What are Hierarchical Deterministic (HD) Wallets?

Medium Juil 17, 2020

Hierarchical Deterministic
Key Takeaways:
– Bitcoin and its derivatives use a feature known as Hierarchical Deterministic Wallets that causes your receiving address to change after being used
– This is done by creating a “master” key pair known as the Extended Private Key (xpriv) and Extended Public Key (xpub)
– This feature enhances your privacy as well as your security

If you have started to delve into the world of cryptocurrencies and got your first Bitcoins, you’ll notice that your receiving address for BTC tends to change. This is thanks to using a powerful feature known as Hierarchical Deterministic Wallets – or HD in short. In this article, we’ll take a much closer look at it.

Changing Addresses

A question we get quite often at Ledger is “Why has my Bitcoin address changed?”. Indeed, Bitcoin and derivatives of Bitcoin (examples: Litecoin, Bitcoin Cash) use changing addresses. This is due to them using an advanced feature known as Hierarchical Deterministic Wallets (HD).

Once you’ve used a Bitcoin address to receive funds, a new one would be generated for you to use. These addresses, also known as Public Keys, are still governed by a single key pair. This means that any previous addresses you’ve used are still completely usable and that you wouldn’t lose control of them. The funds on each of these addresses can only be accessed by using its matching Private Key. This is where the famous expression “Not Your Keys, Not Your Coins” comes from, meaning if someone else has your keys, they are effectively controlling your funds.

One Key Pair to Rule Them All

The key pair that governs all your addresses is known as the Extended Key Pair, consisting of the Extended Public Key (xpub) and the Extended Private Key (xpriv). The most important of the two would be the Extended Private Key. This key is the base from which all of your addresses’ Private Keys are derived. Or in other words: the Extended Private Key is the master key to all the Private Keys belonging to an account. This also means that if anyone could ever get their hands on your Extended Private Key, they could access all the funds on your account. 

The Extended Public Key can instead be used to view the balance of all your different addresses. For optimal privacy, it’s recommended not to share it. This Extended Public and Private Key pair is only used in cryptocurrencies that make use of Hierarchical Deterministic Wallets – it’s not used in crypto assets that don’t use changing addresses.

How is the Extended Key Pair Derived?

When you first start using a Ledger device, you’ll receive a set of 24 words known as your Recovery Phrase. It is the back-up to all of your crypto assets and all of your Private Keys are derived from this. This is also why it’s so important that you keep your 24 words secure – which is why we strongly recommend everyone to take a moment and read this article

For cryptocurrencies that use HD, it means that there’s an extra step along the way in creating the Private Keys to each address.

For crypto assets that don’t use HD, the Private Key generation would look something like this:

Ethereum private key

The Private Key generation for cryptocurrencies using HD, there extra step would be to generate the Extended Private Keys first. This’d make the Private Key generation look as follows:

Bitcoin extended private key

You can learn more about Private Key generation through Ledger applications in this article.

What are the benefits of using an HD wallet?

The changing wallet adds two interesting advantages. The most obvious advantage is increased privacy. Blockchains are public ledgers, where all transactions and balances can be seen by anyone. By having multiple addresses, one would still not be able to know your exact balance.

For example, let’s say you run a blog and allow for Bitcoin donations. You’d share one of your addresses on your blog’s page so everyone could send you some BTC if they’d like. However, since the rest of your balance is on other addresses, they’d still have no idea how much BTC you own.

Another reason is increased security. As mentioned earlier, the one who has access to an address’s Private Keys would have access to the funds on an address. Since you’d have diversified your funds over multiple addresses, they’d need to get multiple private keys to get access to all your crypto assets.

Related article