PQHD: Post-Quantum Hierarchical Deterministic Wallet
Status: Live on mainnet.
PQHD replaces BIP-32 for PQ signature schemes. BIP-32’s non-hardened derivation is catastrophic under quantum attack (an exposed xpub is equivalent to an exposed xpriv, and no NIST PQ scheme supports the homomorphic public-key derivation BIP-32 requires). PQHD uses hardened-only derivation with hash-based key material and scheme-specific domain separation.
This page is the protocol specification overview. Wallet commands and operator examples live in Wallets / Using PQHD and RPC Reference.
Path structure
m / purpose' / coin_type' / scheme' / account' / change' / index'All path elements are hardened. PQHD does not support BIP32-style public child derivation.
| Field | Value | Meaning |
|---|---|---|
purpose' | 10007' | Tidecoin PQHD purpose. |
coin_type' | 6868' | Tidecoin coin type. |
scheme' | Scheme prefix | Registered PQ signature scheme. |
account' | User-controlled | Wallet account namespace. |
change' | 0' or 1' | Receive or change branch. |
index' | User-controlled | Address/key index. |
Derivation pipeline
PQHD v1 derives leaf key material from a 32-byte master seed:
- Compute
SeedID32 = SHA256("Tidecoin PQHD seedid v1" || master_seed). - Create the master node using HMAC-SHA-512 from the 32-byte master seed.
- Derive hardened children with HMAC-SHA-512 over parent secret material.
- Extract scheme-separated leaf material with HKDF.
- Convert leaf material into a deterministic PQ keypair.
Falcon key generation uses the first 48 bytes of derived stream material. ML-DSA key generation uses the first 32 bytes.
Domain separation
The implementation uses explicit Tidecoin PQHD labels:
| Label | Purpose |
|---|---|
Tidecoin PQHD seedid v1 | Seed identifier computation. |
Tidecoin PQHD seed | Master node derivation. |
Tidecoin PQHD hkdf v1 | HKDF salt/domain. |
Tidecoin PQHD stream key v1 | Leaf stream key derivation. |
Tidecoin PQHD rng v1 | Deterministic keygen stream blocks. |
Scheme registry
The scheme' path element uses the same prefix byte as serialized public keys:
| Prefix | Scheme |
|---|---|
7 | Falcon-512 |
8 | Falcon-1024 |
9 | ML-DSA-44 |
10 | ML-DSA-65 |
11 | ML-DSA-87 |
Mainnet activation matters: Falcon-512 is live on mainnet; the other schemes are implemented but gated by AuxPoW activation.
Descriptor integration
Tidecoin descriptor wallets use pqhd(...) expressions:
wpkh(pqhd(<seedid32>)/10007h/6868h/7h/0h/0h/*h)Parser rules:
SEEDID32is 32 bytes encoded as 64 hex characters.- The path has exactly six hardened elements after
pqhd(SEEDID32). - The wildcard form, when used, must be the final hardened element.
purposemust be10007.coin_typemust be6868.changemust be0or1.- BIP32
xpub/xprvexpressions are intentionally unsupported.
PSBT integration
Tidecoin PSBT support can include proprietary PQHD origin records using
identifier tidecoin and subtype 0x01. Wallet RPCs default to suppressing
PQHD origin metadata for privacy; integrations can request it with
include_pqhd_origins when offline signing requires origin data.
Security properties
- PQHD avoids xpub-style public derivation, so publishing derivation metadata does not create a public-key-to-private-key shortcut.
- All child derivation is hardened.
- Secret material is cleansed from short-lived buffers where the implementation owns those buffers.
- Wallet storage, encryption, and backup remain operational responsibilities.
Backup boundary
Descriptors describe scripts and derivation intent. They do not replace wallet secret material. A recoverable wallet needs the wallet backup, PQHD seed, or wallet-specific recovery material.
See also: Wallets / Using PQHD, Signature Scheme Registry, Reference / RPC Reference, Integrations / Wallet Integration.