When building a secure and scalable wallet application, understanding Hierarchical Deterministic (HD) Wallets is essential. HD wallets power nearly all modern wallets including Ledger, Trezor, MetaMask, and even Cardano's Yoroi. This post walks you through how HD wallets work, how private keys are generated from a single seed, and why this structure is so powerful.
🔐 What Is an HD Wallet?
An HD Wallet is a wallet that generates all your keys and addresses from a single master seed. This is made possible through two Bitcoin Improvement Proposals:
- BIP-39: Defines the mnemonic word list and how to convert it to entropy/seed
- BIP-32: Defines how to derive child keys from a master key using a tree-like structure
🔑 Why Use It?
- One backup (your 12/24 mnemonic words) can recover all your keys
- Keys are generated on demand — no need to store all of them
- Efficient, scalable, and widely adopted
📘 From Mnemonic Words to Master Key
Let’s say your wallet gives you these words:
apple banana curtain magnet brave upset museum fossil army leaf carpet carbonThese words are from the BIP-39 list of 2048 words. Each word maps to an 11-bit number:
"apple" → 837 → 11-bit binary: 1101000101
"banana" → 333 → 11-bit binary: 0101001101
...🧠 Total Entropy
12 words × 11 bits = 132 bits → 128 bits is actual entropy, and 4 bits is a checksum.
🔧 Convert to Seed
This entropy is passed through PBKDF2 (HMAC-SHA512) to derive a binary seed:
seed = PBKDF2(mnemonic + optional passphrase, "mnemonic", 2048 rounds)This 512-bit seed is what you use to generate the master key.
🌲 BIP-32: Deriving Child Keys
Once you have the seed, you use it to generate a master private key (called XPriv) and a master chain code. These together form the root of the HD wallet tree.
📁 Derivation Path Explained
The wallet generates each new address by walking a path:
m / 44' / 1' / 0' / 0 / 5| Part | Meaning |
|---|---|
m |
Master node |
44' |
BIP-44 standard |
1' |
Coin type (1 = testnet) |
0' |
Account |
0 |
External (0) or Change (1) |
5 |
Address index |
Each step uses HMAC-SHA512 to derive the next key.
✍️ Signing with Derived Keys
When you want to send a transaction:
- Your wallet looks up the correct derivation path (e.g.
m/44'/1'/0'/0/5) - It derives the private key using that path
- It uses that key to sign the transaction input
- The blockchain node verifies the signature using your public key
📦 Recap: Benefits of HD Wallets
- ✅ One seed = all keys
- ✅ Easy to back up and recover
- ✅ Efficient for apps and devices
- ✅ Enables features like change addresses and stealth transactions
🔧 In Rust Code (Summary)
let mut seed = [0u8; 32];
rng.fill_bytes(&mut seed);
let master_key = Xpriv::new_master(Network::Testnet, &seed)?;
let path = DerivationPath::from_str("m/44'/1'/0'/0/5")?;
let child_key = master_key.derive_priv(&secp, &path)?;This is how your Rust wallet securely and deterministically derives child keys.
✨ Final Thoughts
Understanding HD Wallets is not just for wallet builders — it’s core to secure key management in blockchain apps, from exchanges to dapps to SDKs.
As a Rust blockchain developer, knowing how these standards work under the hood will set you apart as an engineer who thinks architecturally, not just by API.
Stay tuned — in the next post, we'll walk through how to implement this in your own CLI wallet step-by-step.