BIP32 Extended Keys Explained with Diagrams

·

Introduction

Extended keys are fundamental components in Hierarchical Deterministic (HD) wallets, enabling the derivation of child keys from a single seed. This guide explores how extended private and public keys work, their structure, and their role in secure key management.

1. Master Key Generation

Your initial extended key (or "master key") is created by processing a 64-byte seed through the HMAC-SHA512 hash function.

Key Components:

🔍 Note: The HMAC key uses the string "Bitcoin seed" for master key generation, ensuring a standardized process.

Extended Private Key

An extended private key combines a standard private key with its chain code (64 bytes total).

Extended Public Key

Derived by converting the private key to a public key (via elliptic curve multiplication) and pairing it with the same chain code.

2. Hierarchical Key Trees

Extended keys can derive child keys recursively:

Child Key Types:

  1. Normal Child Keys:

    • Index range: 0 to 2147483647.
    • Both private and public keys can derive identical child public keys.

  2. Hardened Child Keys:

    • Index range: 2147483648 to 4294967295.
    • Only the extended private key can derive them, enhancing security.
⚠️ Security Tip: Exposing a child private key from a normal derivation path compromises the parent private key!

3. Child Key Derivation Methods

Normal Child Extended Private Key

  1. Inputs:

    • Data: Parent public key + index (concatenated).
    • Key: Parent chain code.

  2. Outputs:

    • New private key = Parent private key + HMAC first 32 bytes (modulo curve order).
    • New chain code = HMAC last 32 bytes.

Hardened Child Extended Private Key

  1. Inputs:

    • Data: Parent private key + index (concatenated).
    • Key: Parent chain code.

  2. Outputs:

    • Same as normal, but uses the parent private key for HMAC input.

Normal Child Extended Public Key

  1. Same HMAC inputs as normal private derivation.
  2. New public key = Parent public key + (HMAC first 32 bytes × generator point).

👉 Explore HD wallets in-depth

4. Serialization

Extended keys are serialized for storage/transfer with metadata:

| Field | Description | Example |
|----------------|----------------------------------------------|----------------------------------|
| Version | xprv (private) or xpub (public) | 0488ade4 / 0488b21e |
| Depth | Derivation level from master key | 0 for master |
| Fingerprint| First 4 bytes of parent public key’s hash160 | Used to identify parent |
| Index | Child number (0–4,294,967,295) | 0 for master |
| Chain Code | 32-byte entropy | Required for child derivation |
| Key | 33-byte public key or prefixed private key | 0x00 + private key (32 bytes) |

Example serialized keys:

5. FAQs

Q1: Why use hardened derivation?

A: Hardened keys prevent child private key exposure from compromising the parent key. Recommended for default use unless watch-only functionality is needed.

Q2: Can I derive hardened keys from an extended public key?

A: No. Only the extended private key can derive hardened child keys.

Q3: What happens if I lose my chain code?

A: Without the chain code, child key derivation is impossible, ensuring keys remain secure.

👉 Learn more about elliptic curve cryptography

Conclusion

Extended keys empower HD wallets with hierarchical, deterministic key management. By mastering their derivation paths and security trade-offs, users can optimize for both convenience and safety.

Key Takeaways:

For further reading, consult BIP 32 or tools like Ian Coleman’s BIP39 Generator.