Single recovery seed, multiple Bitcoin addresses, how does it work?

7 replies 79 views
nonce_chadFull Member
Posts: 25 · Reputation: 260
#1Nov 25, 2018, 03:53 AM
I'm really curious about how this works with Bitcoin. So you have one recovery seed, but can create different wallet addresses from it, right? I mean, I could give my boss a bitcoin address to get my salary, and then a different one to my buddy for a one-time payment, and they all connect back to the same recovery seed. How's that even possible? I always thought that one recovery seed was tied to just one bitcoin address. Looks like I've got a lot to figure out about Bitcoin.
6 Reply Quote Share
cryptobridgeSenior Member
Posts: 221 · Reputation: 1481
#2Nov 25, 2018, 04:54 AM
I think you have to stop believing and start learning. https://learnmeabitcoin.com/technical/keys/hd-wallets
1 Reply Quote Share
bear_maxiSenior Member
Posts: 349 · Reputation: 1145
#3Nov 25, 2018, 06:20 AM
Yes a lot, with the kind of question  you just asked. Read this : https://learnmeabitcoin.com/technical/keys/hd-wallets , that's  the answer to your question. Cook data was quick to post that already. You're  confusing Seed-phrase with private key, every  bitcoin address has a single private key . When you  try to recover your sats with  single address private key, it will recover just that particular address .  When you're done reading and you don't understand,  ask questions on the Bitcoin technical support board.
4 Reply Quote Share
w0lf404Hero Member
Posts: 801 · Reputation: 2381
#4Nov 25, 2018, 07:03 AM
Your seed phrase actually represents a random number and generates your master private key. Then your master private key generates your individual private keys deterministically. All of this is done through some mathematical calcualtions and that's how make you have multiple addresses. Note that you can also have a single private key and a single address, but it's more common to use a HD wallet with seed phrase. In this way, all you need to save is the seed phrase and you don't have to manage many private keys.
0 Reply Quote Share
sam_guruFull Member
Posts: 95 · Reputation: 488
#5Nov 25, 2018, 08:20 AM
The Mastering Bitcoin book with chapter 5 - Wallets is another good resources for learning about HD wallets. Hierarchical Deterministic (HD) Key Generation (BIP32). HD wallets are better than Deterministic wallets as it is very well-organized and helpful for users in accounting too.
2 Reply Quote Share
im_altSenior Member
Posts: 130 · Reputation: 817
#6Nov 26, 2018, 09:00 PM
Well, is this simple on hierarchical deterministic the seed phrase will generate the seed, the seed will generate the   Master private  key which is sometimes called the extended private key. The master private key can as well generate all the private keys ( child private key) and it’s corresponding addresses The master private key can generate the master public key, and the master Public key can generate all the public key with its corresponding address. You may  see the tree bellow; Source:   https://arshbot.medium.com/hd-wallets-explained-from-high-level-to-nuts-and-bolts-9a41545f5b0
3 Reply Quote Share
ninja_nodeFull Member
Posts: 89 · Reputation: 647
#7Nov 29, 2018, 07:38 AM
It is possible, because you can always add, subtract, multiply or divide any known public key, by any known number. For example: only Satoshi knows the private key to the Genesis Block: https://mempool.space/address/04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f We can compress it, to make it shorter, and preserve the same private key: And now, we can test some operations, where some known public key can be modified. Let's test addition: Which means, that we can use 03C920F3CD3775B74110C84CCD4C3EF49085B07B0908B6762F271A22F301583755 as a new public key instead. And the recipient could simply add 77f930e4b1a527037bb9daf4dd0546e592166c78f229211635ec5387afe52d8c to the private key, and then get a matching key, allowing him to spend it. In the same way, we can test subtraction, by adding "n-number" to our public key: And, as we can see, by starting from 03C920F3CD3775B74110C84CCD4C3EF49085B07B0908B6762F271A22F301583755 and adding 8806cf1b4e5ad8fc8446250b22fab9192898706dbd1f7f2589e60b05205113b5, we can go back to our 03678AFDB0FE5548271967F1A67130B7105CD6A828E03909A67962E0EA1F61DEB6 public key. Now, let's test multiplication in the same way: As previously, we can multiply known public key 03678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6 by known number 6b8370563d27b789779ff9f2839f7575c0ad6918056d9b2b60609d6743bc0e76 and get 027ECCA53971D9055E22148B38423D1B2F297BB027ACEE6B88200713BC47EAF2F0 as a result. The recipient can multiply its private key, which would allow him to move the coins. And finally, we can test division: As we can see, by starting from 027ECCA53971D9055E22148B38423D1B2F297BB027ACEE6B88200713BC47EAF2F0 and multiplying it by 43f2a611a0a8b11bb9a627f7d69af10e3fe71e267bfa3e7475efc4f8412c5587, we can get back 03678AFDB0FE5548271967F1A67130B7105CD6A828E03909A67962E0EA1F61DEB6. So, addition, subtraction, multiplication, and division works, as long as all numbers are known. Which means, that if you have a HD wallet, then you just start from some known public key, you use that kind of operations, to reach a different public key, and then, other people could compute your new addresses, send coins there, and you can apply the same operations on your private keys, to spend these coins later. This is how non-hardened HD wallets work. For hardened HD wallets, the same operations are just applied on private keys alone. Because there are only fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140 valid public keys, and a point at infinity. Every addition, subtraction, multiplication, and division, is always done in range from 1 to fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140. If you start from some number, and you use these operations with known numbers, then private and public keys follow each other. And now, if you want to understand, what is a signature, then it is just a relation between two public keys. You simply start from one public key Q, and you reveal two numbers, where "(Q+a)*b=R". Then, nobody knows the private key to Q public key, or R public key. But everyone knows "a" and "b", so all nodes can check, if it is valid. And because "a=z/r" and "b=r/s", and r-value is taken as x-value of the R public key, using randomly generated "a" and "b" won't break it. Also, z-value has to match SHA-256 of the simplified transaction, which means, that even if you would get random (r,s,z) values for some public key, which would pass secp256k1 validation alone, then still, you won't get a message, which will hash to this random z-value, without breaking SHA-256.
2 Reply Quote Share
paul.stakeHero Member
Posts: 651 · Reputation: 3798
#8Nov 29, 2018, 01:04 PM
The replies above are more than sufficient, but I will narrow it down and tell you that you can think of a recovery seed like a random number, just like a private key. The difference with the seed, is that you use one random number to create infinite pseudo-random numbers that are equally cryptographically secure. Instead of generating a private key each time, with no cryptographic relation, and thus having to back each one up separately, you use one "private key" (the seed) and derive infinite Bitcoin private keys by a hash function and an extra field. (i.e., SHA256(seed + '1'), SHA256(seed + '2') etc.) Obviously in practice it's more advanced with master private & public keys and children of those keys, but that is the idea.
4 Reply Quote Share

Related topics