Part #1: #539202
Derivation of Master Extended Private Key:
The derivation of the master extended private key (xpriv) out of the master seed, is facilitated by the Hash-based Message Authentication Code with Secure Hash Algorithm 512-bit (HMAC-SHA-512), a specialized algorithm that converts the initial input, or master seed plus constant message, into a 64-byte, or 512-bit hash value.
The 512-bit (64-byte) hash value is subsequently split into two halves: the first 256 bits (32 bytes) depict the private key, and the remaining 256 bits (32 bytes) depict the chain code.
- The constant value, or message, is a fixed value, or sequence of 1024-bits, included in addition to the initial input, or master seed.
(In regards to ⬆️: I'm referring to the second input besides the master seed, which is the string "Bitcoin Seed"; does it check out?)
- The linking of the chain code with the private key turns the (normal) private key into the master extended private key, enabling the deterministic derivation of child keys.
Derivation of Master Extended Public Key:
The derivation of the master extended public key (xpub) out of the master extended private key (xpriv), is facilitated by elliptic curve multiplication, which defines an operation applied in Elliptic Curve Cryptography; a type of cryptography that relies on the algebraic structure of elliptic curves over finite fields.
- The term "algebraic structure" refers to the mathematical properties and operations performed on the set of points that lie on the elliptic curve, "elliptic" in "elliptic curve" refers to the geometric shape of the curve when graphed on a Cartesian coordinate system, and “finite field” refers to the set of numbers over which the elliptic curve is defined.
In ECC, cryptographic keys are generated from points on the elliptic curve, which is facilitated by operations such as point addition, doubling and scalar multiplication.
(Include: explaining and diagrams of the above three operations) - personal note
(Also Include: The order n of the subgroup determines the size of the subgroup and influences the security of cryptographic operations based on the elliptic curve, such as the difficulty of solving the elliptic curve discrete logarithm problem (ECDLP).) - personal note
An elliptic curve is a mathematical curve, or in the context of Bitcoin, the secp256k1 curve, which is defined by an equation of the form y² = x³ + ax + b (mod p):
-
y² and x³ depict the coordinates of a given point on the curve, and a, b, and p define the parameters of the elliptic curve, where a and b are constants that specify the specific shape and properties of the curve, and where mod p denotes arithmetic operations performed modulo a prime number p, ensuring that all computations remain within the finite field.
-
The term “arithmetic operations” typically refers to addition, subtraction, multiplication, and division performed on elements (points), and are conducted within the constraints of the finite field.
-
Arithmetic operations that are performed modulo a prime number p, indicate that after performing an arithmetic operation (such as addition or multiplication), the result is reduced to the remainder when divided by p, ensuring that the results remain within the range of 0 to p−1, effectively "wrapping around", or starting at 0, if it exceeds p−1.
Elliptic curves have a predetermined generator point, denoted as G; the initial element, or point on the curve, out of which every other point can be derived by adding G to itself.
- The generator point is added to itself by the order (a prime number) of G, denoted as n, creating a subgroup, denoted as ⟨G⟩, that contains the total number of reachable points on the curve by repeatedly adding G to itself.
The derivation of the master extended public key (xpub), or K, out of the master extended private key (xpriv), or k, is facilitated by elliptic curve multiplication, indicating the operation of repeatedly adding the generator point, or G, to itself, whereby the number of additions is determined by a scalar value, denoted as k.
- The scalar used in the derivation of the master extended public key consists of the master extended private key.
In order to derive public key K, generator point G is added to itself k times, or K = k × G, where K is the resulting point, or public key, k is the scalar, or private key, and G is the generator point.
- Each addition of G to itself represents one "step" in the multiplication process, and after k steps, one arrives at the resulting point K, the public key corresponding to the master extended private key, or k.
Once the public key is known, it’s combined with the chain code derived from the extended private key, a checksum is computed and appended, and the package is encoded into Base 58, rendering the master extended public key human-readable and suitable for use in HD wallets.
The End.
I'd like to hear if the above is already going into the right direction, along with what points may need to be improved, corrected or expanded upon!
- It's an early work-in-progress, as the "personal notes may already have signaled, and the structure as well as explanations of some parts may- or will be improved upon on a later stage.
Greg Walker from Learnmeabitcoin.com already gave it a look, and stated that it is both chronologically and factually correct in it's current form, but the more input, the better. 🤠
- It's important that I get this correct, as I'll build the rest off of the above.