@ -17,93 +17,50 @@ practices. Other solutions have both advantages and disadvantages,
leading different wallet authors to make different tradeoffs.
In those cases, we'll describe the various options available.
=== Wallet Technology Overview
In this section we summarize the various technologies used to construct
user-friendly, secure, and flexible bitcoin wallets.
((("wallets", "contents of")))A common misconception about bitcoin is
that bitcoin wallets contain bitcoin. In fact, the wallet contains only
keys. The "coins" are recorded in the blockchain on the Bitcoin network.
Users control the coins on the network by signing transactions with the
keys in their wallets. ((("keychains")))In a sense, a bitcoin wallet is
a _keychain_.
[TIP]
====
Bitcoin wallets contain keys, not coins. Each user has a wallet
containing keys. Wallets are really keychains containing pairs of
private/public keys (see <<private_public_keys>>). Users sign
transactions with the keys, thereby proving they own the transaction
outputs (their coins). The coins are stored on the blockchain in the
form of transaction outputs (often noted as vout or txout).
====
((("wallets", "types of", "primary distinctions")))There are two primary
types of wallets, distinguished by whether the keys they contain are
related to each other or not.
((("JBOK wallets", seealso="wallets")))((("wallets", "types of", "JBOK
wallets")))((("nondeterministic wallets", seealso="wallets")))The first
type is a _nondeterministic wallet_, where each key is independently
generated from a random number. The keys are not related to each other.
This type of wallet is also known as a JBOK wallet from the phrase "Just
a Bunch Of Keys."
((("deterministic wallets", seealso="wallets")))The second type of
wallet is a _deterministic wallet_, where all the keys are derived from
a single master key, known as the _seed_. All the keys in this type of
wallet are related to each other and can be generated again if one has
the original seed. ((("key derivation methods")))There are a number of
different _key derivation_ methods used in deterministic wallets.
((("hierarchical deterministic (HD) wallets", seealso="wallets")))The
most commonly used derivation method uses a tree-like structure and is
known as a _hierarchical deterministic_ or _HD_ wallet.
((("mnemonic code words")))Deterministic wallets are initialized from a
seed. To make these easier to use, seeds are encoded as English words,
also known as _mnemonic code words_.
The next few sections introduce each of these technologies at a high
level.
[[random_wallet]]
==== Nondeterministic (Random) Wallets
((("wallets", "types of", "nondeterministic (random) wallets")))In the
first bitcoin wallet (now called Bitcoin Core), wallets were collections
of randomly generated private keys. For example, the original Bitcoin
Core client pregenerates 100 random private keys when first started and
generates more keys as needed, using each key only once. Such wallets
are being replaced with deterministic wallets because they are
cumbersome to manage, back up, and import. The disadvantage of random
keys is that if you generate many of them you must keep copies of all of
them, meaning that the wallet must be backed up frequently. Each key
must be backed up, or the funds it controls are irrevocably lost if the
wallet becomes inaccessible. This conflicts directly with the principle
of avoiding address reuse, by using each Bitcoin address for only one
transaction. Address reuse reduces privacy by associating multiple
transactions and addresses with each other. A Type-0 nondeterministic
wallet is a poor choice of wallet, especially if you want to avoid
address reuse because it means managing many keys, which creates the
need for frequent backups. Although the Bitcoin Core client includes a
Type-0 wallet, using this wallet is discouraged by developers of Bitcoin
Core. <<Type0_wallet>> shows a nondeterministic wallet, containing a
loose collection of random keys.
[TIP]
====
The use of nondeterministic wallets is discouraged for anything other
than simple tests. They are simply too cumbersome to back up and use.
Instead, use an industry-standard–based _HD wallet_ with a
_mnemonic_ seed for backup.
====
=== Independent Key Generation
((("wallets", "contents of")))Wallets for physical cash hold that cash,
so it's unsurprising that many people mistakenly believe that
bitcoin wallets contain bitcoins. In fact, what many people call a
Bitcoin wallet--which we call a _wallet database_ to distinguish it
from wallet applications--contains only keys. Those keys are associated
with bitcoins recorded on the blockchain. By proving to Bitcoin full nodes that you
control the keys, you can can spend the associated bitcoins.
Simple wallet databases contain both the public keys to which bitcoins
are received and the private keys which allow creating the signatures
necessary to authorize spending those bitcoins. Other wallets databases
may contain only public keys, or only some of the private keys necessary
to authorize a spending transaction. Their wallet applications produce
the necessary signatures by working with external tools, such as
hardware signing devices or other wallets in a multi-signature scheme.
It's possible for a wallet application to independently generate each of
the wallet keys it later plans to use. All early Bitcoin wallet applications did
this, but this required users back up the wallet database each time they
generated and distributed new keys, which could be as often as each time
they generated a new address to receive a new payment. Failure to back
up the wallet database on time would lead to the user losing access to
any funds received to keys which had not been backed up.
For each independently-generated key, the user would need to back up
about 32 bytes, plus overhead. Some users and wallet applications tried
to minimize the amount of data that needed to be backed up
by only using a single key. Although that can be secure, it severely
reduces the privacy of that user and all of the people with whom they
transact. People who valued their privacy and those of their peers
created new keypairs for each transaction, producing wallet databases
that could only reasonably be backed up using digital media.
[[Type0_wallet]]
[role="smallersixty"]
.Type-0 nondeterministic (random) wallet: a collection of randomly generated keys
.Non-deterministic key generation: a collection of independently generated keys stored in a wallet database
image::images/mbc2_0501.png["Non-Deterministic Wallet"]
Modern wallet applications don't independently generate keys but instead
derive them from a single random seed using a repeatable (deterministic)
algorithm.
==== Deterministic (Seeded) Wallets
((("wallets", "types of", "deterministic (seeded)
David A. Harding
1 year ago