Ein the deterministic or HD wallets, a Master Public Key is that public key principal derived from the Master Private Key. For this purpose, a normal mathematical process of elliptic curve multiplication. An infinite number of public keys (Xpub) will be generated from the master public key that control the addresses of a wallet, but do not have access to the private keys of those addresses.
La Master Public Key it has the property of being able to generate multiple public keys. This without the need to access private keys. So, in case of exposing any of the public keys or even, the Master Public Key (MPK) itself, there will be no risk of loss or theft of funds, although privacy will be. This is because as the public keys do not have access to the private keys of the addresses, nor can these keys be generated, so they will only show the available amount that is in the wallet and can see their history on the blockchain. But they will not give access to use or spend the funds that are available there.
As with the Master Private Key, HD wallets should be understood as a tree. New branches can emerge from each branch. Well, every node from these branches it is possible to generate a Master Private Key, but also a Master Public Key. The Master Public Key will allow you to generate only public keys of all the "daughter" branches that are generated from that node. But you will not be able to know the addresses that could be generated from the other parallel or previous nodes.
The Master Public Key of node 0, has control to know all the addresses that will be generated. Unlike the Master Private Key, if you reveal this key you will not risk your funds, but you will risk your privacy. This is because with the Master Public Key you can know all the public addresses of your wallet. However this functionality has many good uses that we will tell you about in this article.
Master Public Key (MPK) and Wallets HD
The HD wallets of the 32 BIP they have a hierarchical and deterministic structure. Esto it allows them a greater organization as if it were a descendant tree. This structure allows wallets to use one branch of the tree for receiving funds and transactions, and another branch for managing these funds. This allows both to be related but at the same time separate from each other. So with one you can see the available funds without having access to them. And with the other, you can sign and spend those funds. This complete separation of the master keys also ensures greater security and reliability for the wallet.
La MAster Public Key (MPK) it allows the generation of an infinite number of public keys (Xpub) and addresses related to it. So there will be no need to back up the addresses every time a new one is generated. Rather, starting from the seed, to which the master keys are related (both public and private), the wallet can be recovered in its entirety with all the generated keys (Xpub and Xpriv), addresses and available funds.
Likewise, all public keys and addresses derived from the Master Public Key They allow, by themselves, to view the amounts available in it. But they prevent access to these funds since they do not control the private keys associated with the addresses that contain the funds.
This feature is also particularly useful in cases where you want to configure a cold storage wallet, for example, where you only need to observe the available balance in it. In these purses, a server can be configured to only manage the Master Public Key. With which you can create any number of public addresses to receive funds, but will not allow any attacker to use those funds.
Generation of derived public keys (Xpub)
HD wallets employ a hash function that allows them to derive the secondary public keys (daughters) from the master public key (parent) initially. For which it uses the Master Public Key, the seed of the wallet, the string code generated by the algorithm HMAC-SHA512 and a 32-bit index number.
Through the chain code, generated by the algorithm hash HMAC-SHA512, Random data is added in the process of deriving public keys. This without allowing the index to be derived to other public keys. This prevents another derived public key (sister) from being located or found by means of a derived public key. And that this can only be done if the chain code is available.
Then, through the hash function that initially combines, both the master public key, as well as the string code and the index number, the derived keys are generated, as a 512-bit hash. Which is subsequently divided into two halves: the right half to become the chain code of the derived key (daughter). And the left half to be added next to the index number to the private key (father) that will create the private key (daughter). This process is repeated in sequence to create an infinite number of public keys, where the daughter public keys can become parents and generate their own daughter keys. So there can be an infinite number of generations.
Under this scheme, the one-way hash function does not allow derived public keys to be used to find other sister public keys. Nor to locate the master or primary public key. Likewise, this scheme allows the daughter public keys to be derived either starting from the daughter private key, or directly from a parent public key.
Importance of generating derived public keys
Deriving daughter public keys from parent public keys allows you to create branches of the wallet's public keys without compromising the funds available in it. These no longer relate to private keys at any time.
Thus, the generation of observation wallets is possible, for example for non-secure servers, where you can only see the funds available in it but without the option of spending the funds that are stored in those addresses. This feature can be very useful for servers intended for electronic commerce, where exposing private keys to the server could be high risk.
It is also very useful in those cases where users only want to have a cold or offline storage wallet. That allows them to keep their funds safe and risk-free. It will keep private keys offline in the wallet, but it will allow online transmission of public keys without risk.
Generation of reinforced public keys
The possibility of being able to derive an endless number of daughter public keys from a parent public key is very useful. However, this may represent a potential security risk. Because the public key that derives the others has access to the chain code, and if a daughter private key will be leaked or known, then the rest of the daughter private keys could be deduced, compromising the security of the funds.
Knowing a daughter private key along with the string code of a parent public key can reveal all daughter private keys, and could even be used to deduce a parent private key. So to break this security gap, a bypass function known as reinforced shunt. Which uses the parent private key, rather than the parent public key, to derive the string code for each child key. Breaking the relationship between the parent public key and the child string code. This generates a kind of firewall that does not allow detecting a father-daughter sequence in the derived public keys.