Overview
Hierarchical Deterministic (HD) wallets represent a major advancement in Bitcoin key management. Defined by the BIP32 standard, HD wallets derive all key pairs from a single master seed in a tree-like structure. This means a user only needs to back up one seed phrase to recover their entire wallet, including all addresses ever generated. Nearly all modern Bitcoin wallets are HD wallets.
Key Derivation Tree
Master Seed
│
▼
Master Key (m)
│
├── m/44' ──────────────── Purpose: BIP44 (Legacy)
│ └── m/44'/0' ─────── Coin: Bitcoin
│ ├── m/44'/0'/0' ── Account 0
│ │ ├── .../0 ── External chain (receiving)
│ │ │ ├── .../0/0 ── Address 0
│ │ │ ├── .../0/1 ── Address 1
│ │ │ └── .../0/2 ── Address 2
│ │ └── .../1 ── Internal chain (change)
│ │ ├── .../1/0 ── Change address 0
│ │ └── .../1/1 ── Change address 1
│ └── m/44'/0'/1' ── Account 1
│ └── ...
├── m/49' ──────────────── Purpose: BIP49 (SegWit-compat)
└── m/84' ──────────────── Purpose: BIP84 (Native SegWit)
How It Works
The derivation process uses HMAC-SHA512 to produce child keys from parent keys:
Parent Key + Chain Code + Index
│
▼
HMAC-SHA512
│
┌────┴────┐
│ │
Left 256 Right 256
bits bits
│ │
▼ ▼
Child Child
Key Chain Code
Hardened vs. Normal Derivation
HD wallets support two types of derivation, denoted by the presence or absence of an apostrophe ('):
- Normal derivation (index 0-2^31-1): Child public keys can be derived from the parent public key without knowing the private key. This enables extended public keys (xpubs).
- Hardened derivation (index 2^31 and above, shown as '): Requires the parent private key. This prevents a compromised child key from exposing the parent key.
Benefits of HD Wallets
- Single backup: One seed phrase backs up the entire wallet, past and future
- Address reuse prevention: New addresses can be generated automatically for each transaction
- Account separation: Multiple logical accounts can be maintained under one seed
- Watch-only capability: An xpub enables monitoring without spending access
- Interoperability: Standards like BIP44, BIP49, and BIP84 ensure wallets can recover each other's addresses
Derivation Path Standards
| BIP | Path | Address Type | Format |
|---|---|---|---|
| BIP44 | m/44'/0'/n' | P2PKH (Legacy) | 1... |
| BIP49 | m/49'/0'/n' | P2SH-P2WPKH (Nested SegWit) | 3... |
| BIP84 | m/84'/0'/n' | P2WPKH (Native SegWit) | bc1q... |
| BIP86 | m/86'/0'/n' | P2TR (Taproot) | bc1p... |
Common Misconceptions
- HD wallets do not store addresses. They store the seed from which all addresses are mathematically derived.
- The word "deterministic" means the same seed always produces the same key tree. There is no randomness after the initial seed generation.
- Importing a seed from one wallet into another may not recover all funds if the wallets use different derivation paths. Always verify the derivation path standard being used.