Each coin uses BIP-44 derivation path scheme. If the coin is UTXO-based the path
should have all five parts, precisely as defined in BIP-32. If it is account-based we
follow Stellar's SEP-0005 - paths have only three parts
lot of exceptions occur due to compatibility reasons.
Keys are derived according to SLIP-10, which is a superset of the BIP-32 derivation algorithm, extended to work on other curves.
c stands for the SLIP-44 id of the currency, when multiple currencies are handled
by the same code.
a is an account number,
y is change address indicator (must be
0 or 1), and
i is address index.
Paths that do not conform to this table are allowed, but user needs to confirm a warning on Trezor.
Some currencies allow exporting a public node, which lets the client derive all non-hardened paths below it. In that case, the conforming path is equal to the hardened prefix.
I.e., for Bitcoin's path
44'/c'/a'/y/i, the allowed public node path is
Trezor does not check if the path is followed by other non-hardened items (anyone can
derive those anyway). This is beneficial for Ethereum and its MEW compatibility, which
44'/60'/0'/0 for getPublicKey.
p type input script type 44 legacy SPENDADDRESS 48 legacy multisig SPENDMULTISIG 49 p2sh segwit SPENDP2SHWITNESS 84 native segwit SPENDWITNESS
We believe this should be
44'/c'/a', because Ethereum is account-based, rather than UTXO-based. Unfortunately, lot of Ethereum tools (MEW, Metamask) do not use such scheme and set
a = 0and then iterate the address index
i. Therefore for compatibility reasons we use the same scheme.
Cardano has a custom derivation algorithm that allows non-hardened derivation on ed25519.
Sign message paths are validated in the same way as the sign tx paths are.
For UTXO-based currencies, account number
a needs to be in the interval [0, 20]
and address index
i in the interval [0, 1 000 000].
For account-based currencies (i.e., those that do not use address indexes), account
a needs to be in the interval [0, 1 000 000]