This is a read note of Mastering Bitcoin Chapter 05: Wallets. From a programmer’s perspective, the word “wallet” refers to the data structure used to store and manage a user’s keys.

1 Introduction

The wallet contains only keys. The “coins” are recorded in the blockchain on the Bitcoin network. Users control the coins on the network by signing transactions with the keys in their wallets. In a sense, a bitcoin wallet is a keychain containing pairs of private/public keys.

There are two primary types of wallets, distinguished by whether the keys they contain are related to each other or not. The first type is a nondeterministic wallet, where each key is independently generated from a random number. The keys are not related to each other. This type of wallet is also known as a JBOK wallet from the phrase “Just a Bunch Of Keys.” The second type of wallet is a deterministic wallet, where all the keys are derived from a single master key, known as the seed. All the keys in this type of wallet are related to each other and can be generated again if one has the original seed. There are a number of different key derivation methods used in deterministic wallets. The most commonly used derivation method uses a tree-like structure and is known as a hierarchical deterministic (HD) wallet defined by the BIP-32 standard.

Deterministic wallets are initialized from a random sequence (entropy). To make these easier to use, random sequences are encoded as English words, also known as mnemonic code words.

HD wallets offer two major advantages over random (nondeterministic) keys. First, the tree structure can express organizational meaning. Second, users can create a sequence of pubic keys without having access to the corresponding private keys.

The common wallet standards are:

  • Mnemonic code words, based on BIP-39
  • HD wallets, based on BIP-32
  • Multipurpose HD wallet structure, based on BIP-43
  • Multicurrency and multiaccount wallets, based on BIP-44

2 Extended Keys

The key derivation function can be used to create children at any level of the tree, based on the three inputs: a key (a private key or a public key), a chain code, and the index of the desired child. The combination of key and chain code is called an extended key.

Think of an extended key as the root of a branch in the tree structure of the HD wallet. With the root of the branch, you can derive the rest of the branch. The extended private key can create a complete branch, whereas the extended public key can only create a branch of public keys.

One common application of this solution is to install an extended public key on a web server that serves an ecommerce application. The web server can use the public key derivation function to create a new Bitcoin address for every transaction (e.g., for a customer shopping cart). The web server will not have any private keys that would be vulnerable to theft.

The index number used in the derivation function is a 32-bit integer. To easily distinguish between keys derived through the normal derivation function versus keys derived through hardened derivation, this index number is split into two ranges. Index numbers between 0 and 231–1 (0x0 to 0x7FFFFFFF) are used only for normal derivation. Index numbers between 231 and 232–1 (0x80000000 to 0xFFFFFFFF) are used only for hardened derivation.

Keys in an HD wallet are identified using a “path” naming convention, with each level of the tree separated by a slash (/) character.