Public Parent to Public Child

The most powerful feature of BIP32 is the ability to derive Child Public Keys from a Parent Public Key without ever needing the private keys. This enables a wide range of safe, non-custodial financial applications.

1. The Magic Equation

In standard ECDSA, you need the private key ($d$) to find the child private key. But in BIP32, we use a clever mathematical shortcut: $$ChildPubKey = ParentPubKey + [HMAC(ChainCode, ParentPubKey, Index) \times G]$$

• Notice that only Public Information is used on the right side of the equation.

• Chain Code: Publicly available in the xpub.

• Parent PubKey: Publicly available in the xpub.

• Index: The number of the child you want to generate.

2. Use Case: Merchant Services

Imagine you run an online store.

1. You generate a master xpub in your secure hardware wallet.

2. You export that xpub (and ONLY the xpub) to your web server.

3. When a customer buys something, the server uses the xpub to generate Child Address #1.

4. The next customer gets Child Address #2.

5. Security: Since the server has no private keys, a hacker who compromises the server cannot spend any funds. They can only see your history.

3. Use Case: Auditing

You can give your xpub to an accountant or a tax authority. They can see every transaction you have ever made and every address you own, but they have zero power to move your Bitcoin.

4. The Vulnerability: xpub + Private Key

There is one major security risk. If a thief gets your xpub AND one of your child private keys, they can perform a calculation to find your Master Private Key.

• This only applies to Normal (Non-Hardened) derivation.

• To prevent this, high-security wallets use Hardened Derivation for sensitive accounts.

Requirement	Normal Derivation	Hardened Derivation
Input	xpub + Index	xprv + Index
Privacy	Public children viewable	Children hidden
Safe for Servers?	Yes	No

In the next section, we will discuss Serialization and Prefixes.