Understand the BIP32, BIP44, BIP39 involved in developing HD wallets

If you're still in the confused of HD wallets, BIP32, BIP44 and BIP39, take a look at this article.

Digital wallet Concept

Wallets are used to save money, and in the blockchain, our digital assets correspond to an account address, and only the key (private key) that owns the account can consume the asset (signing the consumer transaction with the private key).
The relationship between the private key and the address is as follows:
(Figure from mastering bitcoin)
In a nutshell, the private key generates the public key through an elliptic curve, and the public key generates the address through a hash function, both of which are unidirectional.
So in fact, the digital wallet is actually a tool to manage the private key (generate, store, sign), note that the wallet does not hold the asset and the asset is on the chain.

How to create an account

Create account the key is to generate a private key, the private key is a 32-byte number, generate a private key in essence between 1 to 2^256 Select a number .
Therefore, the first step to generate the key is also the most important step, is to find sufficient security of the entropy source, that is, the source of randomness, as long as the selected results are unpredictable or non-repeatable, then the specific method of selecting numbers is not important.
For example, you can toss a coin 256 times, paper and pen record positive and negative and converted to 0 and 1, randomly obtained 256-bit binary numbers can be used as the wallet's private key.
From a programmatic point of view, it is generally done by taking a long string of random bytes in a cryptographic security random source (not recommended to write a random number yourself), using the SHA256 hashing algorithm, which makes it easy to generate a 256-bit number.

The actual process needs to compare whether it is less than n-1 (n = 1.158 * 10^77, slightly less than 2^256), we have a suitable private key. Otherwise, we'll repeat it with another random number. The resulting private key can further generate the public key and address according to the above method.

BIP32

The wallet is also a private key container, according to the above method, we can generate a bunch of private keys (a person also has a lot of account requirements, can better protect privacy), and each private key needs to backup is particularly troublesome.
The earliest Bitcoin wallet was like this, and there was a nickname: "Just a Bunch of keys (a bunch of private keys)"

In order to solve this kind of trouble, there is a BIP32 proposal: according to a random number seed through hierarchical deterministic derivation of the way to get n private keys, so when saving, only need to save a seed can, the private key can be deduced,

The Sun key from mastering Bitcoin can be used to issue transactions.

Additional instructions under Bip:bitcoin improvement proposals to improve the proposed Bitcoin, BIP32 is the 32nd improvement proposal.
The name of the BIP32 proposal is: Hierarchical deterministic wallets, which is what we call the HD wallet.
To analyze the process of this layered derivation, the first step to derive the master secret key process:

Root seed input into the hmac-sha512 algorithm can be used to create a master private key (m) and a primary chain code (a master chain code) generated by the secret key (by the private key or public key) and the main chain encoding plus an index number, The input to the HMAC-SHA512 algorithm continues to derive the next layer of private key and chain code, such as:
The derivative derivation scheme actually has two: one is deduced with the parent private key (called the hardening derivative equation), and one is deduced with the parent public key. At the same time in order to distinguish between the two different derivative, the index number is also differentiated, the index number is less than 2^31 for general derivation, and 2^31 to 2^32-1 to enhance the derivation, in order to facilitate the expression index number I ', represents 2^31+i.
Therefore, the private key can be generated indefinitely by increasing the index (horizontal expansion) and the next layer (depth extension) through the sub-key.
Note that this derivation process is deterministic (the same input, always with the same output) is also one-way, the sub-key cannot deduce the sibling key of the same level, and cannot eject the parent key. If there is no sub-chain code, the Sun Mi key cannot be deduced. Now we have a sense of layered derivation.
In a nutshell, the BIP32 is: to avoid the trouble of managing a bunch of private keys proposed layered deduction scheme.

Secret key Path and BIP44

The key derived from this hierarchical (tree structure) is usually represented by a path, with a slash/in between each level, and a private key derived from the master private key starting with "M". Therefore, the child private key that is generated by the first female key is m/0. The first public key is m/0. The child key of the first child key is M/0/1, and so on.
BIP44 is a specification for this path (also extended support for multiple currencies), BIP0044 specifies a structure with 5 predefined tree hierarchies:
<br/>m / purpose‘ / coin‘ / account‘ / change / address_index<br/>
M is fixed and purpose is fixed, with a value of 44 (or 0X8000002C)
Coin type
This represents the currency, 0 for Bitcoin, 1 for the bitcoin test chain, and 60 for Ethereum.
Full list of currencies address: https://github.com/satoshilabs/slips/blob/master/slip-0044.md
Account
Index of the account representing this currency, starting from 0
Change
Constant 0 is used for external chains, and constant 1 is used for internal chains (also known as change addresses). An external chain is used for addresses that are visible outside the wallet (for example, to receive payments). The internal chain is used for addresses that are not visible outside the wallet and are used to return transaction changes. (so generally use 0)
Address_index
This is the address index, starting from 0, representing the number of addresses generated, the official recommendation, each account under the Address_index not more than 20
According to EIP85 's proposed discussion, the Ethereum wallet also follows the BIP44 standard and determines that the path ism/44‘/60‘/a‘/0/n
A represents the account number, n is the nth generated address, and 60 is the Ethereum code identified in the SLIP44 proposal. So we want to develop ethereum wallet also need to know about Bitcoin wallet proposal BIP32, BIP39.
In a nutshell, BIP44 is: define specifications for BIP32 's layered paths

BIP39

BIP32 proposal allows us to save a random number of seeds (usually 16 decimal notation), rather than a bunch of secret keys, it is really convenient, but the user to use (such as cold backup) is also more cumbersome, there is a BIP39, it is the use of mnemonic words, the way to generate seeds, This allows the user to remember only 12 (or 24) words, and the word sequence creates the seed of the random seed as BIP32 through the PBKDF2 and hmac-sha512 functions.
You can simply make a comparison, the following one is more friendly to backup:

// 随机数种子090ABCB3A6e1400e9345bC60c78a8BE7  // 助记词种子candy maple cake sugar pudding cream honey rich smooth crumble sweet treat

The use of mnemonic as a seed actually contains 2 parts: Mnemonic word generation and mnemonic words derived from random seeds, the following analysis of the process.

Generate mnemonic Words

The process of generating mnemonic words is this: Mister into a 128-bit random number, plus a random number to do the check 4 bits, get a 132-bit number, and then by every 11 bits to do the segmentation, so that there are 12 binary numbers, and then use each number to check the BIP39 definition of the Word table, so that the 12 mnemonic words, This process is illustrated as follows:

(Figure from the network)

The mnemonic word deduces the seed

This process uses the key stretching function, which is used to enhance the security of weak keys, and PBKDF2 is one of the commonly used key stretching algorithms.
The basic principle of PBKDF2 is to generate a longer (512-bit) key seed by a random function (for example, an HMAC function), using the mnemonic plaintext and salt values as input parameters, and then repeating the operation. This seed builds a deterministic wallet and derives its key.
A key stretching function requires two parameters: mnemonic and salt. Salt can improve the difficulty of brute force cracking. Salt consists of a constant string "mnemonic" and an optional password, note that using a different password, the stretch function will produce a different seed when using the same mnemonic, the process diagram below:

(Figure from the network)
The password can be used as an additional security factor to protect the seed, and even if the mnemonic backup is stolen, the wallet can be secured (also requiring the password to have sufficient complexity and length), but on the other hand, if we forget the password, we will not be able to recover our digital assets.
In a nutshell, the BIP39 is: make the seed backup friendlier by defining mnemonic words

Summary

The HD wallet (hierarchical deterministic wallets) is a layered derivation scheme presented in BIP32 to avoid the hassle of managing a bunch of private keys.
The BIP44 is a hierarchical enhancement of the path definition specification for BIP32, as well as increased support for multiple currencies.
BIP39 makes the seed backup more friendly by defining mnemonic words.
At present, our market on the single to the ether coin, bitcoin wallet basically follow these standards.
Finally recommend a Mnemonic key generator website
Welcome to the Knowledge planet to ask questions, the planet has gathered more than 300 blockchain technology enthusiasts.

Understand the BIP32, BIP44, BIP39 involved in developing HD wallets