Working Through The Chapter
In this chapter we build a wallet. The first version must:
- Create new addresses
- Manage private keys
- Transfer payment details
- Make a payment
- Keep track of funds
- Back up private keys.
To buy something we go through a few steps:
- Cafe creates a new address, and requests 10 Cookie Tokens. This is codified as a QR code.
- We point our camera at the QR code. It gets the web URI, which launches our wallet.
- Our wallet tells us the payment details. We hit agree, and the money is sent.
- We then send an email to Lisa, who tracks everything in the spreadsheet.
Next, we build a backup feature. We create a text file, backup file with private keys and send this to a specific email address.
Password strength is measured in entropy. If you construct a password of 8 characters from a set of 64 characters, you have an entropy of 48 bits.
Problems with password-encrypted backups
More things to secure
Randomness is hard
Hierarchical Deterministic Wallets
Realization: If private keys were all generated from single seed then the whole wallet could be backed up.
All other keys are derived from a master private key.
We number all these keys, from 0 upward, like an array index and they receive a certain syntax referencing them. For instance, the first derived key from the 2 derived private key, is called “m/1/0”. M = master private key, 1 = second derived key, 0 = first derived key from the originally referenced derived key.
We accomplish this tree structure by:
- Generating a random seed of 128 bits.
- We generate a master extended private key (originally called master private key)
- We derive children from the master extended private key (called now, extended private key (xprv))
This extended private key contains two elements:
- Private key
- Chain code
We originally derive the seed using an algorithm called “HMAC-SHA512”. This produces a hash of 512 bits.
We split this hash in half. The right hash, become the private key, the left hash becomes the “chain code”. The chain code is used to derive children from the master extended private key (xprv).
We derive a child extended private key in 4 steps:
- We appended the index to the parent public key
- The public key and index are inputted to HMAC-SHA512, and we use the parent chain code as a source of entropy.
- We take the HMAC-SHA512 hash, split it in half. We add the left side to the parent private key. The sum becomes the child private key.
- The right side becomes the child chain code.
- The child chain code and the child private key combine to form the child extended private key(xprv).
A seed is a sequence of bits. We can encode these bits into human readable words, and make it much easier to remember our seed. This is called a mneumonic sentence.
This way, if we lose our wallet, we can restore the seed using these 12 words.
How do we encode a seed into a mnemonic sentence?
We take a random seed and hash with SHA256. The first 4 bits of the hash are appended to the random seed. This is a checksum.
We arrange all the bits into 12 groups of 11 bits. Each group encodes a number from 0-2047. These numbers are referenced in a standardized word list. The end result of these numbers is a mnemonic sentence.
Decoding a mnemonic sentence into a seed
If we lose our wallet, that’s ok. We can get a new wallet, and write in our seed, using our mnemonic sentence. This restores our wallet.
We look up the respective words of the mnemonic, turn them into the numbers using the standardized word list. We then turn those numbers into a binary representation. We separate out the binary representation into 128 bits, and then I get completely lost.
I really don’t understand what happens next. I understand that there is a checksum. We use this checksum to make sure that our mnemonic is correct. I don’t understand how we generate this checksum though.
When I run the seed – 16432a207785ec5c4e5a226e3bde819d through a SHA-256 algorithm, the first 4 bits are not equal to the checksum in the book.
The book clearly says on page 101, “The seed is hashed with SHA256, and the first 4 bits of the has – in this case, 0111 – are appended to the seed. Those 4 bits acts as a checksum.”
I’m not certain if I’m not generating something correctly? I just cannot seem to get the correct checksum.
I’m just going to move on. I’ve spent probably 2 hours trying to understand this checksum, and every other part makes sense but this part to me.
Extended Public Keys
An extended public key contains a public key and chain code. XPUB shares the chain code with the XPRIV You can create a public key from a private key, as it is a one way derivation.
We use M/1 to denote a path where a public key is. Notice the uppercase M. Uppercase M is only associated with public keys.
Extended Public Keys (XPUB) are derived differently compared to Extended Private Keys(KPRIV). The difference is what you do with the left 256 bits of the 512 bit hash.
Calculating the child public key:
- Treat left 256 bits as private key and derive public key
- Add this to the parent public key, using special public key addition.
This process generates a child public key.
The parent private key, plus some value is the child private key.
The parent public key, plus a public key derived from the hash, is the child public key.
Deriving hardened private keys
I don’t 100% understand this section, to be honest. It seems like the explanation is left up to the figure.
But, when I google it, it makes a lot of sense. Basically, it’s a parent private key + index, hashed.
You cannot use this key to derive any more children though.
Public Key Math
We derive a public key from a private key, with a pretty straightforward equation.
A public key in Bitcoin is a whole-number solution to this equation:
y^2 = x^3 + 7 mod (2^256 - 4294968273)
I tried to work through this section and had absolutely no clue what was going on. I’ll just wait to work through it in Jimmy Song’s book, I guess.
This was the first chapter where I really felt like I had no clue what was going on when I reached the questions. I read, and re-read this chapter, and spent a few days working through everything. It’s really discouraging and frustrating, and I’m hoping I can revisit this later and understand it more in depth.