Home
Round-Ups
Card
Business
Security
Learn Bitcoin
About
Bitcoin price
Categories
Home
Securing your Bitcoins

What is an XPUB (extended key)?

Disponible en podcast
Share article:

If you use your own wallet to secure your bitcoins, you have probably already encountered the term “XPUB”. This esoteric acronym simply describes an extended public key. This type of key makes it possible to derive other public child keys in order to consult the balance of a wallet, without allowing the associated bitcoins to be spent.

Thanks to this article, you will finally understand the role of the XPUB and the construction of an extended key. To do this, it is essential to know a few notions about how a deterministic and hierarchical portfolio works. We are also going to go over all of this together.

HD portfolio structure

If you have followed the previous educational articles on the Bitstack blog, you now know that bitcoins are represented on the protocol by UTXOs, which are essentially pieces of bitcoin. These UTXOs are generally secured by a pair of cryptographic keys. A public key is thus used to receive bitcoins, and the corresponding private key is used to spend these same bitcoins by signing a transaction. Receiving addresses, on the other hand, are simply a hash of a public key, put into a specific format.

In theory, it would therefore be possible to use only one pair of keys to manage all your bitcoins. However, this practice is not recommended as it is dangerous for our privacy. To maintain a form of confidentiality, it is advisable to generate a new key pair for each new receipt of bitcoins.

This recommendation comes from Satoshi Nakamoto himself. He talks about it in part 10 of the Bitcoin White Paper.

Subsequently, developers therefore designed a portfolio structure that facilitated the derivation of several keys. This is the so-called “hierarchical deterministic” (HD) portfolio. Its principle is that a multitude of unique key pairs are generated from a single piece of information: the seed (or “seed” in English). This seed can be encoded in a form readable by humans in order to obtain the famous recovery phrase of 12 or 24 words.

➤ Learn more about the different categories of Bitcoin wallets.

In this way, by only knowing his recovery phrase, a user is in a position to regenerate all of his keys giving access to all his bitcoins.

You have to imagine an HD wallet like a tree. There is a seed at the base of the wallet that allows you to make a trunk. The trunk allows branches to be made. Then, each branch can then make sub-branches itself, and so on. Your receiving addresses and the keys to spend them are therefore the result of several depths of derivation from your seed.

What I call a “derivation” is simply the application of a one-way cryptographic function that takes the parent key as input and produces a child key as an output.

➤ Discover the construction of a recovery sentence (24 words).

The derivation of cryptographic key pairs

In order to differentiate the pairs of keys that are on the same derivation stage, we will assign them an index. It is simply a number that allows each key to be numbered. The first key pair derived from a parent pair will have index no. 0, the second key pair derived from a parent pair will have index no. 1, and so on.

In this way, we can therefore derive a multitude of different cryptographic keys from our seed. However, in case of recovering our wallet, we must be able to find all these indexes used during the derivation. Thus, the BIP43 and the BIP44 established a derivation standard for our portfolios. Reputable software adheres to this rule so that it is simple to migrate from one Bitcoin wallet to another, while facilitating the recovery process in case of loss.

Finally, each derivation stage is used to transmit information according to the index used to derive the key.

For example, the index 84' is used on the first derivation stage to indicate that you are on a SegWit V0 wallet (with addresses starting with “bc1q...”). The second derivation stage is used to separate the different cryptocurrencies in the same wallet. And the third floor makes it possible to generate several separate accounts.

It is precisely this third floor that interests us for our XPUB.

Extended keys (xpub, zpub...)

In the previous parts, we saw that an HD wallet consists of a succession of derivations from the parent keys, to determine child keys. In reality, to be able to succeed in each derivation, it is not enough to have the parent key, but it is also necessary to use other information called “chain code”.

Simply put, a chain code is a unique piece of information associated with each pair (public key and private key), which adds an additional layer of security to the wallet.

Technically, what is called an extended key is an assembly of a cryptographic key with its chain code and some metadata. Thus, the extended key makes it possible to gather in a single character string all the information required to derive child keys.

To summarize simply: extended key = key + string code.

Assembling a public key with its chain code gives us an extended public key. This type of key allows only child public keys to be derived. This is what you know under the name of an “XPUB”, a “ZPUB” or even a “YPUB”.

Assembling a private key with its chain code gives us an extended private key. This type of key makes it possible to derive any type of child keys, both public keys and private keys.

In other words, an extended private key allows access to all the bitcoins secured by the child keys, while the extended public key (XPUB) only allows you to consult the balance of the keys and to derive new addresses. This is why you are asked to enter your XPUB on a so-called “Watch-only” wallet.

Standard extended keys are usually found on the third derivation stage of the HD wallet. It is the one dedicated to accounts.

📌 Did you know that? Contrary to what one might think, it is possible to derive a multitude of different XPUBs on the same wallet. Each new XPUB gives us a new account. However, since the majority of individuals only use one account on their Bitcoin wallet, they then only have one XPUB on that wallet.

Conclusion

An extended key is thus a special parent key that makes it possible to derive pairs of child keys. What is called an extended public key, or an “xpub”, only allows the derivation of child public keys as well as receiving addresses.

If you have access to your wallet's xpub, you can then consult your wallet balance, trace its transactions, and create new receiving addresses. On the other hand, it will be impossible for you to spend the bitcoins associated with it, since the XPUB does not allow access to the wallet's private keys.

➤ Learn more about Passphrase BIP39 and its role in a Bitcoin wallet.

Podcast available

Table of contents

...
Share article
Loïc Morel
Bitcoin specialist
Bitcoin
Cryptographic keys
Cryptography
Securing
Published on12/7/2023et mis à jour le19/9/2025
Bitstack provides its clients with articles and/or educational content on its website and application. All information is provided for informational purposes only, even if it is based on reputable and reliable sources. The articles or educational content are intended solely as general information for the reader. If you choose to invest in digital assets (Bitcoin), you must be aware of and understand the designated service and accept the associated risks.

You may also like these articles

Securing your Bitcoins
Bitcoin recovery phrase: 12 vs. 24 words
Securing your Bitcoins
What is a multi-signature wallet on Bitcoin?
The #1 Bitcoin savings app.
Product
Roundups
Card
What is Bitcoin
Security
Pricing
Bitstack
About
Learn Bitcoin
Business
Media & Press
News
Careers
Help
FAQ
Community
Contact us
Language
© 2025 Bitstack
Terms and conditions
Privacy
Legal agreements
Bitstack SAS, a company registered with the Aix-en-Provence Trade and Companies Register under number 899 125 090 and operating under the trade name Bitstack, is licenced as an agent of Xpollens — an electronic money institution authorized by the ACPR (CIB 16528 – RCS Nanterre no. 501586341, 110 Avenue de France, 75013 Paris) — with the Autorité de Contrôle Prudentiel et de Résolution (ACPR) under number 747088, and is also licensed as a Crypto-Assets Service Provider (CASP) with the French Financial Markets Authority (AMF) under number A2025-003 for the following activities: exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of orders for crypto-assets on behalf of clients, providing custody and administration of crypto-assets on behalf of clients, and providing transfer services for crypto-assets on behalf of clients, with its registered office located at 100 impasse des Houillères, 13590 Meyreuil, France.

Investing in digital assets carries a risk of partial or total loss of the invested capital.
Past performance is not indicative of future results.
DOWNLOAD BITSTACK