Skip to main content

xpub | Bitcoin Glossary | Mapping Bitcoin

xpub

Cryptography

Also known as: extended public key, ypub, zpub

An extended public key that can derive all child public keys and addresses in a specific HD wallet derivation path. Sharing an xpub with a service or application allows it to generate addresses and track transactions without the ability to spend funds.

Overview

An xpub (extended public key) is a special public key defined by the BIP32 HD wallet standard that can mathematically derive an entire tree of child public keys and their corresponding Bitcoin addresses. By sharing an xpub with a service, the service can generate new receive addresses and monitor balances without having any ability to spend the associated funds.

Key Derivation

Master Seed
    |
  [BIP32 derivation]
    |
  m/84'/0'/0'  (account-level key pair)
    |
  ┌─────────────┐
  │    xpub      │ ← Extended public key at this path
  │  (shareable) │
  └──────┬──────┘
         |
    ┌────┴────┐
    |         |
  m/.../0   m/.../1    (external / internal chains)
    |         |
  ┌─┴─┐    ┌─┴─┐
  0   1    0   1  ...  (child addresses)
  |   |    |   |
 addr addr addr addr   (derived without private keys)

The xpub contains both a public key and a chain code, which together allow deterministic derivation of child keys. The corresponding extended private key (xprv) can derive private keys, but the xpub alone cannot.

Variants: ypub and zpub

Different address format standards introduced prefixed variants to indicate the derivation path and address type:

  • xpub: Legacy addresses (BIP44, P2PKH) — addresses starting with 1
  • ypub: Wrapped SegWit (BIP49, P2SH-P2WPKH) — addresses starting with 3
  • zpub: Native SegWit (BIP84, P2WPKH) — addresses starting with bc1q

These are functionally the same data structure with different version bytes, allowing wallet software to automatically determine which address format to generate.

Use Cases

  • Watch-only wallets: Import an xpub to monitor a cold storage wallet's balance and generate receive addresses without exposing private keys.
  • Payment processing: A merchant can share an xpub with their e-commerce platform to generate unique addresses for each customer payment.
  • Accounting: Financial tools can import xpubs to track bitcoin holdings for tax or audit purposes.

Privacy Warning

An xpub reveals the complete transaction history and balance of all addresses in its derivation path. Anyone with an xpub can see every past and future transaction for that account. Treat xpubs as sensitive data:

  • Never share an xpub publicly
  • Only share with trusted services that require it
  • Be aware that a service with your xpub can correlate all your addresses

Common Misconceptions

An xpub cannot be used to spend bitcoin. It enables address generation and balance monitoring only. However, if someone obtains both an xpub and a single child private key, they can potentially derive all other private keys in that derivation path — which is why hardened derivation is used for account-level keys.

Related Terms

Extended Public Key (xpub)Cryptography

A key derived from an HD wallet's master seed that can generate all public keys and addresses in a particular derivation path without access to private keys. Sharing an xpub allows others to monitor balances and generate receiving addresses but not spend funds.

HD WalletSecurity

A hierarchical deterministic wallet that generates all key pairs from a single master seed using the BIP32 standard. HD wallets simplify backup (only the seed needs to be stored) and enable organized key management with multiple accounts and address chains.

BIP32Development

A Bitcoin Improvement Proposal that defines hierarchical deterministic (HD) wallets, allowing an entire tree of key pairs to be generated from a single master seed. This enables organized key management and simplified backups.

Watch-Only WalletSecurity

A wallet that can monitor addresses and balances but cannot sign or spend transactions because it does not hold private keys. Watch-only wallets are used for monitoring funds, generating receive addresses from an xpub, or preparing unsigned transactions for offline signing.