What is an XPUB?

Bitcoin’s technical details are notori­ously diffi­cult to under­stand. Concepts like digital signa­tures, peer-to-peer distrib­uted systems, and public-private-keypairs are alien to most. Even though Bitcoin’s first decade is behind us, we still have to grapple with some of the more esoteric (and technical) concepts to appropriately interact with the Bitcoin network.

This article will outline one of these concepts in partic­ular: extended public keys, or XPUBs. We discuss what XPUBs are, why they were intro­duced, how they evolved, and what problems they solve for Bitcoin’s users.

As the name implies, an XPUB is a unique public key, namely an extended one.

While the details are more compli­cated, public keys can essen­tially be thought of as the basis of your receiving addresses, similar to your postal or email address. However, unlike your postal or email address, the Bitcoin protocol is designed to use a new receiving address for every transaction.

Address reuse, the practice of reusing the same bitcoin address for multiple trans­ac­tions, is discour­aged for several reasons, the most perti­nent of which is the reduc­tion of privacy for yourself and others.  

However, using a different address for every trans­ac­tion leads to a problem: how do you keep track of your addresses, and how do you let others know which addresses are yours without revealing too much infor­ma­tion about yourself? After all, people must know your address to transact with you.

To deal with these and other problems, a Bitcoin Improve­ment Proposal was made: BIP 32, Hierar­chical Deter­min­istic Wallets. While the main motiva­tion was to fix the issue of wallet backups, the hierar­chical nature of these new wallets intro­duced another benefit: the ability to selec­tively reveal a set of addresses that belong to you.

Since extended public keys can be used to derive other public keys, they are also referred to as parent public keys (because the derived keys can be considered their “children”).

In short: an extended public key is a special key that effec­tively repre­sents a group of public keys and, by exten­sion, addresses. For this reason, an extended public key can also be thought of as a ‘read only’ view into a wallet.

Thinking of extended public keys as ‘read only’ keys of your wallet makes the privacy impli­ca­tions of sharing such a key obvious:

1. Everyone who has access to it can see all the addresses derived from it. 

2. By exten­sion, anyone can see the trans­ac­tions associ­ated with these addresses. 

For this reason, it’s advis­able that you do not share your extended public key lightly.

At Swan, we focus on buying bitcoin securely, efficiently, and on a recur­ring basis. We believe automatic DCA is the best and easiest way to acquire bitcoin over time. We also think that educa­tion and self-custody are paramount, which is why we encourage our users to set up auto-withdrawal to a wallet of their control when they feel comfort­able doing so.

To provide a seamless experi­ence and avoid address reuse, we need a list of addresses we can use to send funds to. This is where extended public keys come in.

Starting today, you can connect multiple addresses of your wallet with your Swan account and set up your auto-withdrawal plan to use these addresses in order.

We encourage you to use a dedicated account for your Swan savings plan if your wallet supports it. Most modern wallets, including the Ledger and Trezor hardware wallets, support the creation of multiple accounts. (If you have a COLDCARD, we assume you know what you’re doing anyway).

A dedicated account will have its own child-extended public key, meaning that anyone with access to this key can only derive a subset of your wallet’s public keys.

We do not store your extended public key. We only maintain a relatively short list of addresses we derive from it — just enough to have a new address for every payout. If we ever run out, we can reach out to you to ask you to reconnect your wallet.

Over time, the way bitcoins are sent and received — or, to be precise: how bitcoins are locked and unlocked — evolved, and Bitcoin’s address and key-formats evolved along with it.

As of this writing, a whole zoo of different extended public keys exists: xpub, ypub, zpub, tpub, upub, vpub — all of them are extended public keys, as are their “big brothers” Ypub, Zpub, Upub, and Vpub.

The different kinds denote different purposes, indicating if the wallet that gener­ated the extended public key can use modern address formats or if the key relates to a single-signa­ture or multi-signa­ture scheme.

During the imple­men­ta­tion of this feature for our platform, we realized that the tools to interact with and derive addresses from XPUBs are far from ideal. While many excel­lent libraries exist already, most notably Unchained Capital’s unchained-bitcoin and Daniel Cousens’ bitcoinjs-lib, we decided to give back to the Bitcoin commu­nity and broader ecosystem by open-sourcing large parts of the code that is powering our multi-address wallet feature.

The following packages are avail­able on GitHub and via npm:

• @swan-bitcoin/xpub-lib — A JavaScript library derives bitcoin addresses from extended public keys.

• @swan-bitcoin/xpub-cli — A small command-line tool to derive and validate bitcoin addresses from extended public keys. Supports xpub, ypub, and zpub extended public keys and their testnet equiv­a­lents. Support for legacy, SegWit, and native SegWit (bech32) addresses.

As Bitcoin evolves, new features will become widely used, and best practices will contin­u­ously change. XPUBs are undoubt­edly imper­fect, as the growing zoo of different extended public keys shows.

Trends we can expect ahead:

1. Increased use for HD wallets: XPUBs are a core component of HD wallets. They are becoming increasingly popular due to their ease of use and enhanced security features. As the use of HD wallets continues to grow, the use of XPUBs will likely increase.

2. Improved privacy: To better protect users' financial information, there may be further developments in privacy-enhancing technologies for XPUBs, such as Confidential Transactions or Taproot.

3. Expanded compatibility: XPUBs may become more compatible with different platforms and devices, making it easier for users to manage their funds across other platforms.

In the future, most wallets and services might switch to output descrip­tors instead of extended public keys. We might also see a rise in reusable payment codes, which are especially benefi­cial for privacy. And once the #reckless days of the Light­ning Network are behind us, we might even see a majority of services switch to higher layers when it comes to recur­ring payments.

Whatever the future might bring, Swan will remain at the forefront of Bitcoin educa­tion. We will continue to offer services that let you stack sats safely and easily, improving both our customer experi­ence as well as the under­lying tools that make all of it possible.

This blog offers thoughts and opinions on Bitcoin from the Swan Bitcoin team and friends. Swan Bitcoin is the easiest way to buy Bitcoin using your bank account automatically every week or month, starting with as little as $10. Sign up or learn more here.

Thoughts on Bitcoin from the Swan team and friends.

Swan Bitcoin does not provide investment, financial, tax, legal, or professional advice. We recommend that you consult with tax advisors and review tax guides to understand the risks and consequences of buying, selling, and holding Bitcoin. If you are interested in starting a Bitcoin IRA, we can help!