[INFO - DISCUSSION] Hierarchical Deterministic Wallets (BIP32)

[cygan]

since the two threads i found about hd wallets are from 2013 and 2017 and are hardly visited (relevance: 18% and 19% respectively), i would like to open a new thread about this topic.
i strongly assume that many of you already know the slides i have posted in the past on various topics.

another short explanation what hd wallet are:

A Hierarchical Deterministic (HD) wallet is the term used to describe a wallet which uses a seed to derive public and private keys. HD wallets were implemented as a Bitcoin standard with BIP 32. Before this, most wallets generated unrelated keys each time a user required a new address. This format, called a Just-a-Bunch-of-Keys (JBOK) wallet, required the wallet to backup each key individually, a significant inconvenience for both wallets and users. HD wallets can be backed up by storing a single seed of 64 bytes.

https://river.com/learn/terms/h/hd-wallet/

here are 8 slides about this topic and with this i would like to start a discussion and this thread should also be a starting point for all who are interested in this topic and have questions.







https://twitter.com/BTCillustrated

[1714811793]

1714811793

[1714811793]

1714811793

[1714811793]

1714811793

[1714811793]

1714811793

[1714811793]

1714811793

[1714811793]

1714811793

[DaveF]

Don't know if you want this in here or a separate discussion, but for a while I have been wanting to discuss what actually brought this about.

At times I have poked around old lists and discussions, but either my Google skills are slipping or I am not searching for the proper terms. But is there a point in time where everyone got together and said, yes we need this and we are going to do it this way?

-Dave

[vjudeu]

But is there a point in time where everyone got together and said, yes we need this and we are going to do it this way?

You can read the "Motivation" paragraph of BIP-32: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#motivation

but either my Google skills are slipping or I am not searching for the proper terms

First, if you want to catch the beginning of the problem, then you should look around the initial creation date:

Code:

  BIP: 32
  Layer: Applications
  Title: Hierarchical Deterministic Wallets
  Author: Pieter Wuille <pieter.wuille@gmail.com>
  Comments-Summary: No comments yet.
  Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0032
  Status: Final
  Type: Informational
  Created: 2012-02-11
  License: BSD-2-Clause

That means, you should dig into some topics around 2012 or earlier, because all later things were just improvements on top of what was created then.

Search query: "site:bitcointalk.org Hierarchical Deterministic Wallets"
Result: https://bitcointalk.org/index.php?topic=19137.0

[DaveF]

Probably not expressing myself properly was tired when posting.

I saw both of those when searching a while ago. But the BIP motivation says why and even the gmaxwell post has this

Bitcoin really ought to offer and default to using deterministic wallets.   The additional security of the current pre-generated ones is fairly small considering how most people use bitcoin and the liability of harm due to insufficient backups and increased pressure to keep a single wallet online is enormous.

What I was looking for is more of the DaveF had an issue, and using a deterministic wallet would have fixed the problem or if DaveF does not use a deterministic wallet he will have those problems.

I *know* these issues happened, but was looking for the discussion about how doing it this way would have solved it.

But, with what you posted I was probably not looking back far enough.

-Dave

[vjudeu]

What I was looking for is more of the DaveF had an issue, and using a deterministic wallet would have fixed the problem or if DaveF does not use a deterministic wallet he will have those problems.

1. Users created non-deterministic wallets.
2. They didn't make backups every 100 addresses.
3. They sent some small amount as a payment, and the rest of their wealth was sent as a change.
4. They didn't have that backup, so they lost their change.

Topic: https://bitcointalk.org/index.php?topic=782.0
See transaction: eb5b761c7380ed4c6adf688f9e5ab94953dcabeda47d9eeabd77261902fccccf

Deterministic wallets solve this. You can then make your backup once, and generate all addresses from that, including change address.

[DaveF]

What I was looking for is more of the DaveF had an issue, and using a deterministic wallet would have fixed the problem or if DaveF does not use a deterministic wallet he will have those problems.

1. Users created non-deterministic wallets.
2. They didn't make backups every 100 addresses.
3. They sent some small amount as a payment, and the rest of their wealth was sent as a change.
4. They didn't have that backup, so they lost their change.

Topic: https://bitcointalk.org/index.php?topic=782.0
See transaction: eb5b761c7380ed4c6adf688f9e5ab94953dcabeda47d9eeabd77261902fccccf

Deterministic wallets solve this. You can then make your backup once, and generate all addresses from that, including change address.

That kind link was what I was looking for. I have known all the benefits of HD wallets and so on, but I just never knew how we got there.

Back then I always had to opinion that BTC users were tech savvy and knew enough to backup often and in different ways.
Just never really looked at how many people lost how much before we got where we are now.

-Dave

[cygan]

nice to follow your discussion, keep up the good work
besides i have uploaded 4 more slides (part 3) in the op. these are related to child key derivation. child keys (both private and public) are derived from this root in a deterministic way, meaning you can always generate the same set of keys from the master key.

[bitmover]

I will add some information.why nondeterministics wallets were replaced and nobody should use them.
They are hard to back up and bad for privacy (make hard to avoid address reuse)

Such wallets (nondeterministic) are being replaced with deterministic wallets because they are cumbersome to manage, back up, and import. The disadvantage of random keys is that if you generate many of them you must keep copies of all of them, meaning that the wallet must be backed up frequently. Each key must be backed up, or the funds it controls are irrevocably lost if the wallet becomes inaccessible. This conflicts directly with the principle of avoiding address reuse, by using each Bitcoin address for only one transaction. Address reuse reduces privacy by associating multiple transactions and addresses with each other

https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc

On the other hand, HD wallets solve those problems

HD Wallets (BIP-32/BIP-44)

Deterministic wallets were developed to make it easy to derive many keys from a single "seed". The most advanced form of deterministic wallets is the HD wallet defined by the BIP-32 standard. HD wallets contain keys derived in a tree structure, such that a parent key can derive a sequence of children keys, each of which can derive a sequence of grandchildren keys, and so on, to an infinite depth. This tree structure is illustrated in