Bitcoin Forum
November 17, 2018, 04:14:36 PM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: What is the advantage of HD Wallets?  (Read 177 times)
deletedcoin
Newbie
*
Offline Offline

Activity: 5
Merit: 2


View Profile
September 14, 2018, 09:20:15 AM
 #1

I have read man resources and questions about HD Wallets. As pointed out in this question on SO https://bitcoin.stackexchange.com/questions/73376/a-few-questions-about-how-hd-wallet-works, it won't be possible to send funds of a derived child address using the master private key.

In my humble opinion exactly this would make sense if I could create a derived child to receive funds for a specific purpose but being able to spend these funds using my master private key without the need to store each child private key.

Do I miss something here? Why should I use HD wallets if I still need to store each single local private key as well?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542471277
Hero Member
*
Offline Offline

Posts: 1542471277

View Profile Personal Message (Offline)

Ignore
1542471277
Reply with quote  #2

1542471277
Report to moderator
1542471277
Hero Member
*
Offline Offline

Posts: 1542471277

View Profile Personal Message (Offline)

Ignore
1542471277
Reply with quote  #2

1542471277
Report to moderator
1542471277
Hero Member
*
Offline Offline

Posts: 1542471277

View Profile Personal Message (Offline)

Ignore
1542471277
Reply with quote  #2

1542471277
Report to moderator
LoyceV
Legendary
*
Offline Offline

Activity: 1302
Merit: 2262


Self-made Legendary!


View Profile WWW
September 14, 2018, 09:27:22 AM
Merited by suchmoon (4)
 #2

Why should I use HD wallets if I still need to store each single local private key as well?
I think you're overthinking it Wink
Storing private keys isn't a problem, your wallet takes care of that for you. The best thing about an HD wallet is that you only have to create a backup once. With a non-HD wallet, you'll need to create a new backup each time your wallet creates a (batch of) new private key(s).

nc50lc
Full Member
***
Offline Offline

Activity: 406
Merit: 148


∙Self-proclaimed-Genius ㊙️


View Profile WWW
September 14, 2018, 10:11:54 AM
 #3

Do I miss something here? Why should I use HD wallets if I still need to store each single local private key as well?
So it seems like you've misunderstood this part:
Quote
Each address derived by an HD wallet looks just like any other bitcoin address, there is no way to know it came from an HD wallet. So in order to spend the UTXO, you need to present a signature made by the private key of that specific address. The network does not know that your address was derived from an xrpiv key, so if you use your xpriv key to sign the transaction, it will be invalid.

The comment is based on the OP's 3rd question which is: "Do we use master private key to sign every transaction?" he actually nailed it.

To put it simple, as you know it (Hierarchical Deterministic) HD Wallet has a Master Private key where all of your addresses's private keys were based from.
The client (ex. Bitcoin Core/Electrum/Multibit) where it was created or supported can restore all those required private keys to spend the previous UTXO, your client does that automatically for you.
The only backup you need is the Master Private or the SEED, each private keys are only optional.

Also, I think that there are more information provided in the comments from the link you provided (small fonts with numbers), look again.

(っ◕‿◕)っ Newbies and Newbies at heart! Remember to Lock your Thread(s) after receiving enough replies/sufficient answers. 
FEELING GENEROUS?: 39EKeFj43inkH6Ctkosh9E7oskx3tvhSXi ∙ Do not buy non-mainstream ASICs at second-batch and onwards, you know the risk!
bob123
Hero Member
*****
Offline Offline

Activity: 742
Merit: 697



View Profile WWW
September 14, 2018, 10:23:56 AM
 #4

The point is.. you don't need to store the child private key anywhere.
It is correct that you need it to sign transaction from child public keys. But it can always be derived using the master private key.

The big advantage with this is that you only need the master private key to gain access to all of your child private keys. This simplifies the whole backup process a lot.


With old fashioned wallets, you need to back it up regularly since these contain X unused private-/public- keypairs (called: address gap).
Each time new private keys are attached to this wallet, you need to back it up to ensure you'll not lose access to these private keys.

This does no longer apply to HD wallets. You only need the xpriv (which can be backed up upon creating the wallet) to derive all future private keys.

Thirdspace
Hero Member
*****
Offline Offline

Activity: 798
Merit: 609


Mixing reinvented for your privacy | chipmixer.com


View Profile
September 14, 2018, 02:06:13 PM
 #5

Do I miss something here? Why should I use HD wallets if I still need to store each single local private key as well?
the main purpose of HD wallet is to have ability for easy one-time backup by saving the mnemonic seed or xpriv
all the neccessary process of generating, storing and signing are taken care by the wallet
you don't need to manually store/save every single private keys, unlike non-HD wallets
addresses(/keys) in non-HD wallets are generated completely random, so you have to backup periodically

deletedcoin
Newbie
*
Offline Offline

Activity: 5
Merit: 2


View Profile
September 15, 2018, 09:55:56 AM
 #6

Thank you very much each other! I think I have understand now completely!
krogothmanhattan
Hero Member
*****
Offline Offline

Activity: 560
Merit: 852


KrogothManhattan Escrow Service


View Profile WWW
September 17, 2018, 09:09:28 PM
 #7

Here is a good article that might have your answers

https://coinsutra.com/hd-wallets-deterministic-wallet/

               ▄▄███████▄▄
            ▄███████████████▄
           ███████████████████
          █████████████████████▄▄▄▄
      ▄▄▄████████████████████████████▄
   ▄█████ ▐▌ ██████████████████████████▄
 ▄█████       ▀█         █          ████▄
▐███████  ███  ▐█  ██▀█▄▄█▄▄██  ██▄▄█████
████████       ██     ████████  █████████
████████  ███  ▐█  ██▄█▀▀█████  ████████▀
 ██████       ▄█         ███      █████▀
  ▀██████ ▐▌ ████████████████████████▀
    ▀▀▀██████████████████████████▀▀

       ▄▄▀▀▀██████▄
    ▄██████▀▀███████▀▀▄
  ▄██████▀▄███████████▄▀▄
 ▄█ ███████████████ ████▄▄
▄██████████████████▌▐█████▄
███████████████████████████
▀▄████████▄▄▄▀▀▀████████▀▄
██████████████████████████
▀████ ████████████████████▀
 ▀████ █████████▀▄████ ██▀
  ▀████▄▀█████▀▀▄█████▌▐▀
▄███▀▄██████▄▄████▀▀▄▄▀███▄
▀██████
▀▀████▄▄▄▄▄▀▀██████▀
   ▀▀▀███████████████▀▀▀
         ▄▄▀▀██▀▀▀▀▄▄▄▄▄
      ▄▀▀██▄▄█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
  ▄▄▄▀▀▀█▄▄▄▀▄██████████
▄▀▀█▄▀█▄█▀███████████
▄▀████████▐▌██████
 █▀▄██████████▄████▄████
  ▀▄█████████████████████
   ▀▄█████████▀██████▀███
     ██████████▄██▄█████
      █████████████████████
       ▀▄████████████████
        ▀▄████████████████
          ▀███▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀



cellard
Legendary
*
Offline Offline

Activity: 1190
Merit: 1160


View Profile
September 22, 2018, 03:04:32 PM
 #8

Some people consider HD wallets insecure, because knowing some of the keys could lead to key derivation. I've heard master public key + some public keys would be enough to get the seed or something.

Im too paranoid to use Electrum as cold storage because of that. I don't need to know the details (I would like to tho), it just doesn't seem very bright to store the coins in such a system. Separate private keys is better. Just keep making backups and keep them safe.

LoyceV
Legendary
*
Offline Offline

Activity: 1302
Merit: 2262


Self-made Legendary!


View Profile WWW
September 22, 2018, 03:14:00 PM
 #9

I've heard master public key + some public private keys would be enough to get the seed or something.
I've edited your quote a bit. As far as I know, this is how it works.

Quote
I don't need to know the details
Disclaimer: I don't know the the details either. "Just random" is much easier to understand, and my Bitcoin Core still uses that.

HeRetiK
Hero Member
*****
Online Online

Activity: 924
Merit: 792


the forkings will continue until morale improves


View Profile
September 23, 2018, 11:23:31 AM
 #10

I've heard master public key + some public private keys would be enough to get the seed or something.
I've edited your quote a bit. As far as I know, this is how it works.

It is worth noting though that you have to share the xpub key with a potentially compromised machine in the first place. Short of unknown derivation weakenesses there is no security compromise if you treat the xpub key just as you would treat a private key (ie. never have it touch an online device).

bob123
Hero Member
*****
Offline Offline

Activity: 742
Merit: 697



View Profile WWW
September 29, 2018, 06:39:13 AM
 #11

there is no security compromise if you treat the xpub key just as you would treat a private key (ie. never have it touch an online device).

Isn't the whole purpose of the xpub key to be used as a sort of watch-only wallet ?

I don't see any practical reason to have a xpub key, without using it on an online machine as a watch-only wallet.
There is no use for the xpub key on an offline machine (IMO).


The thing is, that there should never be a private key which will be compromised from your seed.
Actually, there is no way to get your private key compromised (except for you exporting it + sharing it with other people/devices).

As long as this rubbish is not done, the xpub can safely be used on not-that-trustworthy devices (as long as you don't care about losing your privacy).

HeRetiK
Hero Member
*****
Online Online

Activity: 924
Merit: 792


the forkings will continue until morale improves


View Profile
September 29, 2018, 10:25:15 AM
 #12

there is no security compromise if you treat the xpub key just as you would treat a private key (ie. never have it touch an online device).

Isn't the whole purpose of the xpub key to be used as a sort of watch-only wallet ?

I don't see any practical reason to have a xpub key, without using it on an online machine as a watch-only wallet.
There is no use for the xpub key on an offline machine (IMO).

[...]

Sure Smiley

What I mean to say is this -- if you're paranoid about having your private keys derived due to using a HD wallet, then refrain from using a watch-only wallet. One can still benefit from using a HD wallet without exporting its xpub key.

Even in cases where using an xpub key is absolutely necessary (eg. when automatically generating addresses to accept online payments as a merchant) one is not forced to use the xpub key of their cold storage wallet. Just use the xpub key to generate addresses for incoming payments and forward them to hardcoded cold storage addresses from there.

Granted, in general treating the xpub key like a private key might be a bit excessive. But there are cases where this level of paranoia may make sense or where needless exposure of the xpub key is just taking unnecessary risk.

Thirdspace
Hero Member
*****
Offline Offline

Activity: 798
Merit: 609


Mixing reinvented for your privacy | chipmixer.com


View Profile
September 29, 2018, 11:00:56 AM
 #13

I've heard master public key + some public private keys would be enough to get the seed or something.
I've edited your quote a bit. As far as I know, this is how it works.

I thought hardened keys solved that possible security issue, it's no longer affected hardened addresses
with hardened keys, knowing master public key and a single private key no longer compromise the rest
but that doesn't mean we should neglect keeping safe the master public key Cool

Private and public keys must be kept safe as usual. Leaking a private key means access to coins - leaking a public key can mean loss of privacy.
~
It is also the reason for the existence of hardened keys, and why they are used for the account level in the tree. This way, a leak of account-specific (or below) private key never risks compromising the master or other accounts.

ETFbitcoin
Legendary
*
Online Online

Activity: 1498
Merit: 1257


Make winning bets on sports with Sportsbet.io!


View Profile WWW
September 29, 2018, 11:13:21 AM
 #14

I've heard master public key + some public private keys would be enough to get the seed or something.
I've edited your quote a bit. As far as I know, this is how it works.

I thought hardened keys solved that possible security issue, it's no longer affected hardened addresses
with hardened keys, knowing master public key and a single private key no longer compromise the rest
but that doesn't mean we should neglect keeping safe the master public key Cool

But you need access to xpriv/master private key every time you time generate new address, even though this can be solved easily by generate tons of addresses.

Also, i doubt regular users would know whether their HD wallet generate hardened or non-hardened address.

   ▄▄██████▄▄
  ████████████
███▄▄
 ██████████████▀▀▀██▄
████████████████   ▀██▄
████████████████     ▀██
██████████████       ██▌
██████████████        ▐██
██▌▀▀██████▀▀         ▐██
▐██                   ██▌
 ██▄                 ▄██
  ▀██▄             ▄██▀
    ▀██▄▄▄     ▄▄▄██▀
      ▀▀█████████▀▀





███████████████████████████
███████████▀▀         ▀▀███
████████▀   ▄▄██▄  ▀█▄  ▀██
██████▀  ▄████████▄  ▀█  ██
████▀  ▄██████▄▀  ██▄    ██
███▀  ██████▄▀  ▄▀████▄  ██
██▀  █████▄▀  ▄▀██████  ▄██
██  ▀███▄▀  ▄▀███████  ▄███
██    ▀██▄▄▀███████▀  ▄████
██  █▄  ▀████████▀  ▄██████
██▄  ▀█▄  ▀██▀▀   ▄████████
███▄▄         ▄▄███████████
███████████████████████████
███████████████████████████
████████▀▀       ▀▀████████
█████▀   ▄ ▀███▀ ▄   ▀█████
████  ▄████▄ ▀ ▄████▄  ████
███  ▄ ▀███▀ ▄ ▀███▀ ▄  ███
██  ▄██ ▀▀ ▄███▄ ▀▀ ██▄  ██
██  █▀ ▄█ ███████ █▄ ▀█  ██
██   ▄███▄ █████ ▄███▄   ██
███  ████▀ ▄▄▄▄▄ ▀████  ███
████  ▀ ▄ ▀█████▀ ▄ ▀  ████
█████▄  ▀▀▄ ███ ▄▀▀  ▄█████
████████▄▄       ▄▄████████
███████████████████████████
████████     INDUSTRY LEADING BITCOIN SPORTSBOOK     ████████
LIVE
STREAMING
DAILY PRICE
BOOSTS
LIVE DEALER
CASINO
FAST & SECURE
PAYMENTS
███████████████████████████
████████▀▀       ▀▀████████
█████▀  ▄█▄  ▀  ▄▄   ▀█████
████  ▄  ▀    ▀█████▄  ████
███  ▀█▀   ▀█▄   ▀▀██▄  ███
██  ▄    █▄  ▀██▄▄  ▀█▄  ██
██  █▀ ▄  ▀█▄  ▀███▄  ▀  ██
██    ▄██  ▀██▄  ▀███▄   ██
███  ▀████  ▀███▄  ▀█▀  ███
████  ▀████  ▀████▄    ████
█████▄   ▀▀█▄  ▀▀▀   ▄█████
████████▄▄       ▄▄████████
███████████████████████████
███████████████████████████
████████▀▀ █████ ▀▀████████
█████▀    ▄█████▄    ▀█████
██████▄▄█▀▀ ▄▄▄ ▀▀█▄▄██████
███▀███▀ ▄███▀███▄ ▀███▀███
██   █ ▄██▀     ▀██▄ █   ██
██   █ ██         ██ █   ██
██   █ ▀██▄▄█ █▄▄██▀ █   ██
███▄███▄ ▀██▄▄▄██▀ ▄███▄███
██████▀▀█▄▄ ▀▀▀ ▄▄█▀▀██████
█████▄    ▀█████▀    ▄█████
████████▄▄ █████ ▄▄████████
███████████████████████████





..WIN WITH US!..
ranochigo
Legendary
*
Offline Offline

Activity: 1568
Merit: 1094

Somewhat inactive.


View Profile WWW
September 29, 2018, 12:38:22 PM
 #15

I've heard master public key + some public private keys would be enough to get the seed or something.
I've edited your quote a bit. As far as I know, this is how it works.

I thought hardened keys solved that possible security issue, it's no longer affected hardened addresses
with hardened keys, knowing master public key and a single private key no longer compromise the rest
but that doesn't mean we should neglect keeping safe the master public key Cool
Wait what? The edited quote is correct. The original statement is slightly wrong there. You can't do anything with master public and a child public key since that is basically freely accessible and it would be a serious vulnerability.

With hardened keys, there isn't master public keys to begin with. It can't be an issue if the cause of the issue doesn't exist.

Thirdspace
Hero Member
*****
Offline Offline

Activity: 798
Merit: 609


Mixing reinvented for your privacy | chipmixer.com


View Profile
September 29, 2018, 02:04:19 PM
 #16

With hardened keys, there isn't master public keys to begin with. It can't be an issue if the cause of the issue doesn't exist.
there should be still parent extended public key corresponding to the parent extended private key
but it won't be used anywhere, not even usable for creating watch-only HD hardened wallet
because you can't derive hardened child public key from that parent public key
hence knowing parent public key and one private key of hardened address won't compromise your HD hardened wallet
btw, can someone confirm that is impossible to create watch-only HD hardened wallet?

but that doesn't mean we should neglect keeping safe the master public key Cool
I should strike that out since that statement is irrelevant to wallet with hardened addresses

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!