HD Wallet: A Comprehensive Guide to Hierarchical Deterministic Wallets

In blockchain networks like Bitcoin and Ethereum, wallets play a crucial role in managing users' private keys and their digital assets. The private key is used to sign transactions, proving ownership of these assets. Since private keys are essentially random strings of numbers that are difficult to memorize, cryptographic methods are employed to manage key pairs (consisting of a private key and its corresponding public key) securely and conveniently.

1. Non-Deterministic Wallets

When private keys are generated completely randomly using Cryptographically Secure Pseudorandom Number Generators (CSPRNG), the resulting key pairs are entirely independent with no relationship between them. Wallets managing such key pairs are called non-deterministic wallets.

The main challenge with non-deterministic wallets is the cumbersome process of importing/exporting key pairs, as each key must be handled individually during backup or transfer.

2. Deterministic Wallets

To address these limitations, Hierarchical Deterministic (HD) wallets were introduced. These wallets generate key pairs from a single master seed using an irreversible hash algorithm. This approach offers several advantages:

• A single seed can generate multiple private keys
• Backup requires only saving the seed (often represented as 12-24 mnemonic words)
• HD wallets can generate numerous public keys without exposing private keys

The generation process follows this sequence:

Entropy (128-bit) → Mnemonic Phrase (12 words) → Seed (512-bit) → Private Key → Public Key → Address

2.1 Mnemonic Phrases and Entropy

Mnemonic phrases are human-readable representations of entropy (random number strings) for easier memorization. The process involves:

1. Generating entropy (128-256 bits)
2. Creating a checksum (length = entropy length/32)
3. Combining entropy and checksum
4. Splitting into 11-bit segments
5. Mapping segments to words from a predefined 2048-word list

2.2 Seed Generation

The mnemonic phrase is converted back to entropy, which is then processed through the PBKDF2 function to generate a 512-bit seed. PBKDF2 (Password-Based Key Derivation Function 2) enhances security through key stretching, making brute-force attacks computationally impractical.

2.3 Master Private Key and Chain Code

The 512-bit seed is split into two 256-bit components:

• Left 256 bits: Master private key
• Right 256 bits: Master chain code (used for deriving child keys)

The master public key is derived from the private key using elliptic curve cryptography.

2.4 Child Key Derivation

Child keys are derived from parent keys using three inputs:

1. Parent key (private or public)
2. Chain code (as entropy)
3. Index number

The derivation uses HMAC-SHA512, producing:

• Left 256 bits: Child private key
• Right 256 bits: Child chain code

2.5 Extended Keys

Extended keys combine parent keys with chain codes:

• Private extended keys (prefix: xprv) derive child private keys
• Public extended keys (prefix: xpub) derive child public keys

2.6 Hardened Derivation

Hardened child key derivation enhances security by:

1. Preventing public key leakage from compromising privacy
2. Making it impossible to derive parent private keys from child keys
   It uses parent private keys instead of public keys for derivation.

3. Elliptic Curve Cryptography

The secp256k1 elliptic curve is defined by:

y² mod p = (x³ + 7) mod p
where p = 2²⁵⁶ - 2³² - 2⁹ - 2⁸ - 2⁷ - 2⁶ - 2⁴ - 1

Public keys are points on this curve calculated as:

K = k * G

where:

• k: private key
• G: generator point (constant)
• K: public key

4. Public Key Formats

Public keys can be represented in two formats:

1. Uncompressed: 520-bit (prefix 04 + x-coordinate + y-coordinate)
2. Compressed: 264-bit (prefix 02/03 + x-coordinate)

Compressed format is preferred as it saves space while maintaining all necessary information.

5. Address Generation

5.1 Bitcoin Addresses

Generated through:

ADDR = RIPEMD160(SHA256(PUBKEY))
ACCOUNT_ADDR = Base58Check(ADDR)

5.2 Base58Check Encoding

This encoding:

• Uses 58-character alphabet (excluding ambiguous characters)
• Includes 4-byte checksum for error detection
• May include version byte prefixes

6. Multi-Currency and Multi-Account Support

BIP44 defines a standard hierarchy:

m / purpose' / coin_type' / account' / change / address_index

where:

• purpose': 44' (for cryptocurrencies)
• coin_type': Specifies currency (e.g., 0' for Bitcoin, 60' for Ethereum)

7. Ethereum HD Wallets

The Go implementation go-ethereum-hdwallet provides:

7.1 Wallet Creation

• Generates seed directly or from mnemonic
• Creates master key from seed via HMAC-SHA512
• Uses derivation path: m/44'/60'/0'/0 for Ethereum

7.2 Wallet Interface

Key functions include:

• Account management
• Key derivation
• Transaction signing
• Address generation

👉 Explore secure wallet solutions

FAQ

Q1: What's the main advantage of HD wallets over non-deterministic wallets?
A1: HD wallets allow generating all keys from a single seed, simplifying backup and management while maintaining security.

Q2: Can child public keys be derived without knowing parent private keys?
A2: Yes, public key derivation requires only parent public keys, enhancing security for watch-only wallets.

Q3: Why use compressed public key format?
A3: Compressed format reduces storage and bandwidth requirements by nearly 50% while retaining all necessary information.

Q4: How does Base58Check improve address reliability?
A4: The 4-byte checksum helps detect errors during address entry or transmission.

Q5: What's the purpose of hardened key derivation?
A5: Hardened derivation prevents potential security breaches by making parent keys un-derivable from child keys.

👉 Learn more about blockchain security