Blockchain tutorial 29: Hierarchical Deterministic wallet - BIP32 and BIP44
HTML-код
- Опубликовано: 10 окт 2024
- This is part 29 of the Blockchain tutorial.
In this video series different topics will be explained which will help you to understand blockchain.
It is recommended to watch each video sequentially as I may refer to certain Blockchain topics explained earlier.
DETERMINISTIC WALLET
BIP-39 describes how the mnemonic words are created.
These mnemonic words together with a password (optionally) are used to generate a 512 bit seed.
The 512 bit seed is also called the "BIP-39 seed".
This seed is used to create deterministic wallets.
There are two types of deterministic wallets:
Sequential deterministic wallets.
Hierarchical deterministic wallets.
SEQUENTIAL DETERMINISTIC WALLET
Sequential deterministic wallets generates private keys for example by taking SHA256(seed + n)
HIERARCHICAL DETERMINISTIC WALLET
Nowadays most wallets are Hierarchical Deterministic (HD) wallets.
More information:
github.com/bit...
Most HD wallet vendors have implemented BIP-32, BIP-39 and BIP-44.
These 3 Bitcoin Improvement Proposals are becoming an industry standard.
BIP-39
BIP-39 describes the implementation of mnemonic words to generate a 512 bit seed.
More information:
github.com/bit...
BIP-32
BIP-32 describes how you can build a general hierarchical deterministic wallet.
More information:
github.com/bit...
bitcoin.org/en...
If you want to see how BIP32 is implemented in the bitcoinjs library, see:
raw.githubuser...
Online web application:
www.mobilefish...
BIP-32 explains how master keys and master chain code are created from a BIP-39 seed.
The chain code is used as entropy in the Child Key Derivation function.
Using different index numbers will create different unlinkable child keys from the same parent keys.
Repeating the procedure for the child keys using the child chain code will create unlinkable grandchild keys.
By changing the chain code, a new node (aka wallet) is created.
Extended private (xprv) keys can create a complete branch with child private keys and child public keys
Extended public (xpub) keys can only generate public keys.
BIP-44
BIP-44 defines a specific logical hierarchy for deterministic wallets based on an algorithm described in BIP-32.
More information:
github.com/bit...
BIP-44 uses the following derivation path: m/purpose'/coin_type'/account'/change/address_index
The letter m denotes the master node and all hierarchical levels are separated with slashes (/).
m is level 0, purpose is level 1, coin_type is level 2 etc.
The purpose scheme is described in BIP-43.
Because we are using BIP44 scheme we should use 44'.
The apostrophe (for example in purpose') indicates hardened derivation.
More information:
github.com/sat...
account level can be seen as bank account types, for example payment account, savings account etc.
change level is also known as "external / internal level" where external (0) is used for addresses that are meant to be visible outside of the wallet (receiving payments) and internal (1) is used for addresses which are not meant to be visible outside of the wallet (signing transactions).
address_index is a sequence of addresses starting at 0.
BIP-44 XPRV AND XPUB DEMONSTRATION
Suppose a webshop wants to receive payments in only in ETH.
For each payment received a different Ethereum address must be used.
The webshop should use a wallet containing only public keys.
The webshop wallet uses a xpub key with derivation path: m/44'/60'/0'/0
This wallet creates the following addresses:
m/44'/60'/0'/0/0
m/44'/60'/0'/0/..
The accounting department uses another wallet containing the same public keys AND accompanied private keys.
The accounting department can transfer payments made on these public addresses and transfer it to a separate accounting address.
This is possible because they have access to the private keys.
The accounting department wallet uses a xprv key with the same derivation path: m/44'/60'/0'/0
BIP-32 RISK
If a hacker gets it hands on any child private key and the account xpub key, the hacker can recompute the account xprv key and thus have access to every private and public key descending from the account level.
More information:
github.com/bit...
Check out all my other Blockchain tutorial videos
goo.gl/aMTFHU
Subscribe to my RUclips channel
goo.gl/61NFzK
The presentation used in this video tutorial can be found at:
www.mobilefish...
#mobilefish #blockchain #bitcoin #cryptocurrency #ethereum
I have not seen any youtube video putting that much effort into one video. Appreciated
You are a legend man! Years ago I watched your video for Geth node, IOTA, etc. Now I need key derivation HMAC still come back to your channel! Simply the best explanation on yt.
Best explanation that I find on RUclips, congrats.
Omg. This channel is a gem
The best explanation: clear, perfectly presented, many many thanks for your great work!
Fantastic video on the major benefits of BIP-44 vs BIP-32. If the hacker gets access to an extended public key of an account and any one child private key, they will only be able to derive the extended private key with respect to the account that the extended public key belongs to. Well said.
Finally, someone who doesn't treat his audience like toddlers. Thanks.
Excellent explanation.... Very well put in a step-by-step simple way. Thanks a lot!
Thank you for the detailed explanation. I've learnt a lot from your videos.
Thanks again for taking your time to explain this. Really good explanation.
This was an awesome explanation. Thank you for this!
Great job this helped me so much thank u so much for your time to educate me and others
Thanks a lot for this amazing video sir! Perfectly explained.
To the point and easy to understand. Thank you
Good video, but you unfortunately forgot to explain, in your CKD mecanisms description (BIP 32), how to compute normal child private keys, which is actually the whole magic of this system.. Because you end up with 2 possibilities to compute your normal child public keys:
1. As you explain, with a direct derivation from the parent public key,
2. Or, by first computing the normal child private key (based on both parent keys) and running the usual ECDSA algorithm on it
And the magic is that both ways give the same result, which is why the whole extended keys (xprv and xpub) mecanisms actually work!
Very well explained. Thanks.
Thanks so much! Your video tutorials are fantastic
The Best explanation of HD key creation
hi sir i have question can i create more than 1000 adresses of btc wallet
best explanation . thanks😁
I learned a lot, thank you so much, ser!
This is golden
There is interesting article about HD wallets on medium also from OWNR wallet
Thank you! ✅
MetaMask doesn’t support Bitcoin, however it’s recovery phrase is BIP-44. When I use it on Coinbase Wallet, which supports BIP-44, I’m able to restore everything that was on MetaMask as well as have an address for Bitcoin. What I don’t understand is where is the node that is accessed to get the extended key? Is it on the Bitcoin blockchain or what blockchain?
Incredible explanation
Great job, thank you
Excellent video! Thank you so much for this!
Thanks, It was really helpful,,, Keep it up......
you are the best! This is an amazing video
very good video
Great tutorial i have never seen anything like this one, well done
Hi there,I transferred some Ada from binance to nano ledger S to Ada lite wallet last year but now I connected my nano ledger s to Ada but the balance is showing zero,one thing I did was I have to reset my nano ledger s ,do you think my Ada public key is changed while restoring the ledger nano s,how can I recover the old public key of Ada on my ledger
How does the parent priv key and hash left (total of 512 bits) form the child priv key (which is a 256 bit)?
Yea I wonder that too.
The SHA512 function outputs a 512 bit result, regardless the length of the string that is put into the function.
This has got to something with modulo addition of groups in Mathematics
Life saver!!
Your videos are great and I learned a lot, but I think you made some mistakes in this video.
The input seed to generate master private key can be 128, 256 or 512 bit random value or 512 bit BIP39 output, but you told that BIP39 output is 128 or 256 bit.
In addition, both Hardened key and Normal key are private key, and to derive public key, we must use ECC equation. But you told that Normal key is public key that is not right.
is that you Satoshi Nakamoto? very understandable material here!
Satoshi is smart to keep his identity a secret. Governments and criminals loves to get their hands on him. No, I am not Satoshi but I am glad you like the video. 😀
Or while resetting,can nano ledger changes the private key automatically for Cardano wallet,pls help thanks
Why is there an apostrophe on the coin type and purpose? How can you have a hardened coin type?
At 25:24, you mention that if a hacker gets his hands on the xpub and a child private key, he can recompute the xpriv. In the same paragraph as that risk, you mention that the change level is not hardened. What does the change level not being hardened have to do with the previously mentioned risk?
Is it wrong in the slide at 4:55? The length of BIP39 seed should be 512 bits, not 125-256 bits.
The BIP39 seed is 512 bit long. 128 - 256 bits probably referred to the entropy length, which is the length of the random number used to generate the seed phrase. 12-word phases uses a random 128-bit/ 16-byte integer, and it's 256-bit or 32-byte in the case of a 24-word phrase (at 8:14).
Sir, thank you very much for this course
I lost you somewhere around 11:00. How can you straight up make public keys? Aren't public keys always created from a private key, through one-way elliptical curve math?
Looking for btc flash
To show on the total balance of the wallet.
To stay 3 days, to move one time if possible, if its not movable is ok.
hii @Mobilefish i want to get the bitcoin address from xpub key do you know about it?
The bit I don't get is the child private key is (parent private key + left hash) = 512 bits... but isn't a private key 256 bits? The first one, the master private key was 256 bits ... so is the first level (which uses the master private key) an exception? And are extended private keys under the master node 768 bits then?
Great tutorial and explanations :)
Also, in your diagram at 5:10, you have the BIP-39 seed as either 128 - 256 bits. I thought the BIP-39 seed is always 512 bits. Are you talking about ENT there?
In the diagram at 8:21, you refer to the BIP-32 initial seed. Seeing that diagram makes more sense to me now. Should the diagram at 5:10 have said BIP-39 seed instead of BIP-32 seed?
Sorry, for the basic question, but how to run "BIP44"? Are we supose to copy the code (which one?) in our website to generate the keys (like you do at the end of the video)?
Ytrew, the information provided in this video is intended for anyone who are interested in the technical aspects how a deterministic wallet works. I created the tool www.mobilefish.com/download/ethereum/hd_wallet.html for EDUCATIONAL purpose to explain the theory. DO NOT USE THIS TOOL TO CREATE ACTUAL KEYS TO BE USED IN A PRODUCTION ENVIRONMENT.
@@Mobilefish Thanks for your answer! I understand that I should not use your website for that but what does actualy change between the code on your website and a real code (like this one medium.com/@harshagoli/cb2b7d7e4998) ? Just to be sure: do both provide the same hashing for any given mnemonic ?
(I guess you are talking an obvious security issue about showing my mnemonic on your website that could be monitored, But I just want to be sure I'm not missing anything else)
Both codes should (** if correctly coded **) provide the same hashing for any given mnemonic. You can also verify this with ANOTHER online generator: iancoleman.io/bip39/
@@Mobilefish so, just to be sure, you do not want people using your website for this just to don't be responsible in case it will be monitored, right?
what is the different about "bip32 root key" "account extended private key" "bip32 extended private key" all start with xprv....
Where in my presentation are these words used? www.mobilefish.com/download/blockchain/blockchain_mnemonic_words_bip39_part28.pdf
www.mobilefish.com/download/blockchain/blockchain_hd_wallets_part29.pdf
I could only find "Extended private key"
The parent public key, chain code, and the index number are combined and hashed with the HMAC-SHA512 algorithm to produce a 512-bit hash. This 512-bit hash is split into two 256-bit halves. The right-half 256 bits of the hash output become the chain code for the child. The left-half 256 bits of the hash are added to the parent private key to produce the child private key.
Why is this last step needed? why not just take left-half 256 bits of the hash as child private key?
Your question is a bit wrong. You are mixing hardended keys with normal keys.
But I assume you were talking about hardended keys.
The left-half 256 bits of the hash IS NOT added to the parent private key.
The existing parent private key is used in the left-half.
Both the left + right half forms the private key,
github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc Figure 10
Hmm, I have based mine explanation on github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
Paragraph: "Private parent key → private child key"
Have I explained bip-0032.mediawiki wrong???
Again in this paper: The returned child key ki is parse256(IL) + kpar (mod n).
Where kpar is Private parent key
Thanks :P
I want to migrate from Infinito, what other wallets are suitable for importing my infinito private keys?
There are more than 2000 cryptocurrencies. I only know just a handful of them. Please use Google to find information about Infinito.
hello i want created a memmonic... but i dont want make this from java.... i want choose the first 23 word from the 2048 wordlist.. how i can calculated wich word is the no. 24?
thanks
Sorry, but I do not understand your question.
@@Mobilefish Just a friendly correction: the pronunciation for apostrophe is a-Pos-Tro-Fee not e-Po-Strof. I usually don't worry about pronunciations, but in this case, the pronunciation is so far from the actual pronunciation that it could be construed as a completely different, unknown word! Great, great series BTW! Thank you for taking the time to make these!
"a-Pos-Tro-Fee", noted and thanks!
Are you available for consult?
Sorry, I am not.
hi - can i contact you ? thank you
i wish i had 1 bitcoin let alone 10!