19 May 2020
Medium min reading
The Master Public Key is a fundamental part of the processes within deterministic wallets or HD wallets. The generation of public keys for this type of wallet depends on it and they use a complex system that guarantees security at all times. Therefore, here we explain everything you should know about the Master Public Key.
Recommended Previous Content
What is cryptography
What is asymmetric cryptography
Ein the deterministic or HD wallets a Master Public Key is that public key principal derived from the Master Private Key. For this purpose, a normal mathematical process of elliptic curve multiplication. An infinite number of public keys (Xpub) will be generated from the master public key that control the addresses of a wallet, but do not have access to the private keys of those addresses.
La Master Public Key it has the property of being able to generate multiple public keys. This without the need to access private keys. So, in case of exposing any of the public keys or even, the Master Public Key (MPK) itself, there will be no risk of loss or theft of funds, although privacy will be. This is because as the public keys do not have access to the private keys of the addresses, nor can these keys be generated, so they will only show the available amount that is in the wallet and can see their history on the blockchain. But they will not give access to use or spend the funds that are available there.
As with the Master Private Key, HD wallets should be understood as a tree. New branches can emerge from each branch. Well, every node from these branches it is possible to generate a Master Private Key, but also a Master Public Key. The Master Public Key will allow you to generate only public keys of all the "daughter" branches that are generated from that node. But you will not be able to know the addresses that could be generated from the other parallel or previous nodes.
The Master Public Key of node 0, has control to know all the addresses that will be generated. Unlike the Master Private Key, if you reveal this key you will not risk your funds, but you will risk your privacy. This is because with the Master Public Key you can know all the public addresses of your wallet. However this functionality has many good uses that we will tell you about in this article.
Master Public Key (MPK) and Wallets HD
The HD wallets of the 32 BIP they have a hierarchical and deterministic structure. Esto it allows them a greater organization as if it were a descendant tree. This structure allows wallets to use one branch of the tree for receiving funds and transactions, and another branch for managing these funds. This allows both to be related but at the same time separate from each other. So with one you can see the available funds without having access to them. And with the other, you can sign and spend those funds. This complete separation of the master keys also ensures greater security and reliability for the wallet.
La MAster Public Key (MPK) it allows the generation of an infinite number of public keys (Xpub) and addresses related to it. So there will be no need to back up the addresses every time a new one is generated. Rather, starting from the seed, to which the master keys are related (both public and private), the wallet can be recovered in its entirety with all the generated keys (Xpub and Xpriv), addresses and available funds.
Likewise, all public keys and addresses derived from the Master Public Key They allow, by themselves, to view the amounts available in it. But they prevent access to these funds since they do not control the private keys associated with the addresses that contain the funds.
This feature is also particularly useful in cases where you want to configure a cold storage wallet, for example, where you only need to observe the available balance in it. In these purses, a server can be configured to only manage the Master Public Key. With which you can create any number of public addresses to receive funds, but will not allow any attacker to use those funds.
Generation of derived public keys (Xpub)
HD wallets employ a hash function that allows them to derive the secondary public keys (daughters) from the master public key (parent) initially. For which it uses the Master Public Key, the seed of the wallet, the string code generated by the algorithm HMAC-SHA512 and a 32-bit index number.
Through the chain code, generated by the algorithm hash HMAC-SHA512, Random data is added in the process of deriving public keys. This without allowing the index to be derived to other public keys. This prevents another derived public key (sister) from being located or found by means of a derived public key. And that this can only be done if the chain code is available.
Then, through the hash function that initially combines, both the master public key, as well as the string code and the index number, the derived keys are generated, as a 512-bit hash. Which is subsequently divided into two halves: the right half to become the chain code of the derived key (daughter). And the left half to be added next to the index number to the private key (father) that will create the private key (daughter). This process is repeated in sequence to create an infinite number of public keys, where the daughter public keys can become parents and generate their own daughter keys. So there can be an infinite number of generations.
Under this scheme, the one-way hash function does not allow derived public keys to be used to find other sister public keys. Nor to locate the master or primary public key. Likewise, this scheme allows the daughter public keys to be derived either starting from the daughter private key, or directly from a parent public key.
Importance of generating derived public keys
Deriving daughter public keys from parent public keys allows you to create branches of the wallet's public keys without compromising the funds available in it. These no longer relate to private keys at any time.
Thus, the generation of observation wallets is possible, for example for non-secure servers, where you can only see the funds available in it but without the option of spending the funds that are stored in those addresses. This feature can be very useful for servers intended for electronic commerce, where exposing private keys to the server could be high risk.
It is also very useful in those cases where users only want to have a cold or offline storage wallet. That allows them to keep their funds safe and risk-free. It will keep private keys offline in the wallet, but it will allow online transmission of public keys without risk.
Generation of reinforced public keys
The possibility of being able to derive an endless number of daughter public keys from a parent public key is very useful. However, this may represent a potential security risk. Because the public key that derives the others has access to the chain code, and if a daughter private key will be leaked or known, then the rest of the daughter private keys could be deduced, compromising the security of the funds.
Knowing a daughter private key along with the string code of a parent public key can reveal all daughter private keys, and could even be used to deduce a parent private key. So to break this security gap, a bypass function known as reinforced shunt. Which uses the parent private key, rather than the parent public key, to derive the string code for each child key. Breaking the relationship between the parent public key and the child string code. This generates a kind of firewall that does not allow detecting a father-daughter sequence in the derived public keys.
How much do you know, cryptonuta?
Are Master Public Keys a more efficient and secure way to protect our cryptocurrency wallets?
TRUE!
The objective of the creation of the Master Public Key, was to provide a means of creating public keys that would better ensure both the privacy of users and the security of wallets, something that this tool has perfectly achieved.
Master Public Key use cases
Solvency test
Imagine that you are a company, or even a government. An HD wallet would be perfect to simplify the management of your funds. In fact if it were also a multi-signature it would add security and control. But how can you demonstrate that you have certain funds without people being able to spend them and without having to send thousands of addresses? Or, what if you want people to see in real time how money is used?
For these, and other scenarios, a Master Public Key is the perfect solution. With this you give absolute transparency, because there is no problem in giving transparency, since it is what you are looking for, while nobody has the ability to use the funds. You can even see the addresses that have not yet been generated / used, in addition to the balance and all movements.
Also due to the ramifications of an HD wallet, you could generate multiple Public Master Keys with the aim of separating by departments.
Can you imagine a government being so transparent as to function in this way?
Payment gateways
Another use case is being able to receive charges through cloud tools. There are services that allow you to create basic payment solutions in Bitcoin.
In this type of services, the user can add his own Master Public Key so that, when the service must show an address, he will be able to generate it, but you are the one who has the private key at all times that allows you to later use those received cryptocurrencies.
Continue the journey in ...
What is the Master Private Key?
Share this article!
Author
Washington Gomez
CISO (Chief Information Security Officer)
Washington Gómez is an information security professional with extensive experience in the field of Information Technology and Security. He currently serves as a CISO at Bit2Me.
Read more