Bitcoin Forum

I have read man resources and questions about HD Wallets. As pointed out in this question on SO https://bitcoin.stackexchange.com/questions/73376/a-few-questions-about-how-hd-wallet-works (https://bitcoin.stackexchange.com/questions/73376/a-few-questions-about-how-hd-wallet-works), it won't be possible to send funds of a derived child address using the master private key.

In my humble opinion exactly this would make sense if I could create a derived child to receive funds for a specific purpose but being able to spend these funds using my master private key without the need to store each child private key.

Do I miss something here? Why should I use HD wallets if I still need to store each single local private key as well?

I think you're overthinking it ;)
Storing private keys isn't a problem, your wallet takes care of that for you. The best thing about an HD wallet is that you only have to create a backup once. With a non-HD wallet, you'll need to create a new backup each time your wallet creates a (batch of) new private key(s).

So it seems like you've misunderstood this part:
The comment is based on the OP's 3rd question which is: "Do we use master private key to sign every transaction?" he actually nailed it.

To put it simple, as you know it (Hierarchical Deterministic) HD Wallet has a Master Private key where all of your addresses's private keys were based from.
The client (ex. Bitcoin Core/Electrum/Multibit) where it was created or supported can restore all those required private keys to spend the previous UTXO, your client does that automatically for you.
The only backup you need is the Master Private or the SEED, each private keys are only optional.

Also, I think that there are more information provided in the comments from the link you provided (small fonts with numbers), look again.

The point is.. you don't need to store the child private key anywhere.
It is correct that you need it to sign transaction from child public keys. But it can always be derived using the master private key.

The big advantage with this is that you only need the master private key to gain access to all of your child private keys. This simplifies the whole backup process a lot.


With old fashioned wallets, you need to back it up regularly since these contain X unused private-/public- keypairs (called: address gap).
Each time new private keys are attached to this wallet, you need to back it up to ensure you'll not lose access to these private keys.

This does no longer apply to HD wallets. You only need the xpriv (which can be backed up upon creating the wallet) to derive all future private keys.

the main purpose of HD wallet is to have ability for easy one-time backup by saving the mnemonic seed or xpriv
all the neccessary process of generating, storing and signing are taken care by the wallet
you don't need to manually store/save every single private keys, unlike non-HD wallets
addresses(/keys) in non-HD wallets are generated completely random, so you have to backup periodically

Thank you very much each other! I think I have understand now completely!

Here is a good article that might have your answers

https://coinsutra.com/hd-wallets-deterministic-wallet/

Some people consider HD wallets insecure, because knowing some of the keys could lead to key derivation. I've heard master public key + some public keys would be enough to get the seed or something.

Im too paranoid to use Electrum as cold storage because of that. I don't need to know the details (I would like to tho), it just doesn't seem very bright to store the coins in such a system. Separate private keys is better. Just keep making backups and keep them safe.

I've edited your quote a bit. As far as I know, this is how it works.

Disclaimer: I don't know the the details either. "Just random" is much easier to understand, and my Bitcoin Core still uses that.

It is worth noting though that you have to share the xpub key with a potentially compromised machine in the first place. Short of unknown derivation weakenesses there is no security compromise if you treat the xpub key just as you would treat a private key (ie. never have it touch an online device).

Isn't the whole purpose of the xpub key to be used as a sort of watch-only wallet ?

I don't see any practical reason to have a xpub key, without using it on an online machine as a watch-only wallet.
There is no use for the xpub key on an offline machine (IMO).


The thing is, that there should never be a private key which will be compromised from your seed.
Actually, there is no way to get your private key compromised (except for you exporting it + sharing it with other people/devices).

As long as this rubbish is not done, the xpub can safely be used on not-that-trustworthy devices (as long as you don't care about losing your privacy).

Sure :)

What I mean to say is this -- if you're paranoid about having your private keys derived due to using a HD wallet, then refrain from using a watch-only wallet. One can still benefit from using a HD wallet without exporting its xpub key.

Even in cases where using an xpub key is absolutely necessary (eg. when automatically generating addresses to accept online payments as a merchant) one is not forced to use the xpub key of their cold storage wallet. Just use the xpub key to generate addresses for incoming payments and forward them to hardcoded cold storage addresses from there.

Granted, in general treating the xpub key like a private key might be a bit excessive. But there are cases where this level of paranoia may make sense or where needless exposure of the xpub key is just taking unnecessary risk.

I thought hardened keys solved that possible security issue, it's no longer affected hardened addresses
with hardened keys, knowing master public key and a single private key no longer compromise the rest
but that doesn't mean we should neglect keeping safe the master public key 8)

Wait what? The edited quote is correct. The original statement is slightly wrong there. You can't do anything with master public and a child public key since that is basically freely accessible and it would be a serious vulnerability.

With hardened keys, there isn't master public keys to begin with. It can't be an issue if the cause of the issue doesn't exist.

there should be still parent extended public key corresponding to the parent extended private key
but it won't be used anywhere, not even usable for creating watch-only HD hardened wallet
because you can't derive hardened child public key from that parent public key
hence knowing parent public key and one private key of hardened address won't compromise your HD hardened wallet
btw, can someone confirm that is impossible to create watch-only HD hardened wallet?

I should strike that out since that statement is irrelevant to wallet with hardened addresses