cashubtc · lescuer97 · Jan 19, 2026 · Jan 21, 2026 · prusnak · Jan 22, 2026
diff --git a/13.md b/13.md
@@ -39,6 +39,18 @@ The HMAC-SHA256 KDF is built as the following:
 2. `hmac_digest = HMAC_SHA256(seed, message)`, where `HMAC_SHA256` is the [hash-based message authentication code](https://en.wikipedia.org/wiki/HMAC) using SHA-256 as the hashing algorithm.
 3. `secret = hmac_digest` and `blinding_factor = hmac_digest % N`.
 
+#### P2PK Derivation
+
+Wallet are able to generate private keys is a deterministic way to have proofs locked to them.
+
+The following BIP32 derivation path for derivation of the key: `m/129372'/10'/0'/0'/{counter}`:
+
+- 129372': Registered SLIP-0044 coin type for Cashu.
+- 10': Purpose for generating private keys for usage in P2PK.
+- {counter}: Incrementing counter encoded as an unsigned 64-bit integer in big-endian format.
+
+This will allow wallets to swap proof that are still locked to a public key during a restore process.
-This will allow wallets to swap proof that are still locked to a public key during a restore process.
+Wallets can deterministically generate private keys for P2PK using the following BIP32 derivation path: 
+
+`m/129372'/10'/0'/0'/{counter}`
+
+Where:
+- Purpose' = `129372'` (UTF-8 for 🥜)
+- Coin type' = `10'` - reserved for generating private keys.
+- `{counter}` is an Incrementing counter, encoded as an unsigned 64-bit integer in big-endian format.
+
+This allows wallets to swap Proofs still locked to a corresponding public key during a restore process.
+
+In line with BIP-32, if the resulting private key is out of range (`> N`), it should be discarded.
-This will allow wallets to swap proof that are still locked to a public key during a restore process.
+Wallets can deterministically generate private keys for P2PK using the following BIP32 derivation path: 
+
+`m/129372'/10'/0'/0'/{counter}`
+
+Where:
+- Purpose' = `129372'` (UTF-8 for 🥜)
+- Coin type' = `10'` - reserved for generating private keys.
+- `{counter}` is an Incrementing counter, encoded as an unsigned 64-bit integer in big-endian format.
+
+This allows wallets to swap Proofs still locked to a corresponding public key during a restore process.
+
+In line with BIP-32, if the resulting private key is out of range (`> N`), it should be discarded.
+
 ### Code Examples
 
 #### Versioned Secret Derivation

diff --git a/tests/13-tests.md b/tests/13-tests.md
@@ -91,3 +91,25 @@ The corresponding blinding factors `r` are:
   "r_4": "5550337312d223ba62e3f75cfe2ab70477b046d98e3e71804eade3956c7b98cf"
 }
 ```
+
+## P2PK Derivation
+
+Using [NUT-13](13.md) derivation procedure for P2PK, we derive values starting from the following BIP39 mnemonic:
+
+```json
+{
+  "mnemonic": "half depart obvious quality work element tank gorilla view sugar picture humble"
+}
+```
+
+The public keys derived for the first five counters from `counter=0` to `counter=4` are:
+
+```json
+{
+  "m/129372'/10'/0'/0'/0": "03381fbf0996b81d49c35bae17a70d71db9a9e802b1af5c2516fc90381f4741e06",
+  "m/129372'/10'/0'/0'/1": "039bbb7a9cd234da13a113cdd8e037a25c66bbf3a77139d652786a1d7e9d73e600",
+  "m/129372'/10'/0'/0'/2": "02ffd52ed54761750d75b67342544cc8da8a0994f84c46d546e0ab574dd3651a29",
+  "m/129372'/10'/0'/0'/3": "02751ab780960ff177c2300e440fddc0850238a78782a1cab7b0ae03c41978d92d",
+  "m/129372'/10'/0'/0'/4": "0391a9ba1c3caf39ca0536d44419a6ceeda922ee61aa651a72a60171499c02b423"
+}
+```