# Procedure for Deriving Payment Addresses

Bitcoin Asked by EAWF Bob on January 12, 2021

I’m trying to understand the HD wallet payment derivation procedure, so assume:

• Ownership of a Bitcoin HD Wallet on an external smart device
• Exported account level extended public key (xpub….) from the first account.
• Derivation Path “m/44’/0’/0’/0/0”

What is the step-by-step procedure that one would use to derive a valid bitcoin payment address that can be confirmed with the external wallet?

The process, according to BIP32 – Child key derivation (CKD) functions, seems simple and straight-forward enough that it should be able to be written as a single function in any programming language with two processes: Base58 and HMAC-SHA512, which are such standard functions that I don’t believe that it’s necessary to install a platform tool and a bloated spaghetti code library to perform the derivation.

UPDATE 20190718:

Here’s what I’ve been able to cobble together from various sources. PHP code and reference source for the derivation process:

<?php

// Bip39 Test Mnemonic: abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about

$Pub = "xpub6BosfCnifzxcFwrSzQiqu2DBVTshkCXacvNsWGYJVVhhawA7d4R5WSWGFNbi8Aw6ZRc1brxMyWMzG3DSSSSoekkudhUd9yLb6qx39T9nMdj";$Index = "00000000";

$ExtPubKey = bin2hex(base58_decode($Pub));

$Type = substr($ExtPubKey,0,8);

$Depth = substr($ExtPubKey,8,2);

$Fingerprint = substr($ExtPubKey,10,8);

$Account = substr($ExtPubKey,18,8);

$ParentChainCode = substr($ExtPubKey,26,64);

$ParentPublicKey = substr($ExtPubKey,90,66);

$PubChecksum = substr($ExtPubKey,-8);

$PublicKey = hash_hmac('sha512',$ParentChainCode,$ParentPublicKey.$Index);

$PublicKey = "04".$PublicKey;

$PublicKeyHash = hash('ripemd160',hash('sha256',$PublicKey,False));

$BaseAddress = "00".$PublicKeyHash;

$PreChecksum = hash('sha256',hash('sha256',$BaseAddress));

$Checksum = substr($PreChecksum,0,8);

$Address =$BaseAddress.$Checksum;$PaymentAddress = base58_encode(hex2bin($Address)); echo "Payment Address:$PaymentAddressn";

?>



I’m using xpub to prove that the procedure works. Ultimately would like to be able to derive for ypub and zpub.

It seems like I’m just missing something important, like maybe variable typing, maybe binary something…I’m at a loss.

I’ve been told by Andreas that there’s something about adding two numbers together, but I’m not finding the reference to it.

One source referenced something about elliptic curve and a mystical variable “G” but with no explanation.

According to BIP32, this process is supposed to be really easy.

Any assistance would be appreciated. TIA.

The method for deriving child keys from extended keys is specified in BIP 32.

Note that the specific derivation paths for xpubs, ypubs, and zpubs are not defined by BIP 32 but rather are constructions created by Electrum and SatoshiLabs. These have a specific meaning described in SLIP 132. Their encoding is the same as described for xpubs in BIP 32 but with a different prefix byte.

Answered by Andrew Chow on January 12, 2021

## Related Questions

### Cannot Find Transaction from Blockchain Explorer

1  Asked on November 29, 2020 by libertarian-monarchist-bot

### LN Payment Channels: Can you have more than two nodes in a channel?

1  Asked on November 18, 2020 by austinfoss

### Is there really no manual for Bitcoin Core?

3  Asked on November 8, 2020 by mirsab-jastram

### What exactly does the scary option “Allow incoming connections” do in Bitcoin Core?

2  Asked on September 22, 2020 by dujon-w

### Bitcoind could not locate RPC credentials but rpcuser and password are set

1  Asked on August 29, 2020 by nicklessguy

### How to make concurrent calls to bitcoin core rpc?

1  Asked on August 22, 2020 by isaac-chen

### Using BTCPay Server along with a web server in a single machine

0  Asked on August 16, 2020 by paramdeep-singh-obheroi