I'm really curious about how this works with Bitcoin.
So you have one recovery seed, but can create different wallet addresses from it, right? I mean, I could give my boss a bitcoin address to get my salary, and then a different one to my buddy for a one-time payment, and they all connect back to the same recovery seed.
How's that even possible? I always thought that one recovery seed was tied to just one bitcoin address.
Looks like I've got a lot to figure out about Bitcoin.
Yes a lot, with the kind of question you just asked.
Read this : https://learnmeabitcoin.com/technical/keys/hd-wallets , that's the answer to your question.
Cook data was quick to post that already.
You're confusing Seed-phrase with private key, every bitcoin address has a single private key . When you try to recover your sats with single address private key, it will recover just that particular address . When you're done reading and you don't understand, ask questions on the Bitcoin technical support board.
Your seed phrase actually represents a random number and generates your master private key. Then your master private key generates your individual private keys deterministically.
All of this is done through some mathematical calcualtions and that's how make you have multiple addresses.
Note that you can also have a single private key and a single address, but it's more common to use a HD wallet with seed phrase. In this way, all you need to save is the seed phrase and you don't have to manage many private keys.
The Mastering Bitcoin book with chapter 5 - Wallets is another good resources for learning about HD wallets.
Hierarchical Deterministic (HD) Key Generation (BIP32). HD wallets are better than Deterministic wallets as it is very well-organized and helpful for users in accounting too.
Well, is this simple on hierarchical deterministic the seed phrase will generate the seed, the seed will generate the Master private key which is sometimes called the extended private key.
The master private key can as well generate all the private keys ( child private key) and its corresponding addresses
The master private key can generate the master public key, and the master Public key can generate all the public key with its corresponding address.
You may see the tree bellow;
Source: https://arshbot.medium.com/hd-wallets-explained-from-high-level-to-nuts-and-bolts-9a41545f5b0
It is possible, because you can always add, subtract, multiply or divide any known public key, by any known number.
For example: only Satoshi knows the private key to the Genesis Block: https://mempool.space/address/04678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb649f6bc3f4cef38c4f35504e51ec112de5c384df7ba0b8d578a4c702b6bf11d5f
We can compress it, to make it shorter, and preserve the same private key:
And now, we can test some operations, where some known public key can be modified. Let's test addition:
Which means, that we can use 03C920F3CD3775B74110C84CCD4C3EF49085B07B0908B6762F271A22F301583755 as a new public key instead. And the recipient could simply add 77f930e4b1a527037bb9daf4dd0546e592166c78f229211635ec5387afe52d8c to the private key, and then get a matching key, allowing him to spend it. In the same way, we can test subtraction, by adding "n-number" to our public key:
And, as we can see, by starting from 03C920F3CD3775B74110C84CCD4C3EF49085B07B0908B6762F271A22F301583755 and adding 8806cf1b4e5ad8fc8446250b22fab9192898706dbd1f7f2589e60b05205113b5, we can go back to our 03678AFDB0FE5548271967F1A67130B7105CD6A828E03909A67962E0EA1F61DEB6 public key. Now, let's test multiplication in the same way:
As previously, we can multiply known public key 03678afdb0fe5548271967f1a67130b7105cd6a828e03909a67962e0ea1f61deb6 by known number 6b8370563d27b789779ff9f2839f7575c0ad6918056d9b2b60609d6743bc0e76 and get 027ECCA53971D9055E22148B38423D1B2F297BB027ACEE6B88200713BC47EAF2F0 as a result. The recipient can multiply its private key, which would allow him to move the coins. And finally, we can test division:
As we can see, by starting from 027ECCA53971D9055E22148B38423D1B2F297BB027ACEE6B88200713BC47EAF2F0 and multiplying it by 43f2a611a0a8b11bb9a627f7d69af10e3fe71e267bfa3e7475efc4f8412c5587, we can get back 03678AFDB0FE5548271967F1A67130B7105CD6A828E03909A67962E0EA1F61DEB6.
So, addition, subtraction, multiplication, and division works, as long as all numbers are known. Which means, that if you have a HD wallet, then you just start from some known public key, you use that kind of operations, to reach a different public key, and then, other people could compute your new addresses, send coins there, and you can apply the same operations on your private keys, to spend these coins later. This is how non-hardened HD wallets work. For hardened HD wallets, the same operations are just applied on private keys alone.
Because there are only fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140 valid public keys, and a point at infinity. Every addition, subtraction, multiplication, and division, is always done in range from 1 to fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140. If you start from some number, and you use these operations with known numbers, then private and public keys follow each other.
And now, if you want to understand, what is a signature, then it is just a relation between two public keys. You simply start from one public key Q, and you reveal two numbers, where "(Q+a)*b=R". Then, nobody knows the private key to Q public key, or R public key. But everyone knows "a" and "b", so all nodes can check, if it is valid. And because "a=z/r" and "b=r/s", and r-value is taken as x-value of the R public key, using randomly generated "a" and "b" won't break it. Also, z-value has to match SHA-256 of the simplified transaction, which means, that even if you would get random (r,s,z) values for some public key, which would pass secp256k1 validation alone, then still, you won't get a message, which will hash to this random z-value, without breaking SHA-256.
The replies above are more than sufficient, but I will narrow it down and tell you that you can think of a recovery seed like a random number, just like a private key. The difference with the seed, is that you use one random number to create infinite pseudo-random numbers that are equally cryptographically secure.
Instead of generating a private key each time, with no cryptographic relation, and thus having to back each one up separately, you use one "private key" (the seed) and derive infinite Bitcoin private keys by a hash function and an extra field. (i.e., SHA256(seed + '1'), SHA256(seed + '2') etc.)
Obviously in practice it's more advanced with master private & public keys and children of those keys, but that is the idea.