HD / Deterministic Wallets and public key

7

I understand the basic concept of generating an unlimited number of public key addresses from a master public key. What I won't understand is how to get the wallet balance. Do I have to query unspent outputs for every public key in the wallet that I have generated?

Is it possible to iterate through the addresses in the utxo and determine whether they are within the public set of addresses that could be generated by the wallet?

If I hand the server a public key and it generates more on my behalf, how do I know which addresses received coin? It seems like there must be a way to determine if an address is spendable by the master key pair.

Any ideas? Seems that you would have to check the entire utxo set somehow. Much appreciated.

Matt

Posted 2014-06-02T20:05:44.243

Reputation: 520

Answers

4

Clients that use an HD wallet generate a fairly large number of the keys in advance (e.g. Armory does 100 by default). When it scans the blockchain for relevant transactions, it checks for transactions to all of the keys that it's generated so far.

Typically, you do transactions off the next address in the list (there's a certain order to it, and it's easier to just generate the next one than 100 next ones). Let's say your client has generated the first 100 keys, and someone sends money to the 150th address in your list. You'd have to wait for the client to decide to generate the 150th key (probably because you hit your 50th key used and it pregenerated out to 150), or tell your client to generate out to the 150th key, and then rescan the blockchain, in order to know that you received money there.

It seems like there must be a way to determine if an address is spendable by the master key pair.

Not necessarily: you can generate a very long series of addresses (2^32, if I'm reading BIP 0032 right) from a master key pair, but doing so would take a substantial amount of time. I'm not sure if there's a theoretical way to do what you're asking (without actually calculating all of them), but in practice it's clear that you just generate the set of addresses you think will be useful in the near future, and go from there.

Tim S.

Posted 2014-06-02T20:05:44.243

Reputation: 4 159

So for example if you hand off an HD public key to a service and it generates public keys on your behalf for payments. You can pay from those public addresses, but how do you know which ones you control?Matt 2014-06-02T22:02:31.193

You and the service will generate the same series of public keys: that's what it means to be a deterministic wallet, instead of one like Bitcoin Core where each private key is random. You control all of them in the series, it's just a matter of knowing which have money in them (which is controlled by the 100 pregenerated keys in my example), so you know which you can try to spend with.Tim S. 2014-06-02T22:04:09.643

I was under the impression that the public key could be used to generate additional public keys. I.e you could hand off a branch of the hd wallet to a service provider without generating the sub keys. Is that incorrect?Matt 2014-06-02T22:09:09.203

In the BIP 0032 specification an HD wallet has both "normal" child keys, from which you can generate more public child keys with only the public key, and "hardened" child keys, from which you cannot generate more child keys. If a service used a normal child key to calculate a key that's far down the chain, I'd expect them to tell you just how far down the chain that is. But I see no reason why they would go beyond the last unused address unless you asked them to. If you hand them an address or a hardened child key, they cannot generate subkeys.

Tim S. 2014-06-02T22:27:06.920

1

What I won't understand is how to get the wallet balance. Do I have to query unspent outputs for every public key in the wallet that I have generated?

Short answer: Yes. Sort of.

You need to find all the keys up to Gap limit (most wallets use 20). See Bip32 and 44. If you really want to, you could go further though. Then you lookup utxo for these.

Or you could just use mybitprices.info which will find the used addresses for you, and can also print out a transaction report. Source code is on github, you can find it at above link.

danda

Posted 2014-06-02T20:05:44.243

Reputation: 43

Asked: 2014-06-02T20:05:44.243

Viewed: 1 038 times

Active: 2016-02-06T00:17:57.113