What are hierarchical deterministic (HD) crypto wallets?
A hierarchical deterministic wallet generates public and private keys from a master key, allowing users to create a new wallet and retrieve all addresses and keys, given that they have access to the seed. On the contrary, non-deterministic wallets randomly generate wallet addresses and private keys, restricting users’ ability to recover addresses and keys if the wallet’s details are lost.
Typically, digital signatures and pairs of private and public signing keys are used in blockchain-based cryptocurrencies. That said, users spend their money by signing a transaction with the private key, and other users (recipients) can use the public key to confirm the signature’s validity. Private keys can be used to generate public keys, but not the other way around.
For instance, a user’s Bitcoin wallet comprises a set of private keys that enable the owner to spend any Bitcoin (BTC) linked to those keys. When the user needed them, Bitcoin wallets would randomly generate BTC addresses and private keys. Such types of digital wallets are called non-deterministic wallets (ND).
However, since the keys are not generated in any pattern, users must make a backup of each key whenever a new one is generated. That said, if the wallet’s details are lost, all of the addresses and keys would also be lost.
This type of Bitcoin wallet is also known as a “just-a-bunch-of-keys” (JBOK) wallet, as it produces unrelated keys and requires users to keep track of their transactions every time they buy and sell their cryptocurrencies. So, what are hierarchical deterministic (HD) wallets?
Hierarchical deterministic wallets took the place of JBOK wallets since users could back up HD wallets using a single seed and greatly benefit from extended keys. Therefore, a wallet that generates its public and private keys from a seed is referred to as a hierarchical deterministic wallet.
These wallets can be used for a variety of intriguing things, such as trustless auditing, online shopping and departmental funding distribution by the treasurer. For instance, an individual might disclose their master public key to external auditors, who could then use that key to view any future transactions made using BTC. In this case, the user’s funds are secure because the private keys linked to those funds are never revealed.
The summary of differences HD vs. non-HD wallets is listed in the table below:
To increase security and privacy, an HD wallet creates a fresh key pair from a master key pair (consisting of an extended private key and an extended public key) for each cryptocurrency transaction.
With BIP-32, HD wallets become the de facto standard for Bitcoin. BIP-32 is the Bitcoin Improvement Proposal (BIP) that introduced the development of a wallet structure that resembled a hierarchical tree.
In an HD wallet like MetaMask, a single master key is derived from the wallet seed, which is then used to generate child keys, each of which is capable of generating its own children. A seed, often represented as a mnemonic phrase, is a piece of information that can be used to produce both the wallet’s public and private keys.
A master key pair consisting of an extended private key (XPRIV) and an extended public key (XPUB) is typically present in HD wallets for Bitcoin. Additionally, a child private key is created pseudorandomly from a master private key, and the matching child public keys can be generated by anybody who knows the master public key.
The XPRIV produces all of the child private keys, and the XPUB may display the balances of all the child public keys in the wallet. Moreover, the need for storing multiple key pairs is eliminated, as HD wallet addresses can be generated from the master key or seed.
The same tree of keys will be generated by the master key, allowing users to back up a single seed rather than hundreds of keys in the case of non-deterministic wallets. Furthermore, XPUB keys allow users to receive Bitcoin directly into a cold storage wallet and keep their private keys offline because they allow users to generate new addresses using online extended public keys.
A web retailer that creates new public keys for each sale is an inspiring use case for HD crypto wallets. Using a deterministic wallet, the merchant can quickly produce and save only the public keys on a risky internet server while keeping all of the related private keys secure in offline storage. Additionally, the retailer can use HD wallets’ hierarchical feature to keep only the public keys required to process consumer payments, which might improve the privacy of the user.
With hierarchical deterministic wallets, users’ privacy is improved because they can share their master public key with others without putting their money in jeopardy. Similarly, HD wallets are secure since funds are diversified over numerous addresses. However, there is a substantial chance of money being lost if the master key or private keys get revealed to the public.
Due to the hierarchical structure of deterministic wallets, every private key generated by the seed has the potential to be utilized as a master private key, which can then be used as a deterministic wallet to generate further keys.
Also, the changing addresses offer enhanced privacy, as one cannot find out the exact wallet balance from the public ledger. However, anyone who has access to the extended private keys can steal users’ funds, which is why they shouldn’t be shared with non-trusted parties.
Related: Private, public and consortium blockchains: The differences explained
Along with improved privacy, deterministic wallets offer great security, as access to a number of different private keys will be required to gain access to all of the users’ crypto assets because they have spread their funds across several addresses. Furthermore, the coins that are controlled by other private keys remain unaffected if one private key is compromised. However, if the seed is compromised, all funds may be stolen by hackers.
HD wallets are as secure as the medium (physical or digital) on which they are stored.
BIP-32 enables an HD wallet to produce a tree-like hierarchical structure of private keys from the seed. As a result, if a device is lost or destroyed, the seed backup can be used to restore the wallet along with all of the tree’s private keys.
Hierarchical deterministic wallets offer enhanced security and privacy compared to non-deterministic wallets. They are secure because a new address is issued for every new transaction. Therefore, hacking them is a challenging and intricate process. Additionally, an indefinite number of public addresses can be created for the purpose of collecting payments, ensuring users’ financial anonymity.
However, if either private keys or master keys are not safely stored, they can expose users’ funds to malicious actors. Therefore, the chosen seed phrases in HD wallets should be unrelated to users’ names or any other personal details that attackers will find simpler to compromise.