TECHNICAL_DOC // KEYS / BIP85
BIP85
BIP 85 derives deterministic entropy from a BIP32 wallet-hierarchical-deterministic/">HD wallet. A single
output/">master seed can generate child seeds, WIF private keys, BIP39 mnemonics in multiple
languages, hex strings, and passwords — all deterministically. A hardware wallet can act
as the root of trust for every secret an operator manages, with zero additional
backup burden.
DERIVATION_MECHANISM
BIP85 ENTROPY EXTRACTION
Master seed (BIP39) → BIP32 HD wallet root (m)
BIP85 path: m / 83696968' / app' / ...
Step 1: Derive child extended private key at BIP85 path
Step 2: Take the child xprv's private key bytes
Step 3: Apply HMAC-SHA512:
entropy = HMAC-SHA512(
Key = "bip-entropy-from-k",
Data = child_xprv_key_bytes
)
Output: 64 bytes (512 bits) of derived entropy
This entropy is then formatted per the target application
(mnemonic words, WIF key, hex string, password, etc.)
APPLICATION PATHS
DERIVATION PATHS BY APPLICATION TYPE
BIP39 Mnemonic (12 words):
m / 83696968' / 39' / lang' / 12' / index'
entropy bytes: first 16 bytes (128 bits)
BIP39 Mnemonic (24 words):
m / 83696968' / 39' / lang' / 24' / index'
entropy bytes: first 32 bytes (256 bits)
WIF Private Key:
m / 83696968' / 2' / index'
entropy bytes: first 32 bytes → encode as WIF
Hex Entropy (64 bytes):
m / 83696968' / 128169' / 64' / index'
XPRV (extended private key):
m / 83696968' / 32' / index'
Language codes (BIP39):
0'=English, 1'=Japanese, 2'=Korean, 3'=Spanish, etc.
USE_CASES
One Root Seed, Many Wallets
BACKUP REDUCTION
A single 24-word master mnemonic backed up on a hardware wallet can derive independent child mnemonics for every use case, without managing multiple backups.
Master seed (backed up once, never typed):
BIP85 index 0' → 24-word mnemonic for daily spending wallet
BIP85 index 1' → 24-word mnemonic for Lightning node
BIP85 index 2' → 24-word mnemonic for exchange hot wallet
BIP85 index 3' → 24-word mnemonic for multisig participant key
BIP85 index 4' → WIF key for paper wallet
All derived deterministically. Master backup = all backups.
Compromise of child seed does NOT expose master seed or siblings.
Loss of master seed = loss of all derived wallets (use with care).
BIP85 is one-way: child entropy cannot be used to derive siblings or the parent. The master seed remains the single point of backup.
Password Derivation
APPLICATION TYPE
BIP85 can derive unique, strong passwords for web services — turning the hardware wallet into a password manager root with no separate password database.
Path for PWD-BASE64 (21 chars):
m / 83696968' / 707764' / 21' / index'
Steps:
1. Derive BIP85 entropy at path
2. Take first 16 bytes
3. Base64 encode → 21-character password (trimmed)
Example outputs (per index):
index 0' → "kJ9mXpQvN2wLrT8bA1c"
index 1' → "YfH3qZnCsW7eUoD5vRm"
index 2' → "PxB6jLgEiA4tKyN9hVs"
Reproducible from master seed. No password database needed.
Supported: Coldcard, Specter DIY, some software wallets.
TERMINOLOGY_INDEX
BIP85
Standard for deriving deterministic entropy from a BIP32 HD wallet for use as child seeds, keys, or passwords.
83696968
Child Entropy
Entropy derived from the master via BIP85. Used to create independent wallets or secrets without separate backups.
One-Way Derivation
Child entropy cannot be used to compute sibling entropy or the master seed. Compromise is isolated.
HMAC-SHA512
The keyed hash used to extract entropy in BIP85. Key is the fixed string "bip-entropy-from-k".