Question about Ledger nano s creates new addresses mechanism

[CryptoPadawan]

I'm not sure if there is a similar topic, if so, I apologize. I could not find the answer.

I have one question about creating new addresses on Ledger nano s:

For example, I have 10 BTC on address A, which is generated as a deposit address on Ledger nano s.

(Let's just pretend there is no tx fee for simple)

Now I send 1 BTC to address B. But what Ledger nano s actually does is, it sends 1 BTC to address B and sends 2 BTC to address C.

Then I send 4 BTC to address D, and Ledger nano s sends 4 BTC to address D and sends 1 BTC to address E.

Now I can see that I have 5 BTC on my account using Ledger app.

But on address A I only have 2 BTC. I also have 2 BTC on address C and 1 BTC on address E.

Though I have the same private key that can spend BTC on address A, C and E. But I cannot see the addresses of C or E on app.

Here's the question:

1. What if I want to send 3.5 BTC to address Z? How will ledger nano s spend my BTC from these three addresses?
2 BTC from A and 1.5 BTC from C? 2 BTC from C and 1 BTC from E and 0.5 BTC from A? Seems random.

2. And in this creating new addresses mechanism, we protect our privacy better, but does it cause more transaction fee?
For example, if I want to spend all 5 BTC and send to address Z. Ledger nano s has to send all my BTC from three addresses, it seems more fee than sending from one address. I'm not sure if I'm right.

3. If I send 10 BTC to address C or E, can I spend them? I think so but I cannot spend from a specific address, right?

Thank you in advance.

[1713570899]

1713570899

[1713570899]

1713570899

[mocacinno]

Seems like you got a little confused there... I'll leave the technical aspects behind and try to explain it as simple as i can
There's some oversimplifacation, but the basic idear behind the rest of this post is correct.

When you initialised your ledger, you were shown a seed phrase.
This seed phrase is used to create an xprv (a master private key)
From this xprv, your ledger can derive other private keys.
Each private key can be used to calculate a public key, the hash of the public key is your address (valid for P2PKH)

Each private key can be used to sign transactions spending unspent outputs funding one address. If one address is funded with multiple unspent outputs, the same private key will be used when you spend those unspent outputs.
So, in fact, each address has a unique private key (or, more correct, each private key results in 1 single address).

If you spend 3 unspent outputs funding 3 addresses controlled by the same HW wallet, 3 private keys derived from the same xprv will be used to sign the final transaction.

[CryptoPadawan]

Seems like you got a little confused there... I'll leave the technical aspects behind and try to explain it as simple as i can
There's some oversimplifacation, but the basic idear behind the rest of this post is correct.

When you initialised your ledger, you were shown a seed phrase.
This seed phrase is used to create an xprv (a master private key)
From this xprv, your ledger can derive other private keys.
Each private key can be used to calculate a public key, the hash of the public key is your address (valid for P2PKH)

Each private key can be used to sign transactions spending unspent outputs funding one address. If one address is funded with multiple unspent outputs, the same private key will be used when you spend those unspent outputs.
So, in fact, each address has a unique private key (or, more correct, each private key results in 1 single address).

If you spend 3 unspent outputs funding 3 addresses controlled by the same HW wallet, 3 private keys derived from the same xprv will be used to sign the final transaction.

So if there are three private keys controlled by my xprv. And when I spend all my unspent outputs (all my BTC on HW wallet) in one transaction, it actually using three private keys for signing? So it's actually three transactions?

[mocacinno]

So if there are three private keys controlled by my xprv. And when I spend all my unspent outputs (all my BTC on HW wallet) in one transaction, it actually using three private keys for signing? So it's actually three transactions?

No, it's one transaction spending 3 unspent outputs that were funding 3 addresses. Your wallet will use 3 private keys to sign this one transaction.

I'll try to give an example... This is the last transaction i made (publicly):
https://www.blockchain.com/btc/tx/aa4e570adc48116013f0b562bc9fd8a1d45a0608799ab9f82881c6fd897fe772

Click on "Show scripts & coinbase"

You'll see i'm spending 3 unspent outputs (in this case, funding the same address), you'll also see 3 ScriptSig scripts... If i was spending unspent outputs funding different addresses, those signatures at the bottom would be made with 3 private keys instead of one, that's all...

Actually, here's the decoded raw transaction:

Code:

bitcoin@node:~$ bitcoin-cli getrawtransaction aa4e570adc48116013f0b562bc9fd8a1d45a0608799ab9f82881c6fd897fe772
0200000003700a578a5a69f1a4932e127723907eb80e0ca25f1dfb0cbce2fbbacaf0ef2a2c000000008b4830450221008c85fe94c4fcc32fc948733db3de1ba597f7c7c7cebfa21582d96292f57d4d2e02207a864ec1e305eede42b72d3a80e0989c424555714e8faa0e6766e9be6a00b28b014104ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73fdffffff83d5cb57413b6145840233d5cfe823868f3d0fca98abdad43a92fa4ca119b977a50100008b483045022100f3c25ac424dfff0fa1fae176450f7b666200657468de1e0eae20e3c003d5db050220782ccdb95f53acf7dede4d8456272e1d10ed0d8d7da02d08c1ed82b56aedf052014104ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73fdffffff37c82cec0a27b399c3737c6c61f0f934deb33ff3cfb6ef1016e62d434a6204a3000000008b483045022100a6cadc449c1ed0a683971f6e7b74d278014b19a424f2c30de830afd4ba586a5d02207830a1fddb67bf0f2bdc1c455313d9296c6b774d4010ef98b216931451a58bfb014104ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73fdffffff02f04902000000000017a9146455b6f90b32cd4b824f1ca0cb1f6ca85c41e28c87bfad1300000000001976a914e432ffb6ef0bde696af29ca13dd37c0824a4082388ac4dd40800
bitcoin@node:~$ bitcoin-cli decoderawtransaction 0200000003700a578a5a69f1a4932e127723907eb80e0ca25f1dfb0cbce2fbbacaf0ef2a2c000000008b4830450221008c85fe94c4fcc32fc948733db3de1ba597f7c7c7cebfa21582d96292f57d4d2e02207a864ec1e305eede42b72d3a80e0989c424555714e8faa0e6766e9be6a00b28b014104ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73fdffffff83d5cb57413b6145840233d5cfe823868f3d0fca98abdad43a92fa4ca119b977a50100008b483045022100f3c25ac424dfff0fa1fae176450f7b666200657468de1e0eae20e3c003d5db050220782ccdb95f53acf7dede4d8456272e1d10ed0d8d7da02d08c1ed82b56aedf052014104ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73fdffffff37c82cec0a27b399c3737c6c61f0f934deb33ff3cfb6ef1016e62d434a6204a3000000008b483045022100a6cadc449c1ed0a683971f6e7b74d278014b19a424f2c30de830afd4ba586a5d02207830a1fddb67bf0f2bdc1c455313d9296c6b774d4010ef98b216931451a58bfb014104ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73fdffffff02f04902000000000017a9146455b6f90b32cd4b824f1ca0cb1f6ca85c41e28c87bfad1300000000001976a914e432ffb6ef0bde696af29ca13dd37c0824a4082388ac4dd40800
{
  "txid": "aa4e570adc48116013f0b562bc9fd8a1d45a0608799ab9f82881c6fd897fe772",
  "hash": "aa4e570adc48116013f0b562bc9fd8a1d45a0608799ab9f82881c6fd897fe772",
  "version": 2,
  "size": 616,
  "vsize": 616,
  "locktime": 578637,
  "vin": [
    {
      "txid": "2c2aeff0cabafbe2bc0cfb1d5fa20c0eb87e902377122e93a4f1695a8a570a70",
      "vout": 0,
      "scriptSig": {
        "asm": "30450221008c85fe94c4fcc32fc948733db3de1ba597f7c7c7cebfa21582d96292f57d4d2e02207a864ec1e305eede42b72d3a80e0989c424555714e8faa0e6766e9be6a00b28b[ALL] 04ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73",
        "hex": "4830450221008c85fe94c4fcc32fc948733db3de1ba597f7c7c7cebfa21582d96292f57d4d2e02207a864ec1e305eede42b72d3a80e0989c424555714e8faa0e6766e9be6a00b28b014104ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73"
      },
      "sequence": 4294967293
    },
    {
      "txid": "77b919a14cfa923ad4daab98ca0f3d8f8623e8cfd533028445613b4157cbd583",
      "vout": 421,
      "scriptSig": {
        "asm": "3045022100f3c25ac424dfff0fa1fae176450f7b666200657468de1e0eae20e3c003d5db050220782ccdb95f53acf7dede4d8456272e1d10ed0d8d7da02d08c1ed82b56aedf052[ALL] 04ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73",
        "hex": "483045022100f3c25ac424dfff0fa1fae176450f7b666200657468de1e0eae20e3c003d5db050220782ccdb95f53acf7dede4d8456272e1d10ed0d8d7da02d08c1ed82b56aedf052014104ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73"
      },
      "sequence": 4294967293
    },
    {
      "txid": "a304624a432de61610efb6cff33fb3de34f9f0616c7c73c399b3270aec2cc837",
      "vout": 0,
      "scriptSig": {
        "asm": "3045022100a6cadc449c1ed0a683971f6e7b74d278014b19a424f2c30de830afd4ba586a5d02207830a1fddb67bf0f2bdc1c455313d9296c6b774d4010ef98b216931451a58bfb[ALL] 04ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73",
        "hex": "483045022100a6cadc449c1ed0a683971f6e7b74d278014b19a424f2c30de830afd4ba586a5d02207830a1fddb67bf0f2bdc1c455313d9296c6b774d4010ef98b216931451a58bfb014104ed1df4aaa790f8118646976365a33de02dcbb4c78d92edf1271a85abe53c15a316d08c29b1069a52ae98e015a29aa52cbeb41c1fb77bf091d809d286adff8a73"
      },
      "sequence": 4294967293
    }
  ],
  "vout": [
    {
      "value": 0.00150000,
      "n": 0,
      "scriptPubKey": {
        "asm": "OP_HASH160 6455b6f90b32cd4b824f1ca0cb1f6ca85c41e28c OP_EQUAL",
        "hex": "a9146455b6f90b32cd4b824f1ca0cb1f6ca85c41e28c87",
        "reqSigs": 1,
        "type": "scripthash",
        "addresses": [
          "3AqYBHqkwhKHLo2wCJ8bh8dvs6dmEFWVnV"
        ]
      }
    },
    {
      "value": 0.01289663,
      "n": 1,
      "scriptPubKey": {
        "asm": "OP_DUP OP_HASH160 e432ffb6ef0bde696af29ca13dd37c0824a40823 OP_EQUALVERIFY OP_CHECKSIG",
        "hex": "76a914e432ffb6ef0bde696af29ca13dd37c0824a4082388ac",
        "reqSigs": 1,
        "type": "pubkeyhash",
        "addresses": [
          "1MocACiWLM8bYn8pCrYjy6uHq4U3CkxLaa"
        ]
      }
    }
  ]
}

[bob123]

One transaction consists of at least one input and at least one output.

If you want to spend your whole balance spread between 3 addresses, you create a transaction which has 3 inputs and 1 output
Each letter represents one UTXO (Unspent transaction output):

Code:

A + B + C  ->  Z

Using more UTXO's does increase the fee, yes.
However, you have to completely 'use' the UTXO.

If you have 10 BTC on address A and want to send 1 BTC to Z:

Code:

A -> Z(1 btc) + Y(9 btc)

You could use the same address again as change address, but this wouldn't help you lowering the fee.
If you receive funds multiple time to the same address, they are still multiple UTXO.

For example, if you received 10 transaction with 1 BTC each to address A and want to spend 3 BTC to Z, your transaction looks like this:

Code:

A(1 btc)+ A(1 btc) + A(1 btc) -> Z(3 btc)

Using a new change address does not increase the fee because it doesn't matter which UTXO's you are using, but how much of them.


By the way, the last example is also called consolidating inputs.
You take all of your UTXO's and combine them into one when the transaction fees are low. Then you only have 1 input for your next TX when the fees are high again. Please note, that this can harm your privacy since it will be publicly available then which addresses belong to each other.

[o_e_l_e_o]

1. What if I want to send 3.5 BTC to address Z? How will ledger nano s spend my BTC from these three addresses?

If you are using Ledger Live, it will automatically select inputs to make the smallest and most efficient transaction. If you want to manually choose which inputs to use, you will need to pair your Ledger Nano with a different client, such as Electrum.

2. And in this creating new addresses mechanism, we protect our privacy better, but does it cause more transaction fee?
For example, if I want to spend all 5 BTC and send to address Z. Ledger nano s has to send all my BTC from three addresses, it seems more fee than sending from one address. I'm not sure if I'm right.

You can try thinking of it like this:

Every time you receive bitcoin, think of it as if someone has just paid you in cash. If you receive a bitcoin, it's like someone handing you a $1 dollar bill. Lets say you receive 10 payments like this. Although you have $10 in total, you actually have ten $1 bills. Although you have a total of 10 bitcoins, and your wallet would show this total, in reality you actually have ten inputs, each of 1 bitcoin. Every time you spend an input, regardless of which address it is in, you pay a transaction fee. Spending ten inputs from the same address, or ten inputs all from different addresses, would cost the same.

3. If I send 10 BTC to address C or E, can I spend them? I think so but I cannot spend from a specific address, right?

When you send less than a full input, the remainder gets sent back to a new address you control in the same wallet, known as a "change address". So in your initial example, you send from A to B, and the remainder goes to your change address C. You then send from A to D, and the remainder goes to a new change address E. These change address are part of the same wallet as A, so yes, you can spend them. If you want to spend from them specifically, then as I mentioned above, you will need to use a client which allows this, such as Electrum.

[CryptoPadawan]

Thank you all very much for answers. I think I understand now.

Another question about Ledger nano s is what is the mechanism of "attach to pin"?

I have tested with restoring a new HW wallet with my seed and successfully get back with the secret phrase attached to pin.

My question is if this can work on different HW wallets, will it also work on Electrum?

For example, if I import my private seed to Electrum, and then I should also input the secret phrase.

Does it work like BIP38?

[o_e_l_e_o]

Another question about Ledger nano s is what is the mechanism of "attach to pin"?

This is for setting up a passphrase. A passphrase is an additional word, phrase, or string or characters which you can choose manually, which is needed to unlock your wallet. With Ledger, you can either enter the passphrase manually every time you wish to use it ("Set temporary passphrase"), or you can set up a secondary PIN with the passphrase linked to this PIN ("Attach to PIN code"). Bear in mind that if you lose your passphrase/forget your PIN, you will be unable to recover your coins (unless your passphrase was weak and brute-forceable). There's more information about this here: https://support.ledger.com/hc/en-us/articles/115005214529-Advanced-passphrase-security

My question is if this can work on different HW wallets, will it also work on Electrum?

Yes. If you wished to restore a wallet created on a Ledger device with a passphrase to Electrum, then you would create a new Electrum wallet, click "Standard wallet", then "I already have a seed". In the first box you would enter your 24 word seed phrase. Before clicking next, you would click on "Options", and tick both "Extend this seed with custom words" and "BIP39 seed". In the next box, titled "Seed extension", you would enter your passphrase.