From fd333160468b0280f2d35458dc9fbdd12d080464 Mon Sep 17 00:00:00 2001 From: "Andreas M. Antonopoulos" Date: Mon, 10 Oct 2016 17:13:09 +0200 Subject: [PATCH] ch05 early release --- ch05.asciidoc | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/ch05.asciidoc b/ch05.asciidoc index 85b13805..c2eb19cd 100644 --- a/ch05.asciidoc +++ b/ch05.asciidoc @@ -7,11 +7,11 @@ At a high-level, a wallet is an application that serves as the primary user inte More narrowly, from a programmer's perspective, the word "wallet" refers to the data structure used to store and manage a user's keys. -In this chapter we will look at the second meaning, where ((("wallets", id="ix_ch04-asciidoc23", range="startofrange")))wallets are containers for private keys, usually implemented as structured files or simple databases. +In this chapter we will look at the second meaning, where ((("wallets", id="ix_ch04-asciidoc23", range="startofrange")))wallets are containers for private keys, usually implemented as structured files or simple databases. === Wallet Technology Overview -In this section we summarize the various technologies used to construct user-friendly, secure and flexible bitcoin wallets. These technologies, defined by bitcoin standards (BIPs) +In this section we summarize the various technologies used to construct user-friendly, secure and flexible bitcoin wallets. A common misconception about bitcoin is that bitcoin wallets contain bitcoin. In fact, the wallet contains only keys. The "coins" are recorded in the blockchain on the bitcoin network. Users control the coins on the network by signing transactions with the keys in their wallets. In a sense, a bitcoin wallet is a _keychain_. @@ -113,7 +113,6 @@ Gabriel uses a Trezor bitcoin hardware wallet, to securely manage his bitcoins. .A Trezor device: a bitcoin HD-wallet in hardware image::images/trezor-grey-medium.png[alt] - When Gabriel used the Trezor for the first time, the device generated a mnemonic and seed from a built-in hardware random number generator. During this initialization phase, the wallet displayed a numbered sequence of words, one by one, on the screen (see <>). [[trezor_mnemonic_display]] @@ -139,6 +138,8 @@ By writing down this mnemonic, Gabriel created a backup (see <> shows the web interface Gabriel uses to export the xpub. + +[[export_xpub]] +.Exporting an extended public key (xpub) from a Trezor hardware wallet. image::images/trezor_xpub_export.png["Exporting the xpub from the Trezor"] +Gabriel copies the xpub to his web store's bitcoin shop software. He uses _Mycelium Gear_, which is an open source web-store plugin for a variety of web hosting and content platforms. Mycelium gear uses the xpub to generate a unique address for every purchase. + ===== Hardened child key derivation ((("child key derivation (CKD) function","hardened")))((("hardened child key derivation")))((("hierarchical deterministic wallets (HD wallets)","hardened child key derivation")))((("security","extended public keys and")))((("security","hardened child key derivation")))The ability to derive a branch of public keys from an extended public key is very useful, but it comes with a potential risk. Access to an extended public key does not give access to child private keys. However, because the extended public key contains the chain code, if a child private key is known, or somehow leaked, it can be used with the chain code to derive all the other child private keys. A single leaked child private key, together with a parent chain code, reveals all the private keys of all the children. Worse, the child private key together with a parent chain code can be used to deduce the parent private key.