How does the bitcoin source code define its 21 million cap?
Many of bitcoin’s staunchest critics have expressed doubt about its 21 million cap, but perhaps the most mindless criticism relates…
,If you’ve ever looked at using a multisig wallet, chances are you’ve encountered the term “xpub.” An xpub (extended public key) is used by Bitcoin wallet software to generate Bitcoin addresses.
The xpub is a concept completely unique to Bitcoin, so it can be quite hard for people new to Bitcoin to get their head around. To help you get up to speed, in this article I’ve tried to explain roughly how xpubs work in single-sig and multisig wallets using a simple analogy that anyone that’s ever participated in a raffle should be familiar with.
Disclaimer: like any analogy, it doesn’t map perfectly, and is just intended to help you understand the basic mechanics of xpubs and how they can be used. For a hyper-accurate, technical explanation, there’s no better place than Mastering Bitcoin.
There are many existing analogies out there to describe xpubs, but here I propose a novel one. Most people have some experience with the roll of raffle tickets, whether at a carnival, county fair, or a charity event. It turns out that we can use this roll of tickets as a useful analogy to understand xpubs.
If you purchase a roll of raffle tickets, you will find that it actually begins as a double roll.When someone buys entry into the raffle, a ticket from the top row (TICKET) is kept by the organiser and the corresponding ticket from the bottom row (KEEP THIS COUPON) is kept by the buyer. The specifics of the prize draw process are not important for this analogy, but the important thing to note is that when a ticket is drawn, the owner proves their ownership of the ticket by presenting the matching ticket from the pair.
In this analogy, the entire top row of the roll is the xpub, and the individual tickets in the top row are used by your Bitcoin wallet software to generate addresses.
The individual tickets in the bottom row are your private keys. At a raffle, the KEEP THIS COUPON ticket is used to prove your ownership of the prize when its corresponding TICKET is drawn. With Bitcoin, you use your private key (to sign a transaction) to prove your ownership of the bitcoin at an address and complete your transaction.
You can think of your Bitcoin wallet (both software wallets and hardware wallets) as having the ability to generate an unending warehouse of rolls of these tickets. On request, the device can provide details of any one of those rolls of tickets, or produce any one of the tickets from a specific roll, as long as you can enter your PIN.
Most users will only ever use one “roll” per Bitcoin wallet—their main account. But if you’ve ever created an additional account secured by the same hardware wallet, that second account represents a separate roll.
If you’re using a regular, single-sig Bitcoin wallet, your xpub represents the entire roll of tickets, i.e., directions to all the Bitcoin addresses in an account.
If you’re using a multisig Bitcoin wallet, each account will have multiple xpubs, and all xpubs are required to generate all the Bitcoin addresses in an account.
Anyone with access to your xpub will be able to see your account’s balance in real-time as well as analyze your spending behaviour, therefore you should only share an xpub with people or software that you trust.
Examples of situations when you might send an xpub to a service provider:
While sharing an xpub does not provide anyone with the ability to spend your bitcoin, you should still ensure that you trust any organization you share an xpub with and that they have strict privacy policies.
In a single-sig wallet, the xpub generates as many addresses as you’d like in a way that is known only to you, your device, and anyone with whom you share the xpub. The rest of the Bitcoin network does not know that these addresses are connected in any way.
A Bitcoin wallet takes the xpub (top half of the ticket roll) and feeds it into a dispensing machine, which outputs tickets one at a time, dispensing a new one after each transaction.
In the wallet software, the first exposed public key, “0/0,” is packaged into the more recognizable Bitcoin address format, e.g., 1BvBMSEYsfWetqTFn5Au4m4GFg7xJaNVN2.
This address can now be used to receive bitcoin, safe in the knowledge that the wallet (e.g. hardware wallet or wallet app) also secures the address’ corresponding private key (KEEP THIS COUPON).
The next time a new payment is requested, the ticket machine (wallet) will present a new public key ticket to turn into a fresh deposit address, “0/1.” After spending from the old address, it should not be used again for privacy and security reasons.
Single-sig wallets typically hide the xpub from users, but xpubs move to front and center when using multisig wallets (which you should, for the extra security!). Handling multiple xpubs is essential during a multisig wallet setup, and you’ll need to look after all your wallet’s associated xpubs to ensure that you can restore it if something ever goes wrong.
For this example, we’re going to create a 2-of-3 multisig wallet, the same configuration used in Unchained’s collaborative custody vaults. To create the multisig wallet, we’ll use three rolls of public key tickets (xpubs).
To create the multisig wallet, the three rolls (xpubs) are packaged together to generate the wallet’s addresses. Essentially, we insert these three ticket rolls into a more sophisticated ticket machine.
To create the first multisig address, the machine (your wallet) takes the first ticket from each roll (“0/0”) and, with some clever processing, generates a new address based on all three.
Once the address is constructed, you can then deposit bitcoin there as with any other Bitcoin address.
To spend the bitcoin from this 2-of-3 multisig address, you’ll need to prove your ownership of the bitcoin by signing a transaction with two of the three corresponding KEEP THIS COUPON tickets. Once the bitcoin from the address is spent, you should not need to use those tickets again.
After spending from the first address, the machine uses the next set of three public keys (“0/1”) to create a second Bitcoin address. Anyone with access to these three xpubs will be able to generate the same addresses in the same order.
I hope this article helps you to better conceptualize what an xpub is and how it’s used to generate a stream of addresses in single-sig and multisig wallets.
Of course, the best way to learn about anything is to start doing. You can set up a super-secure multisig vault at Unchained Capital. Our guides will take you through the process of acquiring xpubs from your hardware wallets, sharing them with Unchained, and making your first deposit.
For anyone that would like more personalized support, get in contact with our vault concierge team, who are available to help you take control of your Bitcoin private keys.
Advanced users might also be interested in playing with our open-source project Caravan, which enables Bitcoin users to build wallets using all sorts of interesting multisig configurations beyond the usual 2-of-3.Please reach out if you have any questions, or get in contact with our vault concierge team to help you take control of your private keys.
Special thanks to Martin Grogono for graphic support, and to my Unchained Capital teammates for their reviews and comments.
Many of bitcoin’s staunchest critics have expressed doubt about its 21 million cap, but perhaps the most mindless criticism relates…
Ted Stevenot, Stephen HallWhen Satoshi Nakamoto created bitcoin, he established in its code a fixed number of bitcoin that will ever exist. Since…
Ted StevenotOriginally published in Parker’s dedicated Gradually, Then Suddenly publication. Bitcoin is often described as a hedge, or more specifically, a…
Parker Lewis