A hierarchical deterministic wallet (or “HD Wallet”) is a wallet which generates all of its keys and addresses from a mnemonic sentence, better known as “seed”, or “seed words”.
“Hierarchical” means that the keys and addresses can be organized into a tree
“Deterministic” means that the keys and addresses are always generated in the same way, every time.
A “Mnemonic sentence” represents a large randomly-generated number as a sequence of words, making it easier for humans to store.
To create a mnemonic sentence, you’ll need a specific entropy, which refers to the level of randomness and complexity.
You can think of entropy as being a very large number as a series of bits, e.g. 10011010010001...
The entropy used to generate a mnemonic sentence needs to be a multiple of 32 bits, as this will allow the generated entropy to be split into even chunks, which can be converted to words, and should be between 128 and 256 bits, as this makes it impossible for two people to generate the same entropy.
Once the needed entropy is generated, a checksum is added, which is used to look for- and prevent mistakes and errors.
The checksum is created by hashing the generated entropy through SHA256, which creates a unique fingerprint for this entropy. One then takes 1 bit of the hash for every 32 bits of the generated entropy, and adds it to the end of the generated entropy.
The generated entropy + checksum then gets split into groups of 11 bits, which get converted to decimal numbers, which are then used to select the corresponding words from the 2048 word list, thus creating the mnemonic sentence.
Once the mnemonic sentence has been created, it can be converted to the seed, which is achieved by putting the mnemonic sentence through the “PBKDF2 function”, which hashes your mnemonic sentence (+ optional passphrase) multiple times, and produces a final 64 byte (512 bit) result.
The “mnemonic sentence” allows the user to make a simple back-up of the wallet through use of the BIP39 2048 word list.
The final “seed” is used to create the master extended key, from which one can generate billions of child private- and public keys.
Master extended keys
The master extended keys are created by putting the seed through the HMAC-SHA512 hash function, which will return 64 bytes of data, which will then be split into two halves of 32 bytes each, thereby creating the extended private key.
The left half contains the private key.
The right half contains the chain code
In order to create the extended public key, one simply takes the before created extended private key, calculates its public key and couples this public key with the same chain code.
A public key is calculated from the private key through the use of “Elliptic Curve Multiplication”, which is a one-way function, ensuring that nobody is able to reverse the function and calculate the corresponding private key from a public key.
And there we have it, the extended private key and the extended public key, which make up the master extended keys.
Extended key tree
Extended keys are able to derive child extended keys, with extended private keys being able to generate both new private- and public keys, and extended public keys only being able to generate new public keys. Each generated child key receives an index number, which goes up to 2**32.
Extended private keys can generate child keys with new private keys and public keys
Extended public keys can generate child keys with new public keys only.
Each generated child key receives an index number, which goes up 2**32.
Child extended key derivation
There are three methods for deriving child extended keys, with an extended private key being able to derive both (1) normal and (2) hardened child keys, and an extended public key only being able to derive (3) normal child keys.
Normal : The extended private key and the extended public key can generate the same public key.
Hardened : Only the extended private key can generate the public key.
In order to derive a (1) normal child extended key from an extended private key, one works out the public key, uses an index between 0 and 2147483647 (Indexes in this range are designated for normal child extended keys), and puts the data and key through the HMAC function, with the data being the public key + index, and the key being the chain code.
In order to derive a (2) hardened child extended key from an extended private key, one uses an index between 2147483647 and 4294967295 (indexes in this range are designated for hardened child extended keys), and puts the data and key through the HMAC function, with the data being the private key + index, and the key being the chain code.
In order to derive a (3) normal extended child key from an extended public key, one uses an index between 0 and 2147483647 (Indexes in this range are designated for normal child extended keys), and puts the data and key through the HMAC function, with the data being the public key + index, and the key being the chain code.
How does this work ?
How is it possible that a public key derived from an extended public key corresponds to a private key derived from an extended private key?
One’s putting the same inputs for both child extended keys into the HMAC function, which generates the same data, basically being a number, as a result. Using the first 32 bytes of this number, one then :
Increases the parent private key by this number to create the child private key
Increases the parent public key by this number to create the child public key.
Due to how the Elliptic Curve mathematics work, the child private key will correspond to the child public key.
Serialization
An extended key can be serialized to make it easier to pass around.
This serialized data contains the private- and public key, along with the chain code and some additional metadata, as specified below :
Version : this places “xprv” 0488ade4 or “xpub” 0488b21e at the start.
Depth : this specifies how many derivations deep this extended key is from the master key.
Parent Fingerprint : this specifies the first 4 bytes of the hash160 of the parent’s public key to help identify the parent later.
Child Number : this specifies the index number of the child from the parent.
Chain Code : this specifies the extra 32 bytes secret, which prevents others from deriving child keys without it.
Key : this specifies the private key (prepend 0x00) or public key.
A checksum is then added to this data for error prevention, before finally converting it to Base58, which creates a human-friendly extended key format.
Note : The different version bytes :
0488ade4 = xprv
0488b21e = xpub
049d7878 = yprv (for extended keys in a BIP 49 derivation path)
049d7cb2 = ypub
04b2430c = zprv (for extended keys in a BIP 84 derivation path)
04b24746 = zpub
Note : The master extended keys :
Depth = 00
Fingerprint = 00000000
Child Number = 00000000
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments