BIP 44: Hierarchical Deterministic Wallets

BIP44 is a bitcoin improvement proposal that defines a standard method for deriving many keys for different uses from a single mnemonic seed in an organized way. This method of key derivation uses hierarchical deterministic(HD) keys to derive several public/private key pairs from a single master key pair allowing a user to avoid storing and generating new keys for each use. Instead, the user simply needs to store the master key from which all the other keys can be derived.

This method of key management requires a consistent standard for deriving keys so the user can more easily derive specific keys for specific uses while also allowing the keys to be compatible between wallet software.

HD wallets start from a master key and generate a new child key by hashing the master key with an index. By changing the index, a different key is produced which can be deterministically reproduced by providing the index with the master key. Each child key itself can also be used to generate grandchild keys of the master, creating a tree like structure with multiple generations of child keys. This hierarchy of keys allows for the derivation of keys for a multitude of purposes including change keys, receiving keys, spending keys and altcoin keys all of which can be reproduced from just the master key.

BIP44 defines the following standard structure for deriving keys:

Master key / Purpose Code(44) / Coin Code / Account Index / Change Address(Boolean) / Child Index

Where the master key is generated by creating a 512-bit pseudo random number which is then hashed using the HMAC-SHA512 hashing algorithm. This creates a 512-bit output, the 256 bits on the left side are used as the master key while the right 256 bits are used as the chain code for key derivation.

To derive a child key, the master private key is hashed with the chain code and index desired creating another 512-bit hash which is used to create the child private key and the child chain code. New keys of the same generation (child of the master) can be derived by simply changing the index used, while children of the child key (grandchild keys) can be derived by doing the same process but with the child private key and child chain code.

The process of using a private key along with an index is called hardened derivation and it is used to derive the private keys associated with a specific generation of keys. Non-hardened derivation, is the process of deriving child keys using a parent public key and chain code, non-hardened derivation is only able to generate public child keys. This is useful in situations that require a payment address to be generated client-side without risking exposure of private keys to an attacker.

The first three levels of a BIP 44 key structure are derived via hardened derivation which is signaled by setting the highest order bit of the index to 1. Levels with hardened derivation are denoted with the “prime” symbol (x’).

m / purpose' / coin_type' / account' / change / address_index
m / 44' / 0' / 0' / 0 / 1

This key path, with the highest bit set, would be derived from the following indices in hexadecimal.

m / 0x8000002C / 0x80000000 / 0x80000000 / 0x00 / 0x01

BIP 44 defines six generations of child keys derived by using an index specific to the keys use case. This allows the user to store the mnemonic of the seed and be able to generate keys based on their purpose.

The first level of keys is generated from the master key and the index 44’, this represents the keys purpose as being bip44 compliant.

The next level derives keys for a specific altcoin depending on the index, bitcoin being 1’ the testnet being 2’ and litecoin being 3’ and so on according to this list of registered coins.

After that level is the accounts level, which defines an index for users to separate funds according to different personal uses, similar to bank accounts.

The next level is the change level and is based on a binary index. This index is set to either 0, to generate non-change receiving addresses or 1 to generate change address for outgoing transactions.

From this level, child keys are generated by sequential index for unique payment addresses starting at 0.

BIP 44 also defines a method for discovering accounts used by a key. This standard generates 20 child payment level keys of an account starting at account 0 and check their transaction history. If none of the first 20 addresses are used then it is assumed the account is unused and a new account is generated on that level.



Leave a Reply

Your email address will not be published.