Procedure for Deriving Payment Addresses

Bitcoin Asked by EAWF Bob on January 12, 2021

I’m trying to understand the HD wallet payment derivation procedure, so assume:

  • Ownership of a Bitcoin HD Wallet on an external smart device
  • Exported account level extended public key (xpub….) from the first account.
  • Derivation Path “m/44’/0’/0’/0/0”

What is the step-by-step procedure that one would use to derive a valid bitcoin payment address that can be confirmed with the external wallet?

The process, according to BIP32 – Child key derivation (CKD) functions, seems simple and straight-forward enough that it should be able to be written as a single function in any programming language with two processes: Base58 and HMAC-SHA512, which are such standard functions that I don’t believe that it’s necessary to install a platform tool and a bloated spaghetti code library to perform the derivation.

UPDATE 20190718:

Here’s what I’ve been able to cobble together from various sources. PHP code and reference source for the derivation process:


  // - Downloaded and used offline.
  // Bip39 Test Mnemonic: abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about

 $Pub = "xpub6BosfCnifzxcFwrSzQiqu2DBVTshkCXacvNsWGYJVVhhawA7d4R5WSWGFNbi8Aw6ZRc1brxMyWMzG3DSSSSoekkudhUd9yLb6qx39T9nMdj";

 $Index = "00000000";

 $ExtPubKey = bin2hex(base58_decode($Pub));

 $Type = substr($ExtPubKey,0,8);

 $Depth = substr($ExtPubKey,8,2);

 $Fingerprint = substr($ExtPubKey,10,8);

 $Account = substr($ExtPubKey,18,8);

 $ParentChainCode = substr($ExtPubKey,26,64);

 $ParentPublicKey = substr($ExtPubKey,90,66);

 $PubChecksum = substr($ExtPubKey,-8);

 $PublicKey = hash_hmac('sha512',$ParentChainCode,$ParentPublicKey.$Index);

 $PublicKey = "04".$PublicKey;

 $PublicKeyHash = hash('ripemd160',hash('sha256',$PublicKey,False));

 $BaseAddress = "00".$PublicKeyHash;

 $PreChecksum = hash('sha256',hash('sha256',$BaseAddress));

 $Checksum = substr($PreChecksum,0,8);

 $Address = $BaseAddress.$Checksum;

 $PaymentAddress = base58_encode(hex2bin($Address));

 echo "Payment Address: $PaymentAddressn";


I’m using xpub to prove that the procedure works. Ultimately would like to be able to derive for ypub and zpub.

It seems like I’m just missing something important, like maybe variable typing, maybe binary something…I’m at a loss.

I’ve been told by Andreas that there’s something about adding two numbers together, but I’m not finding the reference to it.

One source referenced something about elliptic curve and a mystical variable “G” but with no explanation.

According to BIP32, this process is supposed to be really easy.

Any assistance would be appreciated. TIA.

One Answer

The method for deriving child keys from extended keys is specified in BIP 32.

Note that the specific derivation paths for xpubs, ypubs, and zpubs are not defined by BIP 32 but rather are constructions created by Electrum and SatoshiLabs. These have a specific meaning described in SLIP 132. Their encoding is the same as described for xpubs in BIP 32 but with a different prefix byte.

Answered by Andrew Chow on January 12, 2021

Add your own answers!

Related Questions

Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir