Bitcoin improvement proposal 32 is, in my opinion, one of the most important BIPs we have. (Thanks Peter Wuille!) BIP 32 gave us Hierarchical Deterministic Wallets, that is, the ability to create a tree of keys from a single seed.
In the early days of Bitcoin, each time a user wanted to receive new coins, their wallet would randomly generate a new Bitcoin private key, along with the associated public key and address. For example (and don’t try to use these):
Private key: L57hXXKTCRgJRytYMVbhaxnsKpWZdzPzReKUghiYY6D6aQqQrM39
Address (public key hash): 1P3AzkwVv1jDJAhEBQby6873xwJvymzDRn
Each user’s wallet software contained lists of public and private keys pairs. If the user’s computer broke or was stolen, all the private keys were lost. The user had to be fairly tech savvy to know how to export and encrypt their keys for safe keeping, but even so, each time they received coins to a new address, they needed to re-backup the new private key.
In accordance with BIP 32, new wallets called HD wallets (Hierarchical Deterministic, not High Definition) made the backup process a lot easier and safer.
Instead of generating random private keys for each transaction, HD wallets generate one seed which is is used to create a master private key. This master private key can be used to generate more “child” private keys for each transaction. Because the child keys are determined using the same pattern each time, the user doesn’t need to backup all of their private keys, only the one seed:
However, since most wallets have also adopted BIP 39 you may be more familiar with a 12 or twenty four word encoding of your seed (again don’t use this example):
bubble cat run happy tree bird snow flake person orange yellow mother
Now, on a piece of paper or in a password manager like Qvault, users can backup their seed phrase and know that all the Bitcoins that will ever be stored in their wallet are recoverable.
A watch-only HD wallet is a the same as a normal HD wallet except that it can’t spend coins, only store them. Watch only wallets are perfect for users who want a wallet to receive new coins easily but don’t want to spend regularly from that wallet, similar to a savings account.
The seed (and associated private keys) are stored offline or under heavy encryption, while the extended public key is used in the online watch-only wallet.
A full watch-only wallet is much better and safer than using the same address again and again because using new addresses enhances privacy.
We are currently working on an update to Qvault that will allow users to generate Bitcoin seeds and extended public keys from within the vault. A high-security example of how to create a fully digital (and thus easily recoverable and copy-able) savings wallet is as follows:
- Download and install Qvault on a computer (Qvault can be used offline and built from source for maximum security).
- Download and install a watch-only capable wallet (We recommend electrum or samourai’s sentinel)
- Use Qvault to generate a new seed and its associated XPUB (legacy addresses), YPUB or ZPUB (segwit addresses).
- Import the XPUB, YPUB or ZPUB into your watch only wallet.
- Make sure your encrypted .qvault file is backed up somewhere safe, preferably on multiple storage devices or on Qvault’s cloud storage.
Now you have the ability to securely receive Bitcoins and your seed is only stored in the encrypted vault file that you alone have the ability to open. When eventually you want to spend the coins that are in your watch-only wallet, you simply import the seed into a normal Bitcoin wallet.
Thanks for reading, good luck, and stay safe being your own bank!