a few questions about how HD wallet works

4

1

I've read through HD wallet from various resources and have got the basic understanding about it, but am still confused by a few details

1) Each non-hardened public keys (thus addresses) can receive certain amount of Bitcoins. How's my total UTXO calculated? Is is simply the sum of all UTXO or there's some other mechanism automatically pool all these UTXO into somewhere

2) Kinda depending on the answer of 1), how does it work to send Bitcoin to some else in the case of HD wallet? If all public addresses have their own UTXO, then the wallet has to choose a number of UTXO as inputs for each new transactions. Is it how it works?

3) Do we use master private key to sign every transaction?

Thank you for your help

Will Gu

Posted 2018-04-03T01:04:29.570

Reputation: 318

Answers

5

1) ...How's my total UTXO calculated?...

Each node calculates it's own UTXO set, there is no single 'global UTOX set'. You may own some subset of the UTXOs, but there is no pooling. If you receive payments to the same address more than once, each one will be it's own UTXO.

2) ...If all public addresses have their own UTXO, then the wallet has to choose a number of UTXO as inputs for each new transactions. Is it how it works?

Yes, and each wallet may perform coin selection differently when authoring a new transaction. Some wallets even allow manual selection when sending transactions.

3) Do we use master private key to sign every transaction?

No, each UTXO can only be signed by the child private key for that particular address. In the case of an HD wallet, the xpriv key is used to derive the child private key for each address. Those child private keys can then be used to sign transactions.

Each address derived by an HD wallet looks just like any other bitcoin address, there is no way to know it came from an HD wallet. So in order to spend the UTXO, you need to present a signature made by the private key of that specific address. The network does not know that your address was derived from an xrpiv key, so if you use your xpriv key to sign the transaction, it will be invalid.

chytrik

Posted 2018-04-03T01:04:29.570

Reputation: 10 276

1Or more generally: HD is just a way to generate addresses and their corresponding private keys. All the question OP asked are unrelated to this (the answer to them is independent from whether the addresses are the result of HD derivation or not).Pieter Wuille 2018-04-03T03:18:38.757

Thank you. I might be misunderstanding here, but is it true that non-hardened public keys don't have private keys with them? if so, how can we possibly sign the transaction made out of those addresses... and thank you @PieterWuilleWill Gu 2018-04-03T03:31:12.633

1All public keys have a corresponding private key. Non-hardened HD derivation just means you can derive the child public key from the parent public key. But there still is a corresponding child private key (which you can only derive using the master parent key), without which you can't sign.Pieter Wuille 2018-04-03T05:20:52.437

According to this answer here some parts are wrong here. From master private key all derived keys can be regenerated and thus the funds can be send along with master PK: https://bitcoin.stackexchange.com/a/79205/87493

delete 2018-09-14T11:44:42.180

@delete the master privkey is used to derive the child privkeys, and those child keys are used to spend from the child addresses. The master privkey cannot be used to sign for transactions from its child addresses. That answer is talking about saving just the mnemonic seed phrase as a simplified and secure backup method. The wallet software will then use the seed phrase to derive child keys that can spend your coins.chytrik 2018-09-14T11:47:12.353

Asked: 2018-04-03T01:04:29.570

Viewed: 713 times

Active: 2018-04-03T02:32:51.920