BIP32 - Hierarchical Deterministic Wallets¶

BIP32 (Bitcoin Improvement Proposal 32) is one of the Bitcoin improvement proposals, put forward by Pieter Wuille in 2012. It defines the standard for Hierarchical Deterministic Wallets (HD Wallets). This is the core technical foundation of modern cryptocurrency wallets and is widely used in Bitcoin and other blockchain projects.

Core Concept¶

The core idea of BIP32 is to derive a tree-structured key hierarchy from a single seed. Users only need to back up one seed to recover all private keys and addresses, greatly simplifying wallet backup and management.

Key Features¶

1. Deterministic Key Generation¶

Starting from a master seed (typically 512 bits), a deterministic algorithm can generate an unlimited number of child keys. The same seed always produces the same key sequence, making wallet recovery possible.

2. Hierarchical Structure¶

Keys are organized in a tree-like hierarchy, represented as:

m / purpose' / coin_type' / account' / change / address_index

Where: - m represents the master key - Each level can have 2^31 normal child keys and 2^31 hardened child keys - The ' symbol indicates hardened derivation

3. Extended Keys¶

BIP32 defines the concept of extended keys: - Extended Private Key: Starts with xprv, can derive child private keys and child public keys - Extended Public Key: Starts with xpub, can only derive child public keys, cannot derive private keys

4. Hardened Derivation¶

BIP32 provides two derivation methods: - Normal Derivation: Extended public keys can derive child public keys, useful for creating watch-only wallets - Hardened Derivation: Can only derive through private keys, provides higher security, prevents deriving the parent private key from the extended public key

Key Derivation Algorithm¶

BIP32 uses the HMAC-SHA512 algorithm for key derivation:

1. Generate the master key from the seed
2. Use the parent key and index number to generate child keys
3. Child keys can continue to derive the next level of child keys

The derivation function inputs include: - Parent key (private key or public key) - Chain code - Index number

Technical Advantages¶

Simplified Backup¶

Users only need to back up one seed or mnemonic phrase (via BIP39) to recover all keys and addresses in the entire wallet.

Organizational Management¶

The hierarchical structure allows users to create different accounts and addresses for different purposes: - Different cryptocurrencies can use different branches - Independent subtrees can be created for different businesses or personal accounts - Supports separation of change addresses and receiving addresses

Security Isolation¶

Through extended public keys, watch-only wallets can be created for: - Generating new addresses without exposing private keys - Merchant payment systems can generate new addresses without holding private keys - Audit and accounting systems can view balances without being able to spend funds

Privacy Protection¶

Each transaction can use a different address, avoiding address reuse and improving privacy.

Relationship with Other BIPs¶

• BIP39: Defines how to generate a seed from a mnemonic phrase; BIP32 uses this seed as its starting point
• BIP44: Builds on BIP32 to define the standard path structure for multiple currencies and accounts
• BIP49: Defines the derivation path for P2WPKH-nested-in-P2SH addresses
• BIP84: Defines the derivation path for native Segregated Witness (SegWit) addresses

Security Considerations¶

1. Seed security: The master seed must be kept securely; leaking the seed is equivalent to leaking all keys
2. Hardened derivation: Hardened derivation should be used for sensitive accounts (such as the account level)
3. Extended public key risk: The combination of an extended public key and any child private key may reveal the parent private key, so hardened derivation should be used for sensitive levels
4. Randomness: The seed must be generated using a high-quality source of randomness

Compatibility¶

BIP32 has become the industry standard for cryptocurrency wallets, and virtually all modern wallets support it: - Hardware wallets: Ledger, Trezor, Coldcard, etc. - Software wallets: Electrum, MetaMask, Trust Wallet, etc. - Exchanges and custody services

Practical Example¶

A typical BIP32 key derivation path example:

m/44'/0'/0'/0/0

This path represents: - m: Master key - 44': Following the BIP44 standard (hardened) - 0': Bitcoin (hardened) - 0': First account (hardened) - 0: External chain (receiving address) - 0: First address

Summary¶

BIP32 fundamentally changed cryptocurrency wallet design by introducing the concept of hierarchical deterministic wallets. It provides a secure, flexible, and easy-to-manage key management solution and is an indispensable part of modern blockchain infrastructure. Users only need to back up a single seed to securely manage hundreds of addresses and accounts, greatly improving the usability and security of cryptocurrencies.