Hierarchical Deterministic Wallets: Private Keys & Derivation Paths

Private keys as part of asymmetric cryptography are used to manage a user’s cryptocurrency. While public keys are used as the basis for addresses in Bitcoin and other coins, private keys are generated first and without them, funds cannot be accessed or spent.

Private Keys

Most cryptocurrencies use elliptic curve cryptography (ECC) to generate private keys. Using arbitrarily set operations of point addition and multiplication, one can go over an entire elliptic curve starting from a single base point. In simple terms, the addition of two points can be visualized as connecting them with a line and taking the remaining point of intersection with the elliptic curve as the result. And to add a point to itself, one has to draw that line perpendicular to the curve in the point. Multiplication, in this case, involves some finite number of additions. In this way, a public key is actually a point on the curve, and the private key is the multiplication coefficient used to derive it. This method of encryption is computationally complex enough to make the private key secure, at least for the time being. One can verify whether the public key lies on the curve, but cannot know the private key that was used to attain it. In Bitcoin, the use of key pairs and transaction signatures created with them is governed by ECDSA, short for Elliptic Curve Digital Signature Algorithm, and the elliptic curve is called secp256k1.

Wallet Import Format

Storing all these private keys uncompressed takes up a lot of memory, not to mention the possibility of error within such a tight-knit string of characters. Fortunately, another method is used to ensure that the private keys are both short and leave out any chance of an error. Most private keys in Bitcoin are encoded using a function called Base58Check, which is primarily used for generation of addresses. WIF keys are short, alphanumeric and correspond to the one and only private key that they were derived from.

HD Wallets

There are a few ways to generate private keys in such a way that a third-party would not be able to recreate them. Originally they were created non-deterministically, or randomly, each time, so if one key was lost there was no way to recover it. A solution was created in 2012 and outlined in Bitcoin Improvement Proposal (BIP) 32. In general, HD wallets work in the following way: once a user has created a human-readable seed phrase, they can generate a number of private keys with this seed across multiple coins. This seed phrase consists of 12 words that be chosen from a list of several thousand words in English, Chinese, and other languages. Using a simple user interface, the user would see a list of unopened wallet accounts each time they submit their seed to a wallet app. Some also allow the generation of public keys and addresses directly from the seed phrase, bypassing the need to choose a wallet to work with.

Derivation Paths

This tree-like structure is also the reason why hardware wallets are so easy to restore. Having access to the seed phrase is sufficient for restoring any private key created with it. In order to be able to navigate across the sea of wallets and private keys, it is necessary to employ derivation paths. They are comprised of a sequence of tags and are used to connect an HD wallet to a particular cryptocurrency. Usually it looks something like this: m’ / purpose’ / coin_type’ / account’ / change / address_index. In the end, derivation paths help the user keep track of their addresses in an orderly fashion.