Derivation path

In short

Sequence of indexes describing the derivation path of child keys from the master key in an HD wallet.

Detailed explanation

In the context of Hierarchical Deterministic (HD) wallets, a derivation path refers to the sequence of indices used to derive child keys from a master key. Described in BIP32, this path identifies the tree structure for deriving child keys. A derivation path is represented by a series of indices separated by slashes, and always starts with the master key (denoted as m/). For example, a typical path might be m/84'/0'/0'/0/0. Each level of derivation is associated with a specific depth:

m / indicates the master private key. It is unique to a wallet and cannot have siblings at the same depth. The master key is derived directly from the seed; m / purpose' / indicates the derivation purpose which helps to identify the followed standard. This field is described in BIP43. For example, if the wallet adheres to the BIP84 standard (SegWit V0), the index would then be 84'; m / purpose' / coin-type' / indicates the type of cryptocurrency. This allows for clear differentiation between branches dedicated to one cryptocurrency and those dedicated to another in a multi-coin wallet. The index dedicated to Bitcoin is 0'; m / purpose' / coin-type' / account' / indicates the account number. This depth makes it easy to differentiate and organize a wallet into different accounts. These accounts are numbered starting from 0'. Extended keys (xpub, xprv...) are found at this level of depth; m / purpose' / coin-type' / account' / change / indicates the path. Each account as defined at depth 3 has two paths at depth 4: an external chain and an internal chain (also called "change"). The external chain derives addresses intended to be shared publicly, that is, the addresses that are offered to us when we click on "receive" in our wallet software. The internal chain derives addresses not intended to be exchanged publicly, mainly change addresses. The external chain is identified with the index 0 and the internal chain is identified with the index 1. You will notice that from this depth, we no longer perform a hardened derivation, but a normal derivation (there is no apostrophe). It is thanks to this mechanism that we are able to derive all the child public keys from their xpub;
m / purpose' / coin-type' / account' / change / address-index simply indicates the number of the receiving address and its pair of keys, in order to differentiate it from its siblings at the same depth on the same branch. For example, the first derived address has the index 0, the second address has the index 1, and so on...*

For example, if my receiving address has the derivation path m / 86' / 0' / 0' / 0 / 5, we can deduce the following information:

86' indicates that we are following the derivation standard of BIP86 (Taproot / SegWit V1);
0' indicates that it is a Bitcoin address;
0' indicates that we are on the first account of the wallet;
0 indicates that it is an external address; 5 indicates that it is the sixth external address of this account.

TermDefinition

51% attack

An attack where a malicious actor controls more than half of the mining hash power, allowing them to manipulate transactions, notably by performing double spends.

Account

In an HD wallet, a derivation level (depth 3) allowing hierarchical organization of keys and addresses.

Activation method

The process by which the Bitcoin community decides to activate a soft fork, seeking consensus among miners and users to avoid a blockchain split.

Adaptor signature

A cryptographic technique linking a signature to a secret, such that publishing the signature reveals the secret. Useful for atomic swaps without a trusted intermediary.

Addr

An old Bitcoin network message that allowed communicating IP addresses of nodes accepting connections. Replaced by addrv2 (BIP155) to support longer address formats.

Addr.dat

An old file in Bitcoin Core that stored information about network peers. Replaced by peers.dat since version 0.7.0.

Address reuse

A discouraged practice of using the same Bitcoin address multiple times to receive payments, which harms privacy by allowing funds to be traced.

Address spoofing

An attack where a malicious actor creates an address closely resembling the victim's to deceive them and divert their payments.

Addrv2

A new network message format (BIP155) allowing the broadcasting of Bitcoin node addresses. Supports longer addresses such as Tor v3 or I2P.

Agorism

A libertarian political philosophy advocating economic action outside of state control (counter-economy) to progressively undermine state power.

Air cooling

A cooling system for mining machines using fans to dissipate heat. The most widespread and least expensive method.

Altcoin

Designates any cryptocurrency other than Bitcoin. A contraction of alternative and coin.

Aluvm

A virtual machine designed for deterministic execution of smart contracts, notably within the context of the RGB protocol on Bitcoin.

Analysis heuristic

An empirical method used to trace Bitcoin flows on the blockchain based on observable characteristics within transactions.

Ancestor mining

A principle whereby a miner selects transactions taking into account the fees of parent transactions, not only their own fees. Also called CPFP.

Anchor

In the RGB protocol, a set of data proving the inclusion of a commitment in a Bitcoin transaction, without publicly revealing its content.

Anchor outputs

A mechanism on Lightning allowing adjustment of the fees of a commitment transaction after its creation, to ensure quick channel closure.

Anchors.dat

A Bitcoin Core file storing IP addresses of nodes the client was connected to before shutdown, to facilitate reconnection on restart.

Anonsets (anonymity sets)

Indicators measuring the degree of privacy of a UTXO by counting the number of indistinguishable UTXOs in a set, typically after a coinjoin.

Anyprevout (apo)

A proposal (BIP118) adding new SigHash flags allowing the creation of signatures that do not cover any specific input of the transaction.