
- moving gradually between scheme policies when consensus rules allow it.
The important rule is that wallet policy never overrides consensus activation. If a scheme is not active on mainnet, a wallet should not use it for production mainnet receives.
Backup Boundary
A descriptor can describe a PQHD path, but it does not contain the master seed. To recover funds, you need the wallet backup, PQHD seed material, or the wallet-specific recovery artifact.
Think of PQHD like this:
| Artifact | Role |
|---|---|
| Master seed | Secret material that can derive spending keys |
| Seed ID | Non-secret identifier for matching descriptors and origins |
| Descriptor | Script and path metadata |
| PSBT origin metadata | Handoff data that helps an offline signer locate the right derivation |
Practical Takeaway
PQHD is less convenient than xpub-based public derivation, but it matches the post-quantum threat model. It keeps deterministic wallet recovery while avoiding public child derivation assumptions that do not belong in a lattice-signature wallet.
See also: Protocol / PQHD, Wallets / Using PQHD, Wallets / Multi-Seed and Schemes, PQHD Integration.