Get started
Get started
If you use your own wallet to secure your bitcoins, you have probably already encountered the term “XPUB”. This esoteric acronym simply describes an extended public key. This type of key makes it possible to derive other public child keys in order to consult the balance of a wallet, without allowing the associated bitcoins to be spent.
Thanks to this article, you will finally understand the role of the XPUB and the construction of an extended key. To do this, it is essential to know a few notions about how a deterministic and hierarchical portfolio works. We are also going to go over all of this together.
If you have followed the previous educational articles on the Bitstack blog, you now know that bitcoins are represented on the protocol by UTXOs, which are essentially pieces of bitcoin. These UTXOs are generally secured by a pair of cryptographic keys. A public key is thus used to receive bitcoins, and the corresponding private key is used to spend these same bitcoins by signing a transaction. Receiving addresses, on the other hand, are simply a hash of a public key, put into a specific format.
In theory, it would therefore be possible to use only one pair of keys to manage all your bitcoins. However, this practice is not recommended as it is dangerous for our privacy. To maintain a form of confidentiality, it is advisable to generate a new key pair for each new receipt of bitcoins.
This recommendation comes from Satoshi Nakamoto himself. He talks about it in part 10 of the Bitcoin White Paper.
Subsequently, developers therefore designed a portfolio structure that facilitated the derivation of several keys. This is the so-called “hierarchical deterministic” (HD) portfolio. Its principle is that a multitude of unique key pairs are generated from a single piece of information: the seed (or “seed” in English). This seed can be encoded in a form readable by humans in order to obtain the famous recovery phrase of 12 or 24 words.
➤ Learn more about the different categories of Bitcoin wallets.
In this way, by only knowing his recovery phrase, a user is in a position to regenerate all of his keys giving access to all his bitcoins.
You have to imagine an HD wallet like a tree. There is a seed at the base of the wallet that allows you to make a trunk. The trunk allows branches to be made. Then, each branch can then make sub-branches itself, and so on. Your receiving addresses and the keys to spend them are therefore the result of several depths of derivation from your seed.
What I call a “derivation” is simply the application of a one-way cryptographic function that takes the parent key as input and produces a child key as an output.
➤ Discover the construction of a recovery sentence (24 words).
In order to differentiate the pairs of keys that are on the same derivation stage, we will assign them an index. It is simply a number that allows each key to be numbered. The first key pair derived from a parent pair will have index no. 0, the second key pair derived from a parent pair will have index no. 1, and so on.
In this way, we can therefore derive a multitude of different cryptographic keys from our seed. However, in case of recovering our wallet, we must be able to find all these indexes used during the derivation. Thus, the BIP43 and the BIP44 established a derivation standard for our portfolios. Reputable software adheres to this rule so that it is simple to migrate from one Bitcoin wallet to another, while facilitating the recovery process in case of loss.
Finally, each derivation stage is used to transmit information according to the index used to derive the key.
For example, the index 84' is used on the first derivation stage to indicate that you are on a SegWit V0 wallet (with addresses starting with “bc1q...”). The second derivation stage is used to separate the different cryptocurrencies in the same wallet. And the third floor makes it possible to generate several separate accounts.
It is precisely this third floor that interests us for our XPUB.
In the previous parts, we saw that an HD wallet consists of a succession of derivations from the parent keys, to determine child keys. In reality, to be able to succeed in each derivation, it is not enough to have the parent key, but it is also necessary to use other information called “chain code”.
Simply put, a chain code is a unique piece of information associated with each pair (public key and private key), which adds an additional layer of security to the wallet.
Technically, what is called an extended key is an assembly of a cryptographic key with its chain code and some metadata. Thus, the extended key makes it possible to gather in a single character string all the information required to derive child keys.
To summarize simply: extended key = key + string code.
Assembling a public key with its chain code gives us an extended public key. This type of key allows only child public keys to be derived. This is what you know under the name of an “XPUB”, a “ZPUB” or even a “YPUB”.
Assembling a private key with its chain code gives us an extended private key. This type of key makes it possible to derive any type of child keys, both public keys and private keys.
In other words, an extended private key allows access to all the bitcoins secured by the child keys, while the extended public key (XPUB) only allows you to consult the balance of the keys and to derive new addresses. This is why you are asked to enter your XPUB on a so-called “Watch-only” wallet.
Standard extended keys are usually found on the third derivation stage of the HD wallet. It is the one dedicated to accounts.
📌 Did you know that? Contrary to what one might think, it is possible to derive a multitude of different XPUBs on the same wallet. Each new XPUB gives us a new account. However, since the majority of individuals only use one account on their Bitcoin wallet, they then only have one XPUB on that wallet.
An extended key is thus a special parent key that makes it possible to derive pairs of child keys. What is called an extended public key, or an “xpub”, only allows the derivation of child public keys as well as receiving addresses.
If you have access to your wallet's xpub, you can then consult your wallet balance, trace its transactions, and create new receiving addresses. On the other hand, it will be impossible for you to spend the bitcoins associated with it, since the XPUB does not allow access to the wallet's private keys.
➤ Learn more about Passphrase BIP39 and its role in a Bitcoin wallet.