“What’s in a name? That which we call a roseWilliam Shakespeare, Romeo and Juliet
By any other name would smell as sweet.”
Bitcoin’s technical details are notoriously difficult to understand. Concepts like digital signatures, peer-to-peer distributed systems, and public-private-keypairs are alien to most. Today, even though Bitcoin’s first decade is now behind us, we still have to grapple with some of the more esoteric (and technical) concepts to properly interact with the Bitcoin network.
This article will outline one of these concepts in particular: extended public keys, or XPUBs. We discuss what they are, why they were introduced, how they evolved, and what problems they solve for Bitcoin’s users.
What is an XPUB?
As the name implies, an XPUB is a special kind of public key, namely an extended one.
While the details are more complicated, public keys can essentially be thought of as the basis of your receiving addresses, which is not unlike your postal or email address. Unlike your postal or email address, however, the Bitcoin protocol is designed to use a new receiving address for every transaction.
Address reuse, the practice of reusing the same bitcoin address for multiple transactions, is discouraged for several reasons, the most pertinent of which is the reduction of privacy for yourself and others.
However, using a different address for every transaction leads to a problem: how do you keep track of your addresses, and how do you let others know which addresses are yours without revealing too much information about yourself? After all, people have to know which address is yours in order to transact with you.
To deal with these and other problems, a Bitcoin Improvement Proposal was made: BIP 32, Hierarchical Deterministic Wallets. While the main motivation was to fix the issue of wallet backups, the hierarchical nature of these new wallets introduced another benefit: the ability to selectively reveal a set of addresses that belong to you.
Since extended public keys can be used to derive other public keys, they are also referred to as parent public keys (because the derived keys can be thought of as their “children”).
In short: an extended public key is a special key that effectively represents a group of public keys, and by extension, addresses. For this reason, an extended public key can also be thought of as a ‘read only’ view into a wallet.
XPUBs And Privacy
Thinking of extended public keys as ‘read only’ keys of your wallet makes the privacy implications of sharing such a key obvious: everyone who has access to it can see all the addresses that can be derived from it, and by extension, can see the transactions associated with these addresses. Thus, it is advisable that you do not share your extended public key lightly.
At Swan, our focus is on buying bitcoin securely, easily, and on a recurring basis. We believe that automatic DCA is the best and easiest way to acquire bitcoin over time. We also believe that education and self-custody are paramount, which is why we encourage our users to set up auto-withdrawal to a wallet of their control when they feel comfortable doing so.
To provide a seamless experience and avoid address reuse, we need a list of addresses that we can use to send funds to, which is where extended public keys come in.
Starting today, you can connect multiple addresses of your wallet with your Swan account and set up your auto-withdrawal plan to use these addresses in order.
We encourage you to use a dedicated account for your Swan savings plan if your wallet supports it. Most modern wallets, including the Ledger and Trezor hardware wallets, support the creation of multiple accounts. (If you have a COLDCARD, we assume you know what you’re doing anyway.)
A dedicated account will have its own child extended public key, meaning that anyone who has access to this key can only derive a subset of your wallet’s public keys.
We do not store your extended public key. We only store a relatively short list of addresses that we derive from it — just enough to have a new address for every payout. If we ever run out, we can reach out to you to ask you to re-connect your wallet.
The XPUB Zoo
Over time, the way bitcoins are sent and received — or, to be precise: how bitcoins are locked and unlocked — evolved, and Bitcoin’s address and key-formats evolved along with it.
As of this writing, a whole zoo of different extended public keys exists: xpub, ypub, zpub, tpub, upub, vpub — all of them are extended public keys, as are their “big brothers” Ypub, Zpub, Upub, and Vpub.
The different kinds simply denote different purposes, indicating if the wallet that generated the extended public key is capable of using modern address formats or if the key relates to a single-signature or multi-signature scheme.
During the implementation of this feature for our platform, we realized that the tools to interact with and derive addresses from XPUBs are far from ideal. While many excellent libraries exist already, most notably Unchained Capital’s unchained-bitcoin and Daniel Cousens’ bitcoinjs-lib, we decided to give back to the Bitcoin community and wider ecosystem by open-sourcing large parts of the code that is powering our multi-address wallet feature.
- @swan-bitcoin/xpub-cli — A small command-line tool to derive and validate bitcoin addresses from extended public keys. Supports xpub, ypub, and zpub extended public keys and their testnet equivalents. Support for legacy, SegWit, and native SegWit (bech32) addresses.
As Bitcoin evolves, new features will become widely used, and best practices will continuously change. XPUBs are undoubtedly imperfect, as the growing zoo of different extended public keys shows.
In the future, most wallets and services might switch to using output descriptors instead of extended public keys. We might also see a rise in the use of reusable payment codes, which are especially beneficial for privacy. And once the #reckless days of the Lightning Network are behind us, we might even see a majority of services make the switch to higher layers when it comes to recurring payments.
Whatever the future might bring, we will remain at the forefront of Bitcoin education and will continue to offer services that let you stack sats safely and easily, improving both our customer experience as well as the underlying tools that make all of it possible.
This blog offers thoughts and opinions on Bitcoin from the Swan Bitcoin team and friends. Swan Bitcoin is the easiest way to buy Bitcoin using your bank account automatically every week or month, starting with as little as $10. Sign up or learn more here.