Professional Documents
Culture Documents
Chapter 04
Chapter 04
and
Cryptocurrency
Ashok Kumar Turuk
1
What is Blockchain?
2
Wallets
Common tasks users
perform:
Create new addresses
Store private keys
Transfer addresses are
between users
Make payment
3
First wallet version
Wallet is a mobile app that simplify Several different wallets are available
common tasks of users. for Bitcoin. Some popular ones are
Create new addresses Bitcoin Core
Manage private keys Electrum
Transfer payment details from payee to GreenBits
payer BRD (Bread)
Make a payment
Keep track of funds
Back up private keys
4
First wallet version
John wants to buy a cookie in the cafe
Both John and the cafe are using this
new app.
The process goes through several steps
The cafe asks its wallet to create a new
address and request 10 CT to that
address.
John scan the QR code for the payment
details.
John’s wallet displays the payment
details to John
John’s wallet creates an email to Lisa
5
First wallet version
BIPs (Bitcoin Improvement Proposals)
are used to communicate ideas
among developers.
Bitcoin adopted BIP21 as a way to
transfer payment details from one
wallet to another using a URI.
Bitcoin URIs start with bitcoin:
6
First wallet version
The cafe’s wallet, as well as John’s
wallet, will check the spreadsheet
every now and then to see if there are
any new payments concerning any of
the wallet’s keys, as a sender, a
recipient, or both
Unconfirmed transactions
Unconfirmed means a transaction is
created and sent to the Bitcoin network,
but it isn’t yet part of the Bitcoin
blockchain.
7
Private Key Backups
Risk of theft
Excessive backups
8
Private Key Backups
Secure the backup
Encrypt the private keys with password.
9
Problems with password-encrypted
backups
More things to secure
Backup
Password
Forgotten password
Technology advancements
Randomness is hard
10
Hierarchical deterministic wallets
Keys are organized as a tree
One key is the root of the tree, and this root
can have any number of child keys.
Each child key can in turn have a large
number of children of its own, and so on.
The root key of the tree is called the
master private key.
Rest of the keys are derived from master key.
Each set of children is numbered from 0
upward.
This gives each key a unique identifier.
For example, the first savings key, index 0, is
denoted m/1/0—m is special and refers to the
master private key.
11
Hierarchical deterministic wallets
Three important processes are
performed to create the tree
A random seed of 128 bits is generated.
This seed is what the whole tree grows
up from.
The master extended private key is
derived from the seed.
The descendant extended private keys of
the master extended private key are
derived.
12
Hierarchical deterministic wallets
An extended private key (xprv)
contains two items:
A private key and a chain code
13
Deriving a master extended private key
The seed is hashed using HMAC-
SHA512
The hash value is split into the left 256
bits and the right 256 bits.
The left 256 bits become the master
private key
The right 256 bits become the chain
code, used in the next step to derive
children from the master xprv.
14
Deriving a child extended private key
The process for deriving a child xprv
from a parent xprv is as follows:
The desired index is appended to the
parent public key.
The public key and index become the
input to HMAC-SHA512.
The 512-bit hash value is split in half:
The left 256 bits are added, to the parent
private key. The sum becomes the child private
key.
The right 256 bits become the child chain
code.
The child private key and the child chain
code together form the child xprv.
15
Backup
For restoration of keys:
Seed
Paths
In Bitcoin, those paths are standardized in Bitcoin Improvement Protocol (BIP) 44.
If a wallet uses BIP44 standard, you implicitly know the keys’ paths.
16
Mnemonic sentences
Seed is a sequence of bits (128 bits). Mnemonic sentence encodes the seed
Encode those bits in a more human- in a human-readable way.
friendly way It’s much more approachable to write
Wallet can display the seed as a down 12 words than it is to write down
hex code.
sequence of 12 English words, called a In case of lost install the wallet app on
mnemonic sentence: another phone and restore the seed from
Seed: those 12 words and regenerate all private
16432a207785ec5c4e5a226e3bde819d keys from that seed.
Mnemonic: bind bone marine upper gain
comfort defense dust hotel ten parrot
depend Most Bitcoin wallets use mnemonic
sentences for backup. This is
standardized in BIP39.
17
Encoding a seed into a mnemonic sentence
The seed is hashed with SHA256, and
the first 4 bits of the hash are
appended to the seed.
Those 4 bits act as a checksum.
Then arrange the bits into 12 groups
of 11 bits, where each group encodes
a number in the range 0 to 2047.
The 12 numbers are looked up in a
standardized word list of 2,048 words
numbered from 0 to 2047
18
Decoding a mnemonic sentence into a seed
The app decodes the sentence by
reversing the encoding process
Regenerate keys from the decoded seed
The decoding uses the 4-bit checksum
to make sure it’s correct
19
Extended public keys
An xpub is similar to an xprv
xpub contains a public key and a chain
code, whereas the xprv contains a private
key and a chain code.
An xprv shares the chain code with
the xpub.
20
Extended public keys
Create the xpub tree from the master
xpub
generate any and all addresses without
any private key.
You can create addresses, but not
spend money from those addresses.
21
Extended public keys
22
Deriving hardened private keys
The private key m/1/1 is stolen
xprv derivation function
private key + parent private key
m/1 + left half hash of index 1 = m/1/1
m/1/1 − left half hash of index 1 = m/1
Mallory knows everything to calculate
the left-half hash other than index of
stolen private key
m/1/1 − left half hash of index 0 = a m/1/1 − left half hash of index 1 =
private key another private key
Derives the public key from this private
key
23
Deriving hardened private keys
hardened key derivation
Parent private key as input to the hash
function instead of the public key
m/1/1 − left half hash of index 0 = a
private key
24
Deriving hardened private keys
You can’t derive a hardened
child xpub from a parent xpub.
The children of m/1' can’t be
derived as hardened private
keys
This will require the cafe to put
the private key m/1' on the
online sales web server, which
would be insecure.
With hardened xprv, you solve
the case of a stolen M and
m/1'/1 but not the case with a
stolen M/1' and m/1'/1
25