SlideShare ist ein Scribd-Unternehmen logo

Understanding hd wallets design and implementation

ArcBlock
ArcBlock

ArcBlock Technical Learning Series Presents Understanding HD Wallets. This talk will look at the building blocks to creating a virtual currency wallet including some of the basic design ideas, and implementation methods.

Software
1 von 52
Downloaden Sie, um offline zu lesen
Understanding HD Wallets: Design and Implementation Brought to you by Shijun Wang 1
HD Wallet= Hierarchical Deterministic Wallet 2
Wallet 3
What is Wallet? • Wallets contain keys, not coins, each user has a wallet containing keys • Users sign transactions with the keys, all transactions stored on blockchain 4
What is Wallet? (ctnd.) 5
Deterministic Wallet 6
What is Non-Deterministic Wallet? Random Wallet • Private/public key pairs are generated randomly, not related to each other • Backup/restore/migration must be done with each key pair • Satoshi Client : JBOK (just a bunch of keys) 7
What is Non-Deterministic Wallet? (ctnd.) 8
What is Deterministic Wallet? Seeded Wallet • Derive large amounts of private/public key pairs from same single seed phrase • Backup/restore/migration can be done with the seed phrase at creation time • Derive algorithm = one way hash function • Deterministic wallets can be sequential or hierarchical 9
What is Sequential Deterministic Wallet? 10
Hierarchical Deterministic Wallet 11
What is Hierarchical Deterministic Wallet? 12
What is Hierarchical Deterministic Wallet? (ctnd.) • Generated private/public key pairs are organized into a tree, derived using a path • Tree structure can be used to express additional organizational meaning • Each node has private and public key, any node can derive any number of children • Can be shared partially or entirely with different systems, each with or without the ability to spend coins • Industry standard for generating multiple network wallets with same seed phrase, supported by most wallet apps 13
Design and Implementation (BIP32 and BIP44) 14
What is BIP then? BIP = Bitcoin Improvement Proposal Design document providing information to the Bitcoin community, or describing a new feature for Bitcoin or its processes or environment. Each BIP is assigned a number. • Meta BIP • BIP Workflow • Complete BIP list 15
HD Wallet related BIPs • BIP32: Hierarchical Deterministic Wallets • BIP43: Purpose Field for Deterministic Wallets • BIP44: Multi-Account Hierarchy for Deterministic Wallets 16
What is BIP32? Core BIP related to HD Wallet • Spec for key pair derivation from a master seed • Spec for wallet construction on top of such key pair tree 17
BIP32: Child Key Derivation Algorithm? Child Key Derivation function • CKD is one-way hash function that make uses of following 3 inputs • A parent private or public key • A seed called a chain code • An index number (32 bits means 2^32 child) • Important property of derived keys • Child private keys are indistinguishable from non-deterministic (random) keys • Can be used to make a public key and a address • Can be used to sign transactions to spend anything paid to that address • The fact that they are part of a sequence is not visible outside of the HD wallet 18
BIP32: How to Derive Child Private Key? 19
BIP32: How to Derive Child Public Key? 20
BIP32: How to Derive Child Key: Javascript HDKey.prototype.deriveChild = function(index) { var indexBuffer = Buffer.allocUnsafe(4); indexBuffer.writeUInt32BE(index, 0); var data = Buffer.concat([this.publicKey, indexBuffer]); var I = crypto.createHmac('sha512', this.chainCode).update(data).digest(); var IL = I.slice(0, 32); var IR = I.slice(32); var child = new HDKey(); if (this.privateKey) { child.privateKey = secp256k1.privateKeyTweakAdd(this.privateKey, IL); } else { child.publicKey = secp256k1.publicKeyTweakAdd(this.publicKey, IL, true); } child.chainCode = IR; child.depth = this.depth + 1; child.index = index; return child; }; 21
BIP32: Child Key Derive Function Notation • Child private key derivation: • Child public key derivation: 22
BIP32: Why Chain Code in CKD? • Introduce deterministic random data to the process • Initial chain code seed (at the root of the tree) is generated from the seed • Subsequent child chain codes are derived from each parent chain code • Add another layer to HD wallet privacy • Public key can be easily found, if chain code not present, all child keys are revealed 23
BIP32: What is Extended Key? Child key derivation requires both parent key and parent chain code. • Extensible keys, keys that can derive children • Extended Private Key = Private Key + Chain Code , xpriv • Extended Public Key = Public Key + Chain Code , xpub • Can be root of a branch in the tree structure of the HD wallet • Knowing xpriv allows reconstruction of all descendant private keys and public keys • Knowing xpub allows reconstruction of all descendant public keys • Should be treated with more care than random generated public key 24
BIP32: Where Should We Start? Master Key! Now we have CKD functions, where should we start to generate a tree? • Generate random extended keys directly? • We have a total of 2^512 extended keys, because it’s 512 bits long • But can only produced 2^256 possible public/private keys, because they are 256 bits long • Generate master key from potential random value ( better ) • Generate seed of a chosen length from RNG • Calculate HMAC-SHA512 hash from the seed • Split hash into 2 256-bits sequences • Left as master secret key, right as master chain code 25
BIP32: From Seed to Master Key and Extended Key 26
BIP32: Security Flaw with CKD 27
BIP32: Rescue to Security Flaw: Hardened CKD 28
BIP32: Child Key Derive Path Notation • CKDpriv(CKDpriv(CKDpriv(m,3),2),5) => m/3/2/5 • CKDpriv(CKDpriv(CKDpriv(m,3H),2),5) => m/3'/2/5 • CKDpub(CKDpub(CKDpub(m,0),0),0) => M/0/0/0 29
BIP32: HD Wallet Structure Overview 30
Why BIP44? 31
Why BIP44? • BIP32 specification offers implementors too many degrees of freedom, infinite depth • BIP32 compatible wallets can produce wallets with different logical structures 32
What is BIP44? • BIP43: Purpose Field for Deterministic Wallets • BIP44: Multi-Account Hierarchy for Deterministic Wallets • Defined a specific logical hierarchy for deterministic wallets based on the algorithm described in BIP-32 • Provided a network agnostic method of generating secure keys in an incredibly flexible manner 33
BIP44: Derive Path Notation Notation Example • CKD: m : CKDpriv is used, M for CKDPub • Purpose: 44' , hardened , which spec is used, 44 means BIP44 • Coin: 60' , hardened , 60 means Ethereum, coin types • Account: 0' , hardened , enable multiple accounts under single network • Change: 0 , 0 means external in Bitcoin, always 0 in Ethereum • Index: 0 , the first public/private key pair leaf node m / purpose' / coin_type' / account' / chain / address_index m/44'/60'/0'/0/0 34
Making HD Wallet User Friendly (BIP39) 35
Why BIP39? 36
What is Mnemonic Code? Mnemonic Code = Word sequences that represent a random number used as a seed to derive HD wallets • Easy to transcribe, record on paper • Easy to export and import into another wallet • More secure than brain wallet , 37
What is BIP39? Mnemonic code for generating deterministic keys • Describes how to generate mnemonic code from random number • Describes how to convert mnemonic code to master seed 38
BIP39: Mnemonic Generating Work ow 39
BIP39: Entropy and Mnemonic code Different length of random number( entropy ) leads to different Mnemonic length Entropy Checksum Entropy + Checksum Mnemonic Length 128 4 132 12 160 5 165 15 192 6 198 18 224 7 231 21 256 8 264 24 Mnemonic word duplicate is possible 40
BIP39: Mnemonic Code Wordlist Multilingual support (2048 words in each language): • English • Japanese • Korean • Spanish • Chinese (Simplified) • Chinese (Traditional) • French • Italian 41
BIP39: Mnemonic Generating Code: Javascript function generateMnemonic(strength, rng, wordlist) { strength = strength || 128; if (strength % 32 !== 0) throw new TypeError(INVALID_ENTROPY); rng = rng || randomBytes; return entropyToMnemonic(rng(strength / 8), wordlist); } function entropyToMnemonic(entropy, wordlist) { if (!Buffer.isBuffer(entropy)) entropy = Buffer.from(entropy, 'hex'); wordlist = wordlist || DEFAULT_WORDLIST; var entropyBits = bytesToBinary([].slice.call(entropy)); var checksumBits = deriveChecksumBits(entropy); var bits = entropyBits + checksumBits; var chunks = bits.match(/(.{1,11})/g); var words = chunks.map(function(binary) { var index = binaryToByte(binary); return wordlist[index]; }); return wordlist === JAPANESE_WORDLIST ? words.join('u3000') : words.join(' '); } 42
BIP39: Possible to Brute Force Attack Mnemonic? Take 12 words mnemonic, 2048 word list as example: • Possible permutation = 2048!/(2048 - 12)! = 5.27e+39 • 10000 guess/second = 10000 * 60 * 60 * 24 * 364 = 3.15*e+11 guess/year • Years take to check all = 1.67e+28 year Longer Mnemonic = Better Randomness = Better Security 43
BIP39: From Mnemonic to Master Seed 44
BIP39: From Mnemonic to Master Seed (code) function mnemonicToSeed(mnemonic, password) { var mnemonicBuffer = Buffer.from(unorm.nfkd(mnemonic), 'utf8'); var saltBuffer = Buffer.from(salt(unorm.nfkd(password)), 'utf8'); return pbkdf2(mnemonicBuffer, saltBuffer, 2048, 64, 'sha512'); } 45
BIP39: Mnemonic + Passphrase = Better Security • Mnemonic • Checksum makes randomly generated word sequences invalid mnemonic • Possible set of 2^512 wallets, no practical possibility of brute-forcing or accidentally guessing one that is in use • Passphrase • Given a single mnemonic, every possible passphrase leads to a different seed • Passphrase as second factor, makes it hard to compromise the wallet when mnemonic leaked 46
Connect the Dots 47
Mnemonic => Ethereum HD Wallet const bip39 = require('bip39'); const HDKey = require('hdkey'); const EthUtil = require('ethereumjs-util'); const mnemonic = bip39.generateMnemonic(128); const seed = bip39.mnemonicToSeed(mnemonic, ''); const master = HDKey.fromMasterSeed(seed); const account = master.derive("m/44'/60'/0'"); const addr = account.deriveChild(0).deriveChild(0); const pubKey = EthUtil.privateToPublic(addr.privateKey); const address = EthUtil.publicToAddress(pubKey).toString('hex'); // address: 0xd98efff831aaa4fe8834f9cb211d8397193a5492 48
Mnemonic HD Wallet in Action 49
One More Thing 50
Where to Learn More? • BIP32: Hierarchical Deterministic Wallets • BIP39: Mnemonic code for generating deterministic keys • BIP43: Purpose Field for Deterministic Wallets • BIP44: Multi-Account Hierarchy for Deterministic Wallets • Master Bitcoin 2nd Edition: Wallets and Address • Bitcoin Developer Guide • HD Wallet Playground: Support Many Chains • HD Wallet Playground: Only Ethereum Support 51
52

Empfohlen

Ethereum
EthereumEthereum
Ethereum
Brian Yap
 
Ethereum-Cryptocurrency (All about Ethereum)
Ethereum-Cryptocurrency (All about Ethereum) Ethereum-Cryptocurrency (All about Ethereum)
Ethereum-Cryptocurrency (All about Ethereum)
عطاءالمنعم اثیل شیخ
 
Introduction to Bitcoin's Scripting Language
Introduction to Bitcoin's Scripting LanguageIntroduction to Bitcoin's Scripting Language
Introduction to Bitcoin's Scripting Language
Jeff Flowers
 
Ethereum
EthereumEthereum
Ethereum
NexThoughts Technologies
 
Smart Contract & Ethereum
Smart Contract & EthereumSmart Contract & Ethereum
Smart Contract & Ethereum
Akshay Singh
 
Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20
Truong Nguyen
 
Ethereum 2.0
Ethereum 2.0Ethereum 2.0
Ethereum 2.0
Gene Leybzon
 
All About Ethereum
All About EthereumAll About Ethereum
All About Ethereum
Oodles Technologies Pvt. Ltd.
 

Empfohlen

Ethereum
EthereumEthereum
Ethereum
Brian Yap
 
Ethereum-Cryptocurrency (All about Ethereum)
Ethereum-Cryptocurrency (All about Ethereum) Ethereum-Cryptocurrency (All about Ethereum)
Ethereum-Cryptocurrency (All about Ethereum)
عطاءالمنعم اثیل شیخ
 
Introduction to Bitcoin's Scripting Language
Introduction to Bitcoin's Scripting LanguageIntroduction to Bitcoin's Scripting Language
Introduction to Bitcoin's Scripting Language
Jeff Flowers
 
Ethereum
EthereumEthereum
Ethereum
NexThoughts Technologies
 
Smart Contract & Ethereum
Smart Contract & EthereumSmart Contract & Ethereum
Smart Contract & Ethereum
Akshay Singh
 
Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20Ethereum Blockchain with Smart contract and ERC20
Ethereum Blockchain with Smart contract and ERC20
Truong Nguyen
 
Ethereum 2.0
Ethereum 2.0Ethereum 2.0
Ethereum 2.0
Gene Leybzon
 
All About Ethereum
All About EthereumAll About Ethereum
All About Ethereum
Oodles Technologies Pvt. Ltd.
 
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Simplilearn
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
Anurag Dashputre
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Gautam Anand
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin Script
David Evans
 
Smart contracts
Smart contractsSmart contracts
Smart contracts
Philippe Camacho, Ph.D.
 
Blockchain and Cryptocurrencies
Blockchain and CryptocurrenciesBlockchain and Cryptocurrencies
Blockchain and Cryptocurrencies
nimeshQ
 
An Introduction to Blockchain
An Introduction to BlockchainAn Introduction to Blockchain
An Introduction to Blockchain
NexThoughts Technologies
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
Malak Abu Hammad
 
Crypto Wallet Types Explained
Crypto Wallet Types ExplainedCrypto Wallet Types Explained
Crypto Wallet Types Explained
101 Blockchains
 
PoW vs. PoS - Key Differences
PoW vs. PoS - Key DifferencesPoW vs. PoS - Key Differences
PoW vs. PoS - Key Differences
101 Blockchains
 
Week 3 - Cryptocurrencies
Week 3 - CryptocurrenciesWeek 3 - Cryptocurrencies
Week 3 - Cryptocurrencies
Roger Royse
 
Blockchain ecosystem and evolution
Blockchain ecosystem and evolutionBlockchain ecosystem and evolution
Blockchain ecosystem and evolution
Chandra Sekhar AKNR
 
Introduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsIntroduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart Contracts
Techracers
 
Basic introduction in blockchain, smart contracts, permissioned ledgers
Basic introduction in blockchain, smart contracts, permissioned ledgersBasic introduction in blockchain, smart contracts, permissioned ledgers
Basic introduction in blockchain, smart contracts, permissioned ledgers
Koen Vingerhoets
 
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Svetlin Nakov
 
Top 5 DeFi Applications
Top 5 DeFi ApplicationsTop 5 DeFi Applications
Top 5 DeFi Applications
101 Blockchains
 
Blockchain Smart Contract v5
Blockchain Smart Contract v5Blockchain Smart Contract v5
Blockchain Smart Contract v5
MD SAQUIB KHAN
 
Ppt on blockchain technology
Ppt on blockchain technologyPpt on blockchain technology
Ppt on blockchain technology
RATAN AGARWALA
 
Intro to smart contract on blockchain en
Intro to smart contract on blockchain enIntro to smart contract on blockchain en
Intro to smart contract on blockchain en
Nicholas Lin
 
What is Decentralized Autonomous Organization (DAO) & How DAO works?
What is Decentralized Autonomous Organization (DAO) & How DAO works?What is Decentralized Autonomous Organization (DAO) & How DAO works?
What is Decentralized Autonomous Organization (DAO) & How DAO works?
Blockchain Council
 
Hitcon badge 2018
Hitcon badge 2018 Hitcon badge 2018
Hitcon badge 2018
Alan Lee
 
Bitcoin developer guide
Bitcoin developer guideBitcoin developer guide
Bitcoin developer guide
承翰 蔡
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Simplilearn
 
Crypto Wallet Types Explained
Crypto Wallet Types ExplainedCrypto Wallet Types Explained
Crypto Wallet Types Explained
101 Blockchains
 
PoW vs. PoS - Key Differences
PoW vs. PoS - Key DifferencesPoW vs. PoS - Key Differences
PoW vs. PoS - Key Differences
101 Blockchains
 
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Svetlin Nakov
 
Top 5 DeFi Applications
Top 5 DeFi ApplicationsTop 5 DeFi Applications
Top 5 DeFi Applications
101 Blockchains
 

Was ist angesagt? (20)

Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...
 
Blockchain consensus algorithms
Blockchain consensus algorithmsBlockchain consensus algorithms
Blockchain consensus algorithms
 
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) AlgorithmsUnderstanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
Understanding Proof of Work (PoW) and Proof of Stake (PoS) Algorithms
 
Bitcoin Script
Bitcoin ScriptBitcoin Script
Bitcoin Script
 
Smart contracts
Smart contractsSmart contracts
Smart contracts
 
Blockchain and Cryptocurrencies
Blockchain and CryptocurrenciesBlockchain and Cryptocurrencies
Blockchain and Cryptocurrencies
 
An Introduction to Blockchain
An Introduction to BlockchainAn Introduction to Blockchain
An Introduction to Blockchain
 
Introduction to Blockchain
Introduction to BlockchainIntroduction to Blockchain
Introduction to Blockchain
 
Crypto Wallet Types Explained
Crypto Wallet Types ExplainedCrypto Wallet Types Explained
Crypto Wallet Types Explained
 
PoW vs. PoS - Key Differences
PoW vs. PoS - Key DifferencesPoW vs. PoS - Key Differences
PoW vs. PoS - Key Differences
 
Week 3 - Cryptocurrencies
Week 3 - CryptocurrenciesWeek 3 - Cryptocurrencies
Week 3 - Cryptocurrencies
 
Blockchain ecosystem and evolution
Blockchain ecosystem and evolutionBlockchain ecosystem and evolution
Blockchain ecosystem and evolution
 
Introduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart ContractsIntroduction to Blockchain and Smart Contracts
Introduction to Blockchain and Smart Contracts
 
Basic introduction in blockchain, smart contracts, permissioned ledgers
Basic introduction in blockchain, smart contracts, permissioned ledgersBasic introduction in blockchain, smart contracts, permissioned ledgers
Basic introduction in blockchain, smart contracts, permissioned ledgers
 
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
Consensus Algorithms - Nakov at CryptoBlockCon - Las Vegas (2018)
 
Top 5 DeFi Applications
Top 5 DeFi ApplicationsTop 5 DeFi Applications
Top 5 DeFi Applications
 
Blockchain Smart Contract v5
Blockchain Smart Contract v5Blockchain Smart Contract v5
Blockchain Smart Contract v5
 
Ppt on blockchain technology
Ppt on blockchain technologyPpt on blockchain technology
Ppt on blockchain technology
 
Intro to smart contract on blockchain en
Intro to smart contract on blockchain enIntro to smart contract on blockchain en
Intro to smart contract on blockchain en
 
What is Decentralized Autonomous Organization (DAO) & How DAO works?
What is Decentralized Autonomous Organization (DAO) & How DAO works?What is Decentralized Autonomous Organization (DAO) & How DAO works?
What is Decentralized Autonomous Organization (DAO) & How DAO works?
 

Ähnlich wie Understanding hd wallets design and implementation

Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Svetlin Nakov
 

Ähnlich wie Understanding hd wallets design and implementation (20)

Hitcon badge 2018
Hitcon badge 2018 Hitcon badge 2018
Hitcon badge 2018
 
Bitcoin developer guide
Bitcoin developer guideBitcoin developer guide
Bitcoin developer guide
 
2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite 2019 03 18_kenneth_simplebitcoinwebsite
2019 03 18_kenneth_simplebitcoinwebsite
 
Tmc mastering bitcoins ppt
Tmc mastering bitcoins pptTmc mastering bitcoins ppt
Tmc mastering bitcoins ppt
 
Bitcoin & Blockchain
Bitcoin & Blockchain Bitcoin & Blockchain
Bitcoin & Blockchain
 
J.burke HackMiami6
J.burke HackMiami6J.burke HackMiami6
J.burke HackMiami6
 
Crypography in c#
Crypography in c#Crypography in c#
Crypography in c#
 
Bitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysBitcoin Wallet &amp Keys
Bitcoin Wallet &amp Keys
 
SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Wi...
SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Wi...SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Wi...
SMART Seminar Series: "Blockchain and its Applications". Presented by Prof Wi...
 
Wallet from noob to pro
Wallet from noob to proWallet from noob to pro
Wallet from noob to pro
 
Bitcoin
BitcoinBitcoin
Bitcoin
 
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)
以比特幣為例的區塊鏈技術介紹 ( Intro to Blockchain using Bitcoin as an example)
 
Study on Bitcoin
Study on Bitcoin Study on Bitcoin
Study on Bitcoin
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
 
create your own cryptocurrency
create your own cryptocurrencycreate your own cryptocurrency
create your own cryptocurrency
 
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
 
Crypto & Crpyocurrencies Intro
Crypto & Crpyocurrencies IntroCrypto & Crpyocurrencies Intro
Crypto & Crpyocurrencies Intro
 
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & CodeDeploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
Deploy a blockchain web-app with Hyperledger Fabric 1.4 - Concepts & Code
 
Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703
Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703
Deployablockchainwebappwithhyperledgerfabricpresentation 190820170703
 
A Quick Start To Blockchain by Seval Capraz
A Quick Start To Blockchain by Seval CaprazA Quick Start To Blockchain by Seval Capraz
A Quick Start To Blockchain by Seval Capraz
 

Mehr von ArcBlock

Build a Decentralized, public verifiable Database with ex_abci and Tendermint
Build a Decentralized, public verifiable Database with ex_abci and TendermintBuild a Decentralized, public verifiable Database with ex_abci and Tendermint
Build a Decentralized, public verifiable Database with ex_abci and Tendermint
ArcBlock
 
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity VerificationQRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
ArcBlock
 
Designing Decentralized Applications (DApps)
Designing Decentralized Applications (DApps) Designing Decentralized Applications (DApps)
Designing Decentralized Applications (DApps)
ArcBlock
 
Cryptography for everyone
Cryptography for everyoneCryptography for everyone
Cryptography for everyone
ArcBlock
 
Introduction to HTTP/2 and How To Use It
Introduction to HTTP/2 and How To Use ItIntroduction to HTTP/2 and How To Use It
Introduction to HTTP/2 and How To Use It
ArcBlock
 

Mehr von ArcBlock (18)

ArcBlock Introduction to Blockchain
ArcBlock Introduction to BlockchainArcBlock Introduction to Blockchain
ArcBlock Introduction to Blockchain
 
Forge blockchain deployment made easy
Forge blockchain deployment made easyForge blockchain deployment made easy
Forge blockchain deployment made easy
 
Designing Decentralized Apps: Programmable Tokens
Designing Decentralized Apps: Programmable TokensDesigning Decentralized Apps: Programmable Tokens
Designing Decentralized Apps: Programmable Tokens
 
Build a Decentralized, public verifiable Database with ex_abci and Tendermint
Build a Decentralized, public verifiable Database with ex_abci and TendermintBuild a Decentralized, public verifiable Database with ex_abci and Tendermint
Build a Decentralized, public verifiable Database with ex_abci and Tendermint
 
ArcBlock Presents 5 Winning Factors to Building a Successful DApp
ArcBlock Presents 5 Winning Factors to Building a Successful DAppArcBlock Presents 5 Winning Factors to Building a Successful DApp
ArcBlock Presents 5 Winning Factors to Building a Successful DApp
 
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity VerificationQRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
QRCodes are Fun, Easy, and Useful for Links, Payments and Identity Verification
 
Designing Decentralized Applications (DApps)
Designing Decentralized Applications (DApps) Designing Decentralized Applications (DApps)
Designing Decentralized Applications (DApps)
 
Cryptography for everyone
Cryptography for everyoneCryptography for everyone
Cryptography for everyone
 
Introduction to HTTP/2 and How To Use It
Introduction to HTTP/2 and How To Use ItIntroduction to HTTP/2 and How To Use It
Introduction to HTTP/2 and How To Use It
 
IPFS: A Whole New World
IPFS: A Whole New WorldIPFS: A Whole New World
IPFS: A Whole New World
 
Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1Ethereum virtual machine for Developers Part 1
Ethereum virtual machine for Developers Part 1
 
Technical Learning Series - Elixir ExUnit
Technical Learning Series - Elixir ExUnitTechnical Learning Series - Elixir ExUnit
Technical Learning Series - Elixir ExUnit
 
Tendermint in a nutshell
Tendermint in a nutshellTendermint in a nutshell
Tendermint in a nutshell
 
Introduction to CQRS & Commended
Introduction to CQRS & CommendedIntroduction to CQRS & Commended
Introduction to CQRS & Commended
 
Decipher Multi-Factor Authentication - A Developers Introduction
Decipher Multi-Factor Authentication - A Developers IntroductionDecipher Multi-Factor Authentication - A Developers Introduction
Decipher Multi-Factor Authentication - A Developers Introduction
 
Introduction to aws data pipeline services
Introduction to aws data pipeline servicesIntroduction to aws data pipeline services
Introduction to aws data pipeline services
 
Introduction to Ethereum Smart Contracts
Introduction to Ethereum Smart Contracts Introduction to Ethereum Smart Contracts
Introduction to Ethereum Smart Contracts
 
ArcBlock Presents An Introduction to Blockchain
ArcBlock Presents An Introduction to BlockchainArcBlock Presents An Introduction to Blockchain
ArcBlock Presents An Introduction to Blockchain
 

Kürzlich hochgeladen

TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 

Kürzlich hochgeladen (20)

TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 

Understanding hd wallets design and implementation

  • 1. Understanding HD Wallets: Design and Implementation Brought to you by Shijun Wang 1
  • 2. HD Wallet= Hierarchical Deterministic Wallet 2
  • 4. What is Wallet? • Wallets contain keys, not coins, each user has a wallet containing keys • Users sign transactions with the keys, all transactions stored on blockchain 4
  • 5. What is Wallet? (ctnd.) 5
  • 7. What is Non-Deterministic Wallet? Random Wallet • Private/public key pairs are generated randomly, not related to each other • Backup/restore/migration must be done with each key pair • Satoshi Client : JBOK (just a bunch of keys) 7
  • 8. What is Non-Deterministic Wallet? (ctnd.) 8
  • 9. What is Deterministic Wallet? Seeded Wallet • Derive large amounts of private/public key pairs from same single seed phrase • Backup/restore/migration can be done with the seed phrase at creation time • Derive algorithm = one way hash function • Deterministic wallets can be sequential or hierarchical 9
  • 10. What is Sequential Deterministic Wallet? 10
  • 12. What is Hierarchical Deterministic Wallet? 12
  • 13. What is Hierarchical Deterministic Wallet? (ctnd.) • Generated private/public key pairs are organized into a tree, derived using a path • Tree structure can be used to express additional organizational meaning • Each node has private and public key, any node can derive any number of children • Can be shared partially or entirely with different systems, each with or without the ability to spend coins • Industry standard for generating multiple network wallets with same seed phrase, supported by most wallet apps 13
  • 14. Design and Implementation (BIP32 and BIP44) 14
  • 15. What is BIP then? BIP = Bitcoin Improvement Proposal Design document providing information to the Bitcoin community, or describing a new feature for Bitcoin or its processes or environment. Each BIP is assigned a number. • Meta BIP • BIP Workflow • Complete BIP list 15
  • 16. HD Wallet related BIPs • BIP32: Hierarchical Deterministic Wallets • BIP43: Purpose Field for Deterministic Wallets • BIP44: Multi-Account Hierarchy for Deterministic Wallets 16
  • 17. What is BIP32? Core BIP related to HD Wallet • Spec for key pair derivation from a master seed • Spec for wallet construction on top of such key pair tree 17
  • 18. BIP32: Child Key Derivation Algorithm? Child Key Derivation function • CKD is one-way hash function that make uses of following 3 inputs • A parent private or public key • A seed called a chain code • An index number (32 bits means 2^32 child) • Important property of derived keys • Child private keys are indistinguishable from non-deterministic (random) keys • Can be used to make a public key and a address • Can be used to sign transactions to spend anything paid to that address • The fact that they are part of a sequence is not visible outside of the HD wallet 18
  • 19. BIP32: How to Derive Child Private Key? 19
  • 20. BIP32: How to Derive Child Public Key? 20
  • 21. BIP32: How to Derive Child Key: Javascript HDKey.prototype.deriveChild = function(index) { var indexBuffer = Buffer.allocUnsafe(4); indexBuffer.writeUInt32BE(index, 0); var data = Buffer.concat([this.publicKey, indexBuffer]); var I = crypto.createHmac('sha512', this.chainCode).update(data).digest(); var IL = I.slice(0, 32); var IR = I.slice(32); var child = new HDKey(); if (this.privateKey) { child.privateKey = secp256k1.privateKeyTweakAdd(this.privateKey, IL); } else { child.publicKey = secp256k1.publicKeyTweakAdd(this.publicKey, IL, true); } child.chainCode = IR; child.depth = this.depth + 1; child.index = index; return child; }; 21
  • 22. BIP32: Child Key Derive Function Notation • Child private key derivation: • Child public key derivation: 22
  • 23. BIP32: Why Chain Code in CKD? • Introduce deterministic random data to the process • Initial chain code seed (at the root of the tree) is generated from the seed • Subsequent child chain codes are derived from each parent chain code • Add another layer to HD wallet privacy • Public key can be easily found, if chain code not present, all child keys are revealed 23
  • 24. BIP32: What is Extended Key? Child key derivation requires both parent key and parent chain code. • Extensible keys, keys that can derive children • Extended Private Key = Private Key + Chain Code , xpriv • Extended Public Key = Public Key + Chain Code , xpub • Can be root of a branch in the tree structure of the HD wallet • Knowing xpriv allows reconstruction of all descendant private keys and public keys • Knowing xpub allows reconstruction of all descendant public keys • Should be treated with more care than random generated public key 24
  • 25. BIP32: Where Should We Start? Master Key! Now we have CKD functions, where should we start to generate a tree? • Generate random extended keys directly? • We have a total of 2^512 extended keys, because it’s 512 bits long • But can only produced 2^256 possible public/private keys, because they are 256 bits long • Generate master key from potential random value ( better ) • Generate seed of a chosen length from RNG • Calculate HMAC-SHA512 hash from the seed • Split hash into 2 256-bits sequences • Left as master secret key, right as master chain code 25
  • 26. BIP32: From Seed to Master Key and Extended Key 26
  • 27. BIP32: Security Flaw with CKD 27
  • 28. BIP32: Rescue to Security Flaw: Hardened CKD 28
  • 29. BIP32: Child Key Derive Path Notation • CKDpriv(CKDpriv(CKDpriv(m,3),2),5) => m/3/2/5 • CKDpriv(CKDpriv(CKDpriv(m,3H),2),5) => m/3'/2/5 • CKDpub(CKDpub(CKDpub(m,0),0),0) => M/0/0/0 29
  • 30. BIP32: HD Wallet Structure Overview 30
  • 32. Why BIP44? • BIP32 specification offers implementors too many degrees of freedom, infinite depth • BIP32 compatible wallets can produce wallets with different logical structures 32
  • 33. What is BIP44? • BIP43: Purpose Field for Deterministic Wallets • BIP44: Multi-Account Hierarchy for Deterministic Wallets • Defined a specific logical hierarchy for deterministic wallets based on the algorithm described in BIP-32 • Provided a network agnostic method of generating secure keys in an incredibly flexible manner 33
  • 34. BIP44: Derive Path Notation Notation Example • CKD: m : CKDpriv is used, M for CKDPub • Purpose: 44' , hardened , which spec is used, 44 means BIP44 • Coin: 60' , hardened , 60 means Ethereum, coin types • Account: 0' , hardened , enable multiple accounts under single network • Change: 0 , 0 means external in Bitcoin, always 0 in Ethereum • Index: 0 , the first public/private key pair leaf node m / purpose' / coin_type' / account' / chain / address_index m/44'/60'/0'/0/0 34
  • 35. Making HD Wallet User Friendly (BIP39) 35
  • 37. What is Mnemonic Code? Mnemonic Code = Word sequences that represent a random number used as a seed to derive HD wallets • Easy to transcribe, record on paper • Easy to export and import into another wallet • More secure than brain wallet , 37
  • 38. What is BIP39? Mnemonic code for generating deterministic keys • Describes how to generate mnemonic code from random number • Describes how to convert mnemonic code to master seed 38
  • 40. BIP39: Entropy and Mnemonic code Different length of random number( entropy ) leads to different Mnemonic length Entropy Checksum Entropy + Checksum Mnemonic Length 128 4 132 12 160 5 165 15 192 6 198 18 224 7 231 21 256 8 264 24 Mnemonic word duplicate is possible 40
  • 41. BIP39: Mnemonic Code Wordlist Multilingual support (2048 words in each language): • English • Japanese • Korean • Spanish • Chinese (Simplified) • Chinese (Traditional) • French • Italian 41
  • 42. BIP39: Mnemonic Generating Code: Javascript function generateMnemonic(strength, rng, wordlist) { strength = strength || 128; if (strength % 32 !== 0) throw new TypeError(INVALID_ENTROPY); rng = rng || randomBytes; return entropyToMnemonic(rng(strength / 8), wordlist); } function entropyToMnemonic(entropy, wordlist) { if (!Buffer.isBuffer(entropy)) entropy = Buffer.from(entropy, 'hex'); wordlist = wordlist || DEFAULT_WORDLIST; var entropyBits = bytesToBinary([].slice.call(entropy)); var checksumBits = deriveChecksumBits(entropy); var bits = entropyBits + checksumBits; var chunks = bits.match(/(.{1,11})/g); var words = chunks.map(function(binary) { var index = binaryToByte(binary); return wordlist[index]; }); return wordlist === JAPANESE_WORDLIST ? words.join('u3000') : words.join(' '); } 42
  • 43. BIP39: Possible to Brute Force Attack Mnemonic? Take 12 words mnemonic, 2048 word list as example: • Possible permutation = 2048!/(2048 - 12)! = 5.27e+39 • 10000 guess/second = 10000 * 60 * 60 * 24 * 364 = 3.15*e+11 guess/year • Years take to check all = 1.67e+28 year Longer Mnemonic = Better Randomness = Better Security 43
  • 44. BIP39: From Mnemonic to Master Seed 44
  • 45. BIP39: From Mnemonic to Master Seed (code) function mnemonicToSeed(mnemonic, password) { var mnemonicBuffer = Buffer.from(unorm.nfkd(mnemonic), 'utf8'); var saltBuffer = Buffer.from(salt(unorm.nfkd(password)), 'utf8'); return pbkdf2(mnemonicBuffer, saltBuffer, 2048, 64, 'sha512'); } 45
  • 46. BIP39: Mnemonic + Passphrase = Better Security • Mnemonic • Checksum makes randomly generated word sequences invalid mnemonic • Possible set of 2^512 wallets, no practical possibility of brute-forcing or accidentally guessing one that is in use • Passphrase • Given a single mnemonic, every possible passphrase leads to a different seed • Passphrase as second factor, makes it hard to compromise the wallet when mnemonic leaked 46
  • 48. Mnemonic => Ethereum HD Wallet const bip39 = require('bip39'); const HDKey = require('hdkey'); const EthUtil = require('ethereumjs-util'); const mnemonic = bip39.generateMnemonic(128); const seed = bip39.mnemonicToSeed(mnemonic, ''); const master = HDKey.fromMasterSeed(seed); const account = master.derive("m/44'/60'/0'"); const addr = account.deriveChild(0).deriveChild(0); const pubKey = EthUtil.privateToPublic(addr.privateKey); const address = EthUtil.publicToAddress(pubKey).toString('hex'); // address: 0xd98efff831aaa4fe8834f9cb211d8397193a5492 48
  • 49. Mnemonic HD Wallet in Action 49
  • 51. Where to Learn More? • BIP32: Hierarchical Deterministic Wallets • BIP39: Mnemonic code for generating deterministic keys • BIP43: Purpose Field for Deterministic Wallets • BIP44: Multi-Account Hierarchy for Deterministic Wallets • Master Bitcoin 2nd Edition: Wallets and Address • Bitcoin Developer Guide • HD Wallet Playground: Support Many Chains • HD Wallet Playground: Only Ethereum Support 51
  • 52. 52