Skip to main content

Extended Public Key (xpub) | Bitcoin Glossary | Mapping Bitcoin

Extended Public Key (xpub)

Cryptography

Also known as: xpub, extended key

A key derived from an HD wallet's master seed that can generate all public keys and addresses in a particular derivation path without access to private keys. Sharing an xpub allows others to monitor balances and generate receiving addresses but not spend funds.

Overview

An extended public key (commonly called an xpub) is a component of HD wallets defined in BIP32. It contains both a public key and a chain code, which together allow the deterministic derivation of all child public keys in a specific branch of the key hierarchy. This enables watch-only wallets, accounting systems, and payment processors to generate fresh receiving addresses without ever having access to the corresponding private keys.

Structure

An extended public key consists of several fields serialized into a Base58Check-encoded string:

xpub661MyMwAqRbcF...  (typical xpub string, 111 characters)

Internal structure:
┌──────────────────────────────────────────────────┐
│  Version bytes (4)    → Identifies key type       │
│  Depth (1)            → Level in the HD tree      │
│  Parent fingerprint (4) → First 4 bytes of parent │
│  Child index (4)      → Which child this is       │
│  Chain code (32)      → Used for key derivation   │
│  Public key (33)      → Compressed public key     │
└──────────────────────────────────────────────────┘
Total: 78 bytes → Base58Check encoded

Version Prefixes

Different version bytes produce different prefixes that indicate the address type:

┌────────┬──────────────┬────────────────────────┐
│ Prefix │ Script Type  │ Derivation Path        │
├────────┼──────────────┼────────────────────────┤
│ xpub   │ P2PKH        │ m/44'/0'/account'      │
│ ypub   │ P2SH-P2WPKH  │ m/49'/0'/account'      │
│ zpub   │ P2WPKH       │ m/84'/0'/account'      │
└────────┴──────────────┴────────────────────────┘

Use Cases

  • Watch-only wallets: Import an xpub to monitor balances and generate invoices without spending capability
  • Payment processors: Generate unique addresses for each customer or order without storing private keys on the server
  • Accounting: Track all wallet activity without risking fund security
  • Multi-device setups: Share the xpub with a phone wallet for monitoring while keeping private keys on a hardware wallet

Privacy Implications

Sharing an xpub is a significant privacy decision. Anyone with access to an xpub can:

  • Derive all past and future addresses in that derivation path
  • See the complete transaction history and balance
  • Correlate all addresses as belonging to the same wallet

For this reason, xpubs should be treated as sensitive information and shared only with trusted parties. Leaking an xpub to a third party gives them full visibility into your financial activity.

Common Misconceptions

  • An xpub cannot be used to spend funds. It only enables address generation and balance monitoring.
  • However, combining an xpub with any single child private key from a non-hardened derivation path can expose the master private key. This is why hardened derivation is used at critical levels of the key hierarchy.
  • An xpub is specific to one account in the HD tree. A wallet with multiple accounts has multiple xpubs.

Related Terms

xpubCryptography

An extended public key that can derive all child public keys and addresses in a specific HD wallet derivation path. Sharing an xpub with a service or application allows it to generate addresses and track transactions without the ability to spend funds.

HD WalletSecurity

A hierarchical deterministic wallet that generates all key pairs from a single master seed using the BIP32 standard. HD wallets simplify backup (only the seed needs to be stored) and enable organized key management with multiple accounts and address chains.

BIP32Development

A Bitcoin Improvement Proposal that defines hierarchical deterministic (HD) wallets, allowing an entire tree of key pairs to be generated from a single master seed. This enables organized key management and simplified backups.

Public KeyCryptography

A cryptographic key derived from a private key using elliptic curve multiplication. Public keys can be freely shared and are used to generate Bitcoin addresses and verify digital signatures, without compromising the secrecy of the associated private key.