Key Management Standards for Bitcoin Wallets

Today we share blockchain‑related content focusing on wallet key management, outlining the functions and factual standards required for developing a secure wallet.

Pre‑knowledge : In Bitcoin, elliptic‑curve cryptography (Secp256k1) is used; a private key is a large random number kept secret for signing transactions. The public key is a point on the curve derived from the private key, and the address is the double‑hash (SHA‑256 + RIPEMD‑160) of the public key, encoded in Base58Check.

Wallet Overview : Wallets store private keys, not the coins themselves, and use them to sign transactions. Types include hardware wallets (private keys stored on isolated hardware), cold wallets (offline devices), hot wallets (keys stored online), full‑node wallets, light wallets, and centralized‑server wallets such as exchange wallets.

Key Management Standards :

BIP‑0032 – Hierarchical Deterministic (HD) wallet specification.

BIP‑0039 – Mnemonic code (seed phrase) generation and conversion.

BIP‑0043 – Multi‑purpose HD wallet path usage.

BIP‑0044 – Multi‑account, multi‑currency HD wallet path.

These standards are implemented by most modern wallets; BIP‑0032, BIP‑0038, and BIP‑0039 address different stages of wallet creation, while BIP‑0043 builds on BIP‑0032 and BIP‑0044 extends it further.

BIP‑0032 Details : The same address should be used only once. Instead of storing many independent private keys, a seed can generate multiple keys. The relationship 私钥 -> 公钥 -> 地址 is maintained by deterministic derivation. The master seed is hashed with HMAC‑SHA512 (key "Bitcoin seed") to produce a 64‑byte master key, split into a master private key and a chain code. Child keys are derived using three methods:

(1) Parent private key → Child private key : HMAC‑SHA512 with the parent chain code as key and the parent public key plus index as data, producing a new 64‑byte child key that is split similarly.

(2) Parent public key → Child public key : Similar HMAC‑SHA512, but the parent public key participates directly, allowing public‑only derivation in insecure environments.

(3) Parent private key → Child public key : Derive the child private key first (as in (1)) and then compute its public key.

Hardened Derivation : Performed only from a parent private key, using data prefixed with 0x00, making the chain code unavailable to attackers and thus more secure.

Child Key Index and Path Notation : Indices range up to 2³². Normal derivation uses indices 0‑2³¹‑1; hardened derivation adds 2³¹, denoted with a trailing apostrophe (e.g., 0' for index 0x80000000). Paths are expressed with slashes, e.g., m/5/4'/0 for a normal child private key, where m denotes a private‑key derivation and M a public‑key derivation.

BIP‑0039 Mnemonic Generation : Generate 128‑256 bits of entropy, compute its checksum (first entropy_length/32 bits of SHA‑256), concatenate, split into 11‑bit groups, and map each group to a word from a 2048‑word list, yielding 12‑24 word seed phrases depending on entropy size.

From the mnemonic, a seed is derived using PBKDF2 with HMAC‑SHA512, 2048 iterations, and the salt "mnemonic" (plus optional passphrase), producing a 512‑bit seed suitable for BIP‑0032.

BIP‑0043 : Defines the first path component m/purpose'/ to avoid conflicts between different wallet schemes. For example, 0' is the default BIP‑32 wallet, while 44' indicates compliance with BIP‑0044.

BIP‑0044 : Extends BIP‑0043 with the full path m/purpose'/coin_type'/account'/change/address_index . Here, purpose is fixed to 44' , coin_type identifies the cryptocurrency (e.g., 0' for Bitcoin, 1' for testnet), account supports multiple accounts, change distinguishes external (0) and change (1) addresses, and address_index is a sequential index.

SegWit (BIP‑0141) : Some wallets implement Segregated Witness to move the script signature out of the block, allowing more transactions per block while keeping signatures on‑chain. Copay is an example of a SegWit‑compatible wallet.

Conclusion : While Bitcoin wallet key management is relatively simple, it remains a critical component linking users to the blockchain; adhering to the standardized BIP specifications ensures interoperability, security, and ease of backup across diverse wallet implementations.