TERM_DEF // HD_WALLETS / CHILD_KEYS
CHILD
KEYS
KEYS
Child Keys. Keys derived from a parent via HMAC of the parent's key, chain code, and an index.
This page sits in the HD Wallets section — How a single seed phrase deterministically produces a whole tree of keys — and the BIPs that standardised it. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
This page sits in the HD Wallets section — How a single seed phrase deterministically produces a whole tree of keys — and the BIPs that standardised it. Read on for what it is, why it exists, how it works under the hood, and what to watch out for.
WHAT_CHILD_KEYS_IS
Child Keys — at a glance
HD WALLETS
Child Keys is part of Hierarchical Deterministic (HD) wallets — the standard since 2012 for deriving every address a wallet ever uses from a single root secret. Keys derived from a parent via HMAC of the parent's key, chain code, and an index. HD wallets are why a 12-or-24-word seed phrase is enough to back up an entire lifetime of Bitcoin usage.
Why it exists
DESIGN
Self-custody is the foundation of Bitcoin. If a third party holds the keys, they hold the coins — and they can freeze, censor, lose, or take them. Modern wallets give you tools to manage your own keys safely: deterministic derivation so one backup covers all addresses; mnemonic phrases so the backup is human-readable; hardware isolation so the signing key never touches an internet-connected machine; passphrases for plausible-deniability; multi-sig for distributed trust.
HOW_IT_WORKS
Mechanism
HOW IT WORKS
Start with a random 128–256 bit seed (BIP-39 mnemonic). Run it through PBKDF2-HMAC-SHA512 with the salt
"mnemonic" + passphrase for 2048 iterations → a 64-byte seed. Split into a 32-byte master private key + 32-byte chain code (BIP-32). Derive child keys using HMAC-SHA512(parent + index) → a tree of millions of keys, all reproducible from the same seed.1. Seed generation: 128–256 bits of strong entropy → BIP-39 mnemonic (12 or 24 words).
2. BIP-32 derivation: seed → master key → child keys along a derivation path like m/84'/0'/0'/0/i.
3. Each derived child key produces a public key, which is hashed into an address (P2PKH / P2WPKH / P2TR).
4. Wallet scans the chain (or asks an indexer) for UTXOs locked to its addresses.
5. To spend, wallet derives the private key for the relevant input, signs in memory, broadcasts.
6. To back up: write down the 12/24 words once. They regenerate every key, past and future, forever.
WORKED_EXAMPLE
A typical BIP-84 derivation chain (native SegWit)
EXAMPLE
Path Meaning Purpose
m/ root recovered from seed
m/84' purpose (BIP-84 = native SegWit) hardened
m/84'/0' coin type 0 = Bitcoin mainnet hardened
m/84'/0'/0' account #0 hardened
m/84'/0'/0'/0 external chain (receive addresses)
m/84'/0'/0'/0/0 first receive key
m/84'/0'/0'/0/1 second receive key
m/84'/0'/0'/0/2 third receive key …
m/84'/0'/0'/1 internal chain (change addresses)
m/84'/0'/0'/1/0 first change key
Hardened (') children cannot be derived from the parent public key — they
require the parent private key. This protects against partial leaks.
KEY_PROPERTIES
ONE SEED, ALL KEYS
A single 12/24-word phrase regenerates every key the wallet ever uses, past or future, deterministically.
TREE-STRUCTURED
Paths like m/84'/0'/0'/0/i let a wallet split keys by purpose, coin, account, chain (receive/change), and index.
XPUB WATCH-ONLY
You can share an extended public key (xpub) with a watch-only wallet — it sees all your addresses but cannot spend.
HARDENED DERIVATION
Steps marked with ' require the private key to derive; protects against compromise of intermediate xpubs.
COMMON_PITFALLS
Things that catch people out
PITFALLS
- Mixing wallet software with different default paths (m/44'/0' vs m/49'/0' vs m/84'/0') leads to addresses that don't appear — always check the derivation path.
- An xpub leaked publicly enables address-graph surveillance of every output ever sent to that wallet, even though it can't spend.
- BIP-39 passphrases are NOT recoverable. Forget the passphrase and the funds are gone even with the seed words.
- Account index numbers are arbitrary — different wallets recover account 0 by default. Multi-account users must explicitly re-import each account.
RELATED_CONCEPTS
Other terms from HD Wallets — click any to read its page:
TERMINOLOGY_INDEX
TERMINOLOGY
Child Keys
Keys derived from a parent via HMAC of the parent's key, chain code, and an index.
HD Wallet (Hierarchical Deterministic)
A wallet that generates an unlimited tree of keys from one master seed via BIP32 derivation.
Mnemonic Seed
A 12–24 word phrase encoding the entropy from which the master seed is derived (BIP39).
Seed Phrase
Synonym for mnemonic seed — the words you write down to back up an HD wallet.
BIP 39
The standard mapping a 12/24-word phrase plus optional passphrase to a 512-bit seed via PBKDF2.
Wordlist (BIP 39)
A fixed list of 2048 unambiguous words (English, Japanese, etc.) used to encode entropy.
Master Private Key
The root scalar in a BIP32 tree, derived from HMAC-SHA512("Bitcoin seed", seed).
Master Public Key
The public key corresponding to the master private key; gives view-only access to the whole subtree.