Polkadot Key Derivation Paths

All paths as per subkey standard.

Overview

Mnemonic (BIP32) -> Seed -> Root-Secret (/Root-Public) -> Derive to account keys

Root-Public key should be shown in UI as an SS58 with a prefix index of 1 (BareSr25519) or 3 (BareEd25519) - depending on crypto used.

Root-Secret should never be shown or exported from UI (only the mnemonic, if needed).

Derivations should be based on networks:

• //polkadot -> Polkadot top-level and primary full-security key. This key and others derived under this should be shown using SS58 with a 0 (Polkadot) prefix and with a Polkadot identicon.
• //kusama -> Kusama top-level and primary high-security key. This key and others derived under this should be shown using SS58 with a 2 (Kusama) prefix and with a Polkadot identicon.
• Generally //<network_id> for the top-level key for any given network, where <network_id> is exactly the id field in the network's chain spec.

Other standard paths for more sophisticated wallets:

• //<network>//0, //<network>//1, …: Secondary full-security keys.
• //<network>//hot: Primary partial-security key. On Polkadot Vault, this could coventionally be exported for use on a hot device such as a desktop. If compromised it does not compromise the Vault, but if lost it can be recovered from the Vault. Apps which expect internet connectivity and store the key locally might have a initialization option which is to scan a Vault hot key.
• //<network>//pub: Primary public account. Any secondary paths from here can be soft derived in order to create a provable connection between the public keys. Wallets may choose to associate this with some on-chain identity.