A HD Wallet, or hierarchical deterministic wallet, is a wallet
that generates all of its keys and addresses from a single source.
It is a practice of BIP-32 , BIP-39 , and BIP-44 standards. And it is
widely used in the blockchain industry.
From Seed to Extended Key
HMAC-SHA512 the seed will generate a 64-byte value. Called the
master extended key. The first 32 bytes are the private key,
and the last 32 bytes are the chain code.
The Seed
In BIP-32 standard, which is the standard for HD wallets, it defines a way to derive
a master key from a seed. The seed is between 128 and 512 bits.
In BIP-39 standard, which is the standard for mnemonic, it defines
a way to convert a mnemonic to a seed. The seed is always 512 bits.
Every extended key has the ability to derive its own child keys.
It's like a branch of a tree. And the master extended key is like
the root of the tree.
You shared the an extended key with others, you shared the branch of the tree.
You shared the master extended key with others, you shared the whole tree (HD Wallet) with them.
Share the Extended Key
The extended key, as a branch of the tree, can be import/export
independently to/from a wallet. The serialized format of the
extended key is as same as the WIF format of a
private key. By hashing the extended key with SHA256 twice, and
taking the first 4 bytes as a checksum, finally base58 encode the
whole string. It is defined in the standard, but it is not widely
used in practice. So we will not cover it here. You can find more
information in the
BIP-32 standard.
The WIF format is only a serialization. And the derivation process has
nothing to do with it, we will focus on the extended key itself.
Chain Code
Why do we need a chain code? The chain code is used to prevent child
keys from depending solely on the key itself. Otherwise if the key
is leaked, all it's child keys will be leaked. With the chain code
added, the child keys are still secure. Because the chain code comes
from the key's parent extended key.
From Extended Key to Child Key
With the extended key, we can derive child keys.
A derivation is just one more HMAC-SHA512 operation with the
data of the extended key.
To derive multiple child keys, we can add an index to the data
of the extended key.
Index
By standard, the index is a 32-bit number. So with it we can derive 232 child keys.
Master Extended Key
Index
HMAC-SHA512
Child Exdened Key
Child Private Key
Child Chain Code
Same as the master extended key, the child extended key is also
64-byte. The first 32 bytes are the private key, and the last
32 bytes are the chain code.
With the 32-bit index, we can derive 232
child keys. And every single child key can derive another
232 child keys. The depth of the tree can be
infinite. So the number of child keys is theoretically infinite.
The word Hierarchical in HD wallet also comes from
this feature. It means that the keys can be organized in a tree
structure.
If the index is less than 231, the child key is
called a normal derivation.
Otherwise it is called a hardened derivation.
Hardened Derivation
The index can be hardened by adding a constant 231 to it.
The normal derivation uses public key derivation, and the hardened
derivation uses private key derivation. The hardened derivation is
more secure because it does not leak the private key.
Wallet Structure
BIP-44 defines a wallet structure that is organized in a tree
structure. Checkout this interactive chart below to see how it works.