Merely put, it doesn’t seem {that a} generic answer to this drawback is feasible throughout the realm of discrete logarithm based mostly cryptography.
Options exist, however they might require a special kind of cryptographic development (like pairing based mostly cryptography), which might introduce further safety assumptions (and imply a special signature scheme than ECDSA/Schnorr would must be used).
It’s nonetheless a identified drawback, and defined within the unique BIP (disclaimer: I am the writer). The (admittedly, solely partial) answer was the hardened derivation mode, which breaks this potential to compute the mother or father personal key from mother or father public key and baby personal key. Sadly, it additionally breaks the power to derive baby public keys with out entry to the mother or father personal keys.
In fact, probably the most highly effective protection is rarely sharing any personal keys with every other social gathering in any respect.
