Technology

Behind the Technology

CryptoSecure HD is a hierachical deterministic (HD) wallet. The technical specs are defined by BIP32, which defines how a tree of private keys can be derived from a single master key in a deterministic manner. “Hierarchical” refers to the tree-like structure. “Deterministic” means that so long as one follows the specs, a given master key is guaranteed to always produce the same tree regardless of how many times one carries out the derivation.

In the right figure, you can see that HD wallets contain keys derived in a tree structure. A parent key can derive a sequence of child keys, each of which can derive a sequence of grandchild keys, and so on, to an infinite depth.

The Cryptosecure HD wallet app offers two major advantages over random (a.k.a., nondeterministic) keys.

home_business2_icon1 copy
The tree structure can be used to express additional organizational meaning, such as when a specific branch of subkeys is used to receive incoming payments and a different branch is used to receive change from outgoing payments. Branches of keys can also be used in a corporate setting, allocating different branches to departments, subsidiaries, specific functions, or accounting categories.
home_business2_icon2 copy
With HD wallets, users can create a sequence of public keys without having access to the corresponding private keys. This allows HD wallets to be used on an insecure server or in a receive-only capacity, issuing a different public key for each transaction. The public keys do not need to be preloaded or derived in advance, yet the server doesn’t have the private keys that can spend the funds.

With BIP32, the line between the user responsibilities and wallet responsibilities is clear:

The user keeps the master key safe, and it’s the only backup that will ever be needed. The wallet generates keys in the tree when necessary: For example, when an address is used for receiving funds, the wallet generates the next address in line to be used for the next transaction. The user always gives out the current address wallet displays for optimal privacy, while the wallet needs to watch all the addresses it has ever generated for the purpose of receiving funds. In case a user loses their device that has the wallet, they can enter their master key in an HD wallet on another device. The wallet derives the tree of private keys, scans each key for funds, and the wallet is recovered.

CryptoSecure: Going Beyond the HD Standard

The latest CryptoSecure HD wallets go beyond the simple design described above, and have two key properties:
home_business2_icon1 copy
Master public key
A master public key is a key that can be generated from the wallet’s master private key (either the same thing as the “seed” or a derivative of it) that has the power to generate all of the addresses in a wallet, but none of the private keys. Thus, someone with access to a master public key can look at the balance of a deterministic wallet, but cannot actually spend the balance—because they have no way of generating the private key corresponding to each address.
home_business2_icon2 copy
Hierarchy
The private keys that you generate from a master private key are themselves master private keys, and can in turn be treated as deterministic wallets in their own right.