HD錢包
深入淺出HD錢包:從協(xié)議到實踐的完整解析
在區(qū)塊鏈?zhǔn)澜缰校X包是管理數(shù)字資產(chǎn)的核心工具,而HD錢包(分層確定性錢包)憑借其獨特的設(shè)計,已成為當(dāng)前主流的錢包解決方案。本文將系統(tǒng)解析HD錢包的底層協(xié)議、路徑規(guī)則、助記詞機(jī)制及實現(xiàn)原理,幫助你全面理解這一技術(shù)的工作方式。
完整助記詞
ENGLISH_WORDLIST = [ "abandon", "ability", "able", "about", "above", "absent", "absorb", "abstract", "absurd", "abuse", "access", "accident", "account", "accuse", "achieve", "acid", "acoustic", "acquire", "across", "act", "action", "actor", "actress", "actual", "adapt", "add", "addict", "address", "adjust", "admit", "adult", "advance", "advice", "aerobic", "affair", "afford", "afraid", "again", "age", "agent", "agree", "ahead", "aim", "air", "airport", "aisle", "alarm", "album", "alcohol", "alert", "alien", "all", "alley", "allow", "almost", "alone", "alpha", "already", "also", "alter", "always", "amateur", "amazing", "among", "amount", "amused", "analyst", "anchor", "ancient", "anger", "angle", "angry", "animal", "ankle", "announce", "annual", "another", "answer", "antenna", "antique", "anxiety", "any", "apart", "apology", "appear", "apple", "approve", "april", "arch", "arctic", "area", "arena", "argue", "arm", "armed", "armor", "army", "around", "arrange", "arrest", "arrive", "arrow", "art", "artefact", "artist", "artwork", "ask", "aspect", "assault", "asset", "assist", "assume", "asthma", "athlete", "atom", "attack", "attend", "attitude", "attract", "auction", "audit", "august", "aunt", "author", "auto", "autumn", "average", "avocado", "avoid", "awake", "aware", "away", "awesome", "awful", "awkward", "axis", "baby", "bachelor", "bacon", "badge", "bag", "balance", "balcony", "ball", "bamboo", "banana", "banner", "bar", "barely", "bargain", "barrel", "base", "basic", "basket", "battle", "beach", "bean", "beauty", "because", "become", "beef", "before", "begin", "behave", "behind", "believe", "below", "belt", "bench", "benefit", "best", "betray", "better", "between", "beyond", "bicycle", "bid", "bike", "bind", "biology", "bird", "birth", "bitter", "black", "blade", "blame", "blanket", "blast", "bleak", "bless", "blind", "blood", "blossom", "blouse", "blue", "blur", "blush", "board", "boat", "body", "boil", "bomb", "bone", "bonus", "book", "boost", "border", "boring", "borrow", "boss", "bottom", "bounce", "box", "boy", "bracket", "brain", "brand", "brass", "brave", "bread", "breeze", "brick", "bridge", "brief", "bright", "bring", "brisk", "broccoli", "broken", "bronze", "broom", "brother", "brown", "brush", "bubble", "buddy", "budget", "buffalo", "build", "bulb", "bulk", "bullet", "bundle", "bunker", "burden", "burger", "burst", "bus", "business", "busy", "butter", "buyer", "buzz", "cabbage", "cabin", "cable", "cactus", "cage", "cake", "call", "calm", "camera", "camp", "can", "canal", "cancel", "candy", "cannon", "canoe", "canvas", "canyon", "capable", "capital", "captain", "car", "carbon", "card", "cargo", "carpet", "carry", "cart", "case", "cash", "casino", "castle", "casual", "cat", "catalog", "catch", "category", "cattle", "caught", "cause", "caution", "cave", "ceiling", "celery", "cement", "census", "century", "cereal", "certain", "chair", "chalk", "champion", "change", "chaos", "chapter", "charge", "chase", "chat", "cheap", "check", "cheese", "chef", "cherry", "chest", "chicken", "chief", "child", "chimney", "choice", "choose", "chronic", "chuckle", "chunk", "churn", "cigar", "cinnamon", "circle", "citizen", "city", "civil", "claim", "clap", "clarify", "claw", "clay", "clean", "clerk", "clever", "click", "client", "cliff", "climb", "clinic", "clip", "clock", "clog", "close", "cloth", "cloud", "clown", "club", "clump", "cluster", "clutch", "coach", "coast", "coconut", "code", "coffee", "coil", "coin", "collect", "color", "column", "combine", "come", "comfort", "comic", "common", "company", "concert", "conduct", "confirm", "congress", "connect", "consider", "control", "convince", "cook", "cool", "copper", "copy", "coral", "core", "corn", "correct", "cost", "cotton", "couch", "country", "couple", "course", "cousin", "cover", "coyote", "crack", "cradle", "craft", "cram", "crane", "crash", "crater", "crawl", "crazy", "cream", "credit", "creek", "crew", "cricket", "crime", "crisp", "critic", "crop", "cross", "crouch", "crowd", "crucial", "cruel", "cruise", "crumble", "crunch", "crush", "cry", "crystal", "cube", "culture", "cup", "cupboard", "curious", "current", "curtain", "curve", "cushion", "custom", "cute", "cycle", "dad", "damage", "damp", "dance", "danger", "daring", "dash", "daughter", "dawn", "day", "deal", "debate", "debris", "decade", "december", "decide", "decline", "decorate", "decrease", "deer", "defense", "define", "defy", "degree", "delay", "deliver", "demand", "demise", "denial", "dentist", "deny", "depart", "depend", "deposit", "depth", "deputy", "derive", "describe", "desert", "design", "desk", "despair", "destroy", "detail", "detect", "develop", "device", "devote", "diagram", "dial", "diamond", "diary", "dice", "diesel", "diet", "differ", "digital", "dignity", "dilemma", "dinner", "dinosaur", "direct", "dirt", "disagree", "discover", "disease", "dish", "dismiss", "disorder", "display", "distance", "divert", "divide", "divorce", "dizzy", "doctor", "document", "dog", "doll", "dolphin", "domain", "donate", "donkey", "donor", "door", "dose", "double", "dove", "draft", "dragon", "drama", "drastic", "draw", "dream", "dress", "drift", "drill", "drink", "drip", "drive", "drop", "drum", "dry", "duck", "dumb", "dune", "during", "dust", "dutch", "duty", "dwarf", "dynamic", "eager", "eagle", "early", "earn", "earth", "easily", "east", "easy", "echo", "ecology", "economy", "edge", "edit", "educate", "effort", "egg", "eight", "either", "elbow", "elder", "electric", "elegant", "element", "elephant", "elevator", "elite", "else", "embark", "embody", "embrace", "emerge", "emotion", "employ", "empower", "empty", "enable", "enact", "end", "endless", "endorse", "enemy", "energy", "enforce", "engage", "engine", "enhance", "enjoy", "enlist", "enough", "enrich", "enroll", "ensure", "enter", "entire", "entry", "envelope", "episode", "equal", "equip", "era", "erase", "erode", "erosion", "error", "erupt", "escape", "essay", "essence", "estate", "eternal", "ethics", "evidence", "evil", "evoke", "evolve", "exact", "example", "excess", "exchange", "excite", "exclude", "excuse", "execute", "exercise", "exhaust", "exhibit", "exile", "exist", "exit", "exotic", "expand", "expect", "expire", "explain", "expose", "express", "extend", "extra", "eye", "eyebrow", "fabric", "face", "faculty", "fade", "faint", "faith", "fall", "false", "fame", "family", "famous", "fan", "fancy", "fantasy", "farm", "fashion", "fat", "fatal", "father", "fatigue", "fault", "favorite", "feature", "february", "federal", "fee", "feed", "feel", "female", "fence", "festival", "fetch", "fever", "few", "fiber", "fiction", "field", "figure", "file", "film", "filter", "final", "find", "fine", "finger", "finish", "fire", "firm", "first", "fiscal", "fish", "fit", "fitness", "fix", "flag", "flame", "flash", "flat", "flavor", "flee", "flight", "flip", "float", "flock", "floor", "flower", "fluid", "flush", "fly", "foam", "focus", "fog", "foil", "fold", "follow", "food", "foot", "force", "forest", "forget", "fork", "fortune", "forum", "forward", "fossil", "foster", "found", "fox", "fragile", "frame", "frequent", "fresh", "friend", "fringe", "frog", "front", "frost", "frown", "frozen", "fruit", "fuel", "fun", "funny", "furnace", "fury", "future", "gadget", "gain", "galaxy", "gallery", "game", "gap", "garage", "garbage", "garden", "garlic", "garment", "gas", "gasp", "gate", "gather", "gauge", "gaze", "general", "genius", "genre", "gentle", "genuine", "gesture", "ghost", "giant", "gift", "giggle", "ginger", "giraffe", "girl", "give", "glad", "glance", "glare", "glass", "glide", "glimpse", "globe", "gloom", "glory", "glove", "glow", "glue", "goat", "goddess", "gold", "good", "goose", "gorilla", "gospel", "gossip", "govern", "gown", "grab", "grace", "grain", "grant", "grape", "grass", "gravity", "great", "green", "grid", "grief", "grit", "grocery", "group", "grow", "grunt", "guard", "guess", "guide", "guilt", "guitar", "gun", "gym", "habit", "hair", "half", "hammer", "hamster", "hand", "happy", "harbor", "hard", "harsh", "harvest", "hat", "have", "hawk", "hazard", "head", "health", "heart", "heavy", "hedgehog", "height", "hello", "helmet", "help", "hen", "hero", "hidden", "high", "hill", "hint", "hip", "hire", "history", "hobby", "hockey", "hold", "hole", "holiday", "hollow", "home", "honey", "hood", "hope", "horn", "horror", "horse", "hospital", "host", "hotel", "hour", "hover", "hub", "huge", "human", "humble", "humor", "hundred", "hungry", "hunt", "hurdle", "hurry", "hurt", "husband", "hybrid", "ice", "icon", "idea", "identify", "idle", "ignore", "ill", "illegal", "illness", "image", "imitate", "immense", "immune", "impact", "impose", "improve", "impulse", "inch", "include", "income", "increase", "index", "indicate", "indoor", "industry", "infant", "inflict", "inform", "inhale", "inherit", "initial", "inject", "injury", "inmate", "inner", "innocent", "input", "inquiry", "insane", "insect", "inside", "inspire", "install", "intact", "interest", "into", "invest", "invite", "involve", "iron", "island", "isolate", "issue", "item", "ivory", "jacket", "jaguar", "jar", "jazz", "jealous", "jeans", "jelly", "jewel", "job", "join", "joke", "journey", "joy", "judge", "juice", "jump", "jungle", "junior", "junk", "just", "kangaroo", "keen", "keep", "ketchup", "key", "kick", "kid", "kidney", "kind", "kingdom", "kiss", "kit", "kitchen", "kite", "kitten", "kiwi", "knee", "knife", "knock", "know", "lab", "label", "labor", "ladder", "lady", "lake", "lamp", "language", "laptop", "large", "later", "latin", "laugh", "laundry", "lava", "law", "lawn", "lawsuit", "layer", "lazy", "leader", "leaf", "learn", "leave", "lecture", "left", "leg", "legal", "legend", "leisure", "lemon", "lend", "length", "lens", "leopard", "lesson", "letter", "level", "liar", "liberty", "library", "license", "life", "lift", "light", "like", "limb", "limit", "link", "lion", "liquid", "list", "little", "live", "lizard", "load", "loan", "lobster", "local", "lock", "logic", "lonely", "long", "loop", "lottery", "loud", "lounge", "love", "loyal", "lucky", "luggage", "lumber", "lunar", "lunch", "luxury", "lyrics", "machine", "mad", "magic", "magnet", "maid", "mail", "main", "major", "make", "mammal", "man", "manage", "mandate", "mango", "mansion", "manual", "maple", "marble", "march", "margin", "marine", "market", "marriage", "mask", "mass", "master", "match", "material", "math", "matrix", "matter", "maximum", "maze", "meadow", "mean", "measure", "meat", "mechanic", "medal", "media", "melody", "melt", "member", "memory", "mention", "menu", "mercy", "merge", "merit", "merry", "mesh", "message", "metal", "method", "middle", "midnight", "milk", "million", "mimic", "mind", "minimum", "minor", "minute", "miracle", "mirror", "misery", "miss", "mistake", "mix", "mixed", "mixture", "mobile", "model", "modify", "mom", "moment", "monitor", "monkey", "monster", "month", "moon", "moral", "more", "morning", "mosquito", "mother", "motion", "motor", "mountain", "mouse", "move", "movie", "much", "muffin", "mule", "multiply", "muscle", "museum", "mushroom", "music", "must", "mutual", "myself", "mystery", "myth", "naive", "name", "napkin", "narrow", "nasty", "nation", "nature", "near", "neck", "need", "negative", "neglect", "neither", "nephew", "nerve", "nest", "net", "network", "neutral", "never", "news", "next", "nice", "night", "noble", "noise", "nominee", "noodle", "normal", "north", "nose", "notable", "note", "nothing", "notice", "novel", "now", "nuclear", "number", "nurse", "nut", "oak", "obey", "object", "oblige", "obscure", "observe", "obtain", "obvious", "occur", "ocean", "october", "odor", "off", "offer", "office", "often", "oil", "okay", "old", "olive", "olympic", "omit", "once", "one", "onion", "online", "only", "open", "opera", "opinion", "oppose", "option", "orange", "orbit", "orchard", "order", "ordinary", "organ", "orient", "original", "orphan", "ostrich", "other", "outdoor", "outer", "output", "outside", "oval", "oven", "over", "own", "owner", "oxygen", "oyster", "ozone", "pact", "paddle", "page", "pair", "palace", "palm", "panda", "panel", "panic", "panther", "paper", "parade", "parent", "park", "parrot", "party", "pass", "patch", "path", "patient", "patrol", "pattern", "pause", "pave", "payment", "peace", "peanut", "pear", "peasant", "pelican", "pen", "penalty", "pencil", "people", "pepper", "perfect", "permit", "person", "pet", "phone", "photo", "phrase", "physical", "piano", "picnic", "picture", "piece", "pig", "pigeon", "pill", "pilot", "pink", "pioneer", "pipe", "pistol", "pitch", "pizza", "place", "planet", "plastic", "plate", "play", "please", "pledge", "pluck", "plug", "plunge", "poem", "poet", "point", "polar", "pole", "police", "pond", "pony", "pool", "popular", "portion", "position", "possible", "post", "potato", "pottery", "poverty", "powder", "power", "practice", "praise", "predict", "prefer", "prepare", "present", "pretty", "prevent", "price", "pride", "primary", "print", "priority", "prison", "private", "prize", "problem", "process", "produce", "profit", "program", "project", "promote", "proof", "property", "prosper", "protect", "proud", "provide", "public", "pudding", "pull", "pulp", "pulse", "pumpkin", "punch", "pupil", "puppy", "purchase", "purity", "purpose", "purse", "push", "put", "puzzle", "pyramid", "quality", "quantum", "quarter", "question", "quick", "quit", "quiz", "quote", "rabbit", "raccoon", "race", "rack", "radar", "radio", "rail", "rain", "raise", "rally", "ramp", "ranch", "random", "range", "rapid", "rare", "rate", "rather", "raven", "raw", "razor", "ready", "real", "reason", "rebel", "rebuild", "recall", "receive", "recipe", "record", "recycle", "reduce", "reflect", "reform", "refuse", "region", "regret", "regular", "reject", "relax", "release", "relief", "rely", "remain", "remember", "remind", "remove", "render", "renew", "rent", "reopen", "repair", "repeat", "replace", "report", "require", "rescue", "resemble", "resist", "resource", "response", "result", "retire", "retreat", "return", "reunion", "reveal", "review", "reward", "rhythm", "rib", "ribbon", "rice", "rich", "ride", "ridge", "rifle", "right", "rigid", "ring", "riot", "ripple", "risk", "ritual", "rival", "river", "road", "roast", "robot", "robust", "rocket", "romance", "roof", "rookie", "room", "rose", "rotate", "rough", "round", "route", "royal", "rubber", "rude", "rug", "rule", "run", "runway", "rural", "sad", "saddle", "sadness", "safe", "sail", "salad", "salmon", "salon", "salt", "salute", "same", "sample", "sand", "satisfy", "satoshi", "sauce", "sausage", "save", "say", "scale", "scan", "scare", "scatter", "scene", "scheme", "school", "science", "scissors", "scorpion", "scout", "scrap", "screen", "script", "scrub", "sea", "search", "season", "seat", "second", "secret", "section", "security", "seed", "seek", "segment", "select", "sell", "seminar", "senior", "sense", "sentence", "series", "service", "session", "settle", "setup", "seven", "shadow", "shaft", "shallow", "share", "shed", "shell", "sheriff", "shield", "shift", "shine", "ship", "shiver", "shock", "shoe", "shoot", "shop", "short", "shoulder", "shove", "shrimp", "shrug", "shuffle", "shy", "sibling", "sick", "side", "siege", "sight", "sign", "silent", "silk", "silly", "silver", "similar", "simple", "since", "sing", "siren", "sister", "situate", "six", "size", "skate", "sketch", "ski", "skill", "skin", "skirt", "skull", "slab", "slam", "sleep", "slender", "slice", "slide", "slight", "slim", "slogan", "slot", "slow", "slush", "small", "smart", "smile", "smoke", "smooth", "snack", "snake", "snap", "sniff", "snow", "soap", "soccer", "social", "sock", "soda", "soft", "solar", "soldier", "solid", "solution", "solve", "someone", "song", "soon", "sorry", "sort", "soul", "sound", "soup", "source", "south", "space", "spare", "spatial", "spawn", "speak", "special", "speed", "spell", "spend", "sphere", "spice", "spider", "spike", "spin", "spirit", "split", "spoil", "sponsor", "spoon", "sport", "spot", "spray", "spread", "spring", "spy", "square", "squeeze", "squirrel", "stable", "stadium", "staff", "stage", "stairs", "stamp", "stand", "start", "state", "stay", "steak", "steel", "stem", "step", "stereo", "stick", "still", "sting", "stock", "stomach", "stone", "stool", "story", "stove", "strategy", "street", "strike", "strong", "struggle", "student", "stuff", "stumble", "style", "subject", "submit", "subway", "success", "such", "sudden", "suffer", "sugar", "suggest", "suit", "summer", "sun", "sunny", "sunset", "super", "supply", "supreme", "sure", "surface", "surge", "surprise", "surround", "survey", "suspect", "sustain", "swallow", "swamp", "swap", "swarm", "swear", "sweet", "swift", "swim", "swing", "switch", "sword", "symbol", "symptom", "syrup", "system", "table", "tackle", "tag", "tail", "talent", "talk", "tank", "tape", "target", "task", "taste", "tattoo", "taxi", "teach", "team", "tell", "ten", "tenant", "tennis", "tent", "term", "test", "text", "thank", "that", "theme", "then", "theory", "there", "they", "thing", "this", "thought", "three", "thrive", "throw", "thumb", "thunder", "ticket", "tide", "tiger", "tilt", "timber", "time", "tiny", "tip", "tired", "tissue", "title", "toast", "tobacco", "today", "toddler", "toe", "together", "toilet", "token", "tomato", "tomorrow", "tone", "tongue", "tonight", "tool", "tooth", "top", "topic", "topple", "torch", "tornado", "tortoise", "toss", "total", "tourist", "toward", "tower", "town", "toy", "track", "trade", "traffic", "tragic", "train", "transfer", "trap", "trash", "travel", "tray", "treat", "tree", "trend", "trial", "tribe", "trick", "trigger", "trim", "trip", "trophy", "trouble", "truck", "true", "truly", "trumpet", "trust", "truth", "try", "tube", "tuition", "tumble", "tuna", "tunnel", "turkey", "turn", "turtle", "twelve", "twenty", "twice", "twin", "twist", "two", "type", "typical", "ugly", "umbrella", "unable", "unaware", "uncle", "uncover", "under", "undo", "unfair", "unfold", "unhappy", "uniform", "unique", "unit", "universe", "unknown", "unlock", "until", "unusual", "unveil", "update", "upgrade", "uphold", "upon", "upper", "upset", "urban", "urge", "usage", "use", "used", "useful", "useless", "usual", "utility", "vacant", "vacuum", "vague", "valid", "valley", "valve", "van", "vanish", "vapor", "various", "vast", "vault", "vehicle", "velvet", "vendor", "venture", "venue", "verb", "verify", "version", "very", "vessel", "veteran", "viable", "vibrant", "vicious", "victory", "video", "view", "village", "vintage", "violin", "virtual", "virus", "visa", "visit", "visual", "vital", "vivid", "vocal", "voice", "void", "volcano", "volume", "vote", "voyage", "wage", "wagon", "wait", "walk", "wall", "walnut", "want", "warfare", "warm", "warrior", "wash", "wasp", "waste", "water", "wave", "way", "wealth", "weapon", "wear", "weasel", "weather", "web", "wedding", "weekend", "weird", "welcome", "west", "wet", "whale", "what", "wheat", "wheel", "when", "where", "whip", "whisper", "wide", "width", "wife", "wild", "will", "win", "window", "wine", "wing", "wink", "winner", "winter", "wire", "wisdom", "wise", "wish", "witness", "wolf", "woman", "wonder", "wood", "wool", "word", "work", "world", "worry", "worth", "wrap", "wreck", "wrestle", "wrist", "write", "wrong", "yard", "year", "yellow", "you", "young", "youth", "zebra", "zero", "zone", "zoo" ]一、HD錢包的核心概念與價值
HD錢包(Hierarchical Deterministic Wallet)即分層確定性錢包,是一種能夠從單一種子生成并管理大量私鑰的錢包結(jié)構(gòu)。其核心優(yōu)勢體現(xiàn)在兩個方面:
- 確定性(Deterministic):所有私鑰都由一個初始種子(Seed)推導(dǎo)而來,種子不變則私鑰序列不變
- 分層(Hierarchical):私鑰按樹狀層級結(jié)構(gòu)組織,便于多賬戶、多場景管理
這種設(shè)計徹底解決了傳統(tǒng)錢包的兩大痛點:私鑰管理復(fù)雜(需備份多個私鑰)和跨設(shè)備同步困難,為區(qū)塊鏈資產(chǎn)管理提供了標(biāo)準(zhǔn)化解決方案。
二、HD錢包的底層協(xié)議基石
HD錢包的實現(xiàn)依賴于一系列比特幣改進(jìn)協(xié)議(BIP),這些協(xié)議共同構(gòu)成了其技術(shù)標(biāo)準(zhǔn):
1. BIP-32:分層確定性密鑰派生
BIP-32是HD錢包的核心協(xié)議,定義了從根私鑰派生子私鑰的數(shù)學(xué)方法。它通過橢圓曲線加密算法(ECDSA)實現(xiàn)密鑰的層級派生,主要解決了兩個問題:
- 如何從父私鑰生成子私鑰
- 如何從父公鑰生成子公鑰(無需暴露私鑰)
核心原理:通過HMAC-SHA512算法對父密鑰和索引進(jìn)行計算,生成子密鑰。派生分為兩種類型:
- 普通派生:使用非 hardened 索引(0-2^31-1),可從公鑰派生
- 強(qiáng)化派生:使用 hardened 索引(231-232-1),標(biāo)記為
i',只能從私鑰派生
// BIP-32 子私鑰派生簡化實現(xiàn)
private byte[] deriveChildPrivateKey(byte[] parentPrivateKey, int index) {
byte[] indexBytes = ByteBuffer.allocate(4).putInt(index).array();
byte[] data;
// 強(qiáng)化派生與普通派生的數(shù)據(jù)拼接方式不同
if (isHardened(index)) {
// 強(qiáng)化派生:0x00 + 父私鑰 + 索引
data = ArrayUtils.addAll(new byte[]{0x00}, ArrayUtils.addAll(parentPrivateKey, indexBytes));
} else {
// 普通派生:父公鑰 + 索引
byte[] parentPublicKey = derivePublicKey(parentPrivateKey);
data = ArrayUtils.addAll(parentPublicKey, indexBytes);
}
// 使用HMAC-SHA512計算派生結(jié)果
Mac mac = Mac.getInstance("HmacSHA512");
mac.init(new SecretKeySpec(parentChainCode, "HmacSHA512"));
byte[] i = mac.doFinal(data);
// 前32字節(jié)為子私鑰,后32字節(jié)為子鏈碼
byte[] childPrivateKey = Arrays.copyOfRange(i, 0, 32);
// ... 橢圓曲線加法計算最終子私鑰
return childPrivateKey;
}
2. BIP-39:助記詞標(biāo)準(zhǔn)化
BIP-39解決了種子(Seed)的人類可讀性問題,將隨機(jī)數(shù)種子轉(zhuǎn)換為易記的單詞序列(助記詞)。其核心價值在于:
- 簡化備份:12-24個單詞比128-256位隨機(jī)數(shù)更易記憶和抄寫
- 增強(qiáng)兼容性:統(tǒng)一助記詞格式,使不同錢包間可相互恢復(fù)
3. BIP-44:多幣種路徑規(guī)范
BIP-44在BIP-32基礎(chǔ)上,定義了一套統(tǒng)一的路徑格式,用于區(qū)分不同幣種和賬戶:
m / purpose' / coin_type' / account' / change / address_index
每個字段的含義:
m:表示從根私鑰開始purpose':固定為44',標(biāo)識遵循BIP-44標(biāo)準(zhǔn)coin_type':幣種類型(如比特幣0',以太坊60',完整列表見SLIP-44)account':賬戶索引(0開始,用于區(qū)分不同賬戶)change:0表示外部地址(接收資金),1表示內(nèi)部地址(找零)address_index:地址索引(0開始,用于生成多個地址)
三、助記詞生成規(guī)則與流程
助記詞的生成是HD錢包初始化的關(guān)鍵步驟,嚴(yán)格遵循BIP-39標(biāo)準(zhǔn),完整流程如下:
1. 生成隨機(jī)熵(Entropy)
熵是助記詞的源頭,必須是128-256位的隨機(jī)數(shù),且為32的倍數(shù):
- 128位 → 12個助記詞
- 160位 → 15個助記詞
- 192位 → 18個助記詞
- 224位 → 21個助記詞
- 256位 → 24個助記詞
// 生成指定長度的隨機(jī)熵
private byte[] generateEntropy(int bits) {
if (bits % 32 != 0 || bits < 128 || bits > 256) {
throw new IllegalArgumentException("熵必須是32的倍數(shù),且在128-256位之間");
}
int bytesLength = bits / 8;
byte[] entropy = new byte[bytesLength];
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(entropy); // 使用加密安全的隨機(jī)數(shù)生成器
return entropy;
}
2. 計算校驗和(Checksum)
校驗和用于驗證熵的完整性,計算方式:
- 對熵進(jìn)行SHA-256哈希
- 取哈希結(jié)果的前
熵位數(shù)/32位作為校驗和
// 計算校驗和
private byte[] calculateChecksum(byte[] entropy) throws NoSuchAlgorithmException {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(entropy);
int checksumLength = entropy.length * 8 / 32; // 熵位數(shù)/32
return Arrays.copyOf(hash, (checksumLength + 7) / 8); // 向上取整為字節(jié)
}
3. 拼接熵與校驗和
將熵和校驗和按位拼接,形成總長度為熵位數(shù) + 校驗和位數(shù)的序列,該總長度一定是11的倍數(shù):
// 拼接熵和校驗和(按位操作)
private BitSet concatenateEntropyAndChecksum(byte[] entropy, byte[] checksum, int entropyBits) {
int checksumBits = entropyBits / 32;
BitSet entropyBitset = BitSet.valueOf(entropy);
BitSet checksumBitset = BitSet.valueOf(checksum);
BitSet combined = new BitSet(entropyBits + checksumBits);
// 復(fù)制熵的所有位
for (int i = 0; i < entropyBits; i++) {
combined.set(i, entropyBitset.get(i));
}
// 復(fù)制校驗和的前checksumBits位
for (int i = 0; i < checksumBits; i++) {
combined.set(entropyBits + i, checksumBitset.get(i));
}
return combined;
}
4. 分割為11位分組
將拼接后的序列按11位一組分割,每組對應(yīng)0-2047的整數(shù)(BIP-39詞表索引):
// 分割為11位分組并映射到詞表
private List<String> bitsToMnemonic(BitSet combined, int wordCount, List<String> wordlist) {
List<String> mnemonic = new ArrayList<>(wordCount);
for (int i = 0; i < wordCount; i++) {
int start = i * 11;
int end = start + 11;
// 計算11位對應(yīng)的整數(shù)索引
int index = 0;
for (int j = start; j < end; j++) {
index <<= 1;
if (combined.get(j)) {
index |= 1;
}
}
mnemonic.add(wordlist.get(index));
}
return mnemonic;
}
5. 映射到BIP-39詞表
每組11位整數(shù)對應(yīng)詞表中的一個單詞,詞表包含2048個固定單詞(多語言版本),確保不同錢包間的兼容性。
完整代碼實現(xiàn)
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.BitSet;
import java.util.List;
public class BIP39Generator {
// BIP-39英文詞表(完整詞表包含2048個單詞)
private static final List<String> ENGLISH_WORDLIST = Arrays.asList(
"abandon", "ability", "able", "about", "above", "absent", "absorb", "abstract", "absurd", "abuse",
"access", "accident", "account", "accuse", "achieve", "acid", "acoustic", "acquire", "across", "act",
// ... 省略中間2028個單詞 ...
"zone", "zoo", "zoom", "zombie", "zodiac", "zero", "zealous", "zap", "youth", "yield"
);
/**
* 生成助記詞
* @param entropyBits 熵的位數(shù)(128, 160, 192, 224, 256)
* @return 助記詞列表
*/
public static List<String> generateMnemonic(int entropyBits) throws NoSuchAlgorithmException {
// 1. 生成隨機(jī)熵
byte[] entropy = generateEntropy(entropyBits);
// 2. 計算校驗和
byte[] checksum = calculateChecksum(entropy);
// 3. 拼接熵和校驗和
BitSet combined = concatenateEntropyAndChecksum(entropy, checksum, entropyBits);
// 4. 計算助記詞數(shù)量
int wordCount = (entropyBits + (entropyBits / 32)) / 11;
// 5. 轉(zhuǎn)換為助記詞
return bitsToMnemonic(combined, wordCount, ENGLISH_WORDLIST);
}
/**
* 生成隨機(jī)熵
*/
private static byte[] generateEntropy(int bits) {
if (bits % 32 != 0 || bits < 128 || bits > 256) {
throw new IllegalArgumentException("熵必須是32的倍數(shù),且在128-256位之間");
}
int bytesLength = bits / 8;
byte[] entropy = new byte[bytesLength];
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(entropy);
return entropy;
}
/**
* 計算校驗和
*/
private static byte[] calculateChecksum(byte[] entropy) throws NoSuchAlgorithmException {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(entropy);
int checksumBits = entropy.length * 8 / 32;
return Arrays.copyOf(hash, (checksumBits + 7) / 8);
}
/**
* 拼接熵和校驗和
*/
private static BitSet concatenateEntropyAndChecksum(byte[] entropy, byte[] checksum, int entropyBits) {
int checksumBits = entropyBits / 32;
BitSet entropyBitset = BitSet.valueOf(entropy);
BitSet checksumBitset = BitSet.valueOf(checksum);
BitSet combined = new BitSet(entropyBits + checksumBits);
// 復(fù)制熵的所有位
for (int i = 0; i < entropyBits; i++) {
combined.set(i, entropyBitset.get(i));
}
// 復(fù)制校驗和的前checksumBits位
for (int i = 0; i < checksumBits; i++) {
combined.set(entropyBits + i, checksumBitset.get(i));
}
return combined;
}
/**
* 將位集合轉(zhuǎn)換為助記詞
*/
private static List<String> bitsToMnemonic(BitSet combined, int wordCount, List<String> wordlist) {
if (wordlist.size() != 2048) {
throw new IllegalArgumentException("詞表必須包含2048個單詞");
}
List<String> mnemonic = new ArrayList<>(wordCount);
for (int i = 0; i < wordCount; i++) {
int start = i * 11;
int end = start + 11;
// 計算11位對應(yīng)的整數(shù)索引
int index = 0;
for (int j = start; j < end; j++) {
index <<= 1;
if (combined.get(j)) {
index |= 1;
}
}
mnemonic.add(wordlist.get(index));
}
return mnemonic;
}
/**
* 從助記詞生成種子
*/
public static byte[] mnemonicToSeed(List<String> mnemonic, String passphrase) throws Exception {
String mnemonicStr = String.join(" ", mnemonic);
String salt = "mnemonic" + (passphrase == null ? "" : passphrase);
// 使用PBKDF2算法生成512位種子
javax.crypto.SecretKeyFactory factory = javax.crypto.SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
javax.crypto.spec.PBEKeySpec spec = new javax.crypto.spec.PBEKeySpec(
mnemonicStr.toCharArray(),
salt.getBytes("UTF-8"),
2048, // 迭代次數(shù)
512 // 輸出長度(位)
);
return factory.generateSecret(spec).getEncoded();
}
public static void main(String[] args) {
try {
// 生成12個助記詞(128位熵)
List<String> mnemonic = generateMnemonic(128);
System.out.println("生成的助記詞:");
System.out.println(String.join(" ", mnemonic));
// 從助記詞生成種子
byte[] seed = mnemonicToSeed(mnemonic, ""); // 可選密碼
System.out.println("\n生成的種子 (十六進(jìn)制):");
System.out.println(bytesToHex(seed));
} catch (Exception e) {
e.printStackTrace();
}
}
// 字節(jié)數(shù)組轉(zhuǎn)十六進(jìn)制字符串
private static String bytesToHex(byte[] bytes) {
StringBuilder sb = new StringBuilder();
for (byte b : bytes) {
sb.append(String.format("%02x", b));
}
return sb.toString();
}
}
四、從助記詞到私鑰的完整鏈路
助記詞只是HD錢包的起點,從助記詞到最終可用的私鑰,還需要經(jīng)過以下步驟:
-
助記詞 → 種子(Seed)
通過PBKDF2算法,使用助記詞和可選密碼(passphrase)生成512位種子:- 鹽值(salt)固定為 "mnemonic" + 密碼
- 迭代次數(shù):2048次
- 哈希算法:HMAC-SHA512
-
種子 → 根私鑰(Master Private Key)
使用HMAC-SHA512算法,以"Bitcoin seed"為密鑰,對種子進(jìn)行哈希,得到:- 前32字節(jié):根私鑰
- 后32字節(jié):根鏈碼(Chain Code,用于派生子密鑰)
-
根私鑰 → 子私鑰
根據(jù)BIP-32規(guī)則,通過根私鑰和鏈碼,結(jié)合BIP-44路徑,派生各層級的子私鑰。 -
私鑰 → 公鑰 → 地址
每個私鑰通過橢圓曲線算法生成對應(yīng)的公鑰,公鑰經(jīng)過哈希等處理后生成最終的區(qū)塊鏈地址。 -
從助記詞到多鏈地址的生成代碼實現(xiàn)(python簡易實現(xiàn))
import hashlib
import hmac
import os
import binascii
from typing import List, Dict, Tuple
from ecdsa import SECP256k1, SigningKey
from ecdsa.util import sigencode_string_canonize
import bech32
# BIP-39完整英文詞表(部分展示)
ENGLISH_WORDLIST = [
"abandon", "ability", "able", "about", "above", "absent", "absorb", "abstract", "absurd", "abuse",
"access", "accident", "account", "accuse", "achieve", "acid", "acoustic", "acquire", "across", "act",
# ... 省略中間單詞 ...
"zone", "zoo", "zoom", "zombie", "zodiac", "zero", "zealous", "zap", "youth", "yield"
]
# 鏈類型與BIP-44路徑映射
CHAIN_PATHS = {
"BTC": "m/44'/0'/0'/0/0", # 比特幣主網(wǎng)
"ETH": "m/44'/60'/0'/0/0", # 以太坊主網(wǎng)
"BSC": "m/44'/56'/0'/0/0" # 幣安智能鏈
}
def mnemonic_to_seed(mnemonic: List[str], passphrase: str = "") -> bytes:
"""從助記詞生成種子"""
mnemonic_str = " ".join(mnemonic)
salt = f"mnemonic{passphrase}".encode()
return hashlib.pbkdf2_hmac(
"sha512",
mnemonic_str.encode(),
salt,
2048,
64
)
def generate_mnemonic(entropy_bits: int = 128) -> List[str]:
"""生成助記詞"""
if entropy_bits % 32 != 0 or not (128 <= entropy_bits <= 256):
raise ValueError("熵必須是32的倍數(shù)(128-256位)")
entropy = os.urandom(entropy_bits // 8)
checksum = hashlib.sha256(entropy).digest()[0] >> (8 - (entropy_bits // 32))
combined = (int.from_bytes(entropy, 'big') << (entropy_bits // 32)) | checksum
mnemonic = []
for i in range(entropy_bits // 32 * 3):
index = (combined >> (11 * (entropy_bits // 32 * 3 - 1 - i))) & 0x7FF
mnemonic.append(ENGLISH_WORDLIST[index])
return mnemonic
def hmac_sha512(key: bytes, data: bytes) -> bytes:
"""HMAC-SHA512計算"""
return hmac.new(key, data, hashlib.sha512).digest()
def derive_child_key(parent_private_key: bytes, parent_chain_code: bytes, index: int) -> Tuple[bytes, bytes]:
"""BIP-32子密鑰派生"""
if index >= 0x80000000: # 強(qiáng)化派生
data = b'\x00' + parent_private_key + index.to_bytes(4, 'big')
else: # 普通派生
# 從私鑰計算公鑰
sk = SigningKey.from_string(parent_private_key, curve=SECP256k1)
pk = sk.get_verifying_key().to_string('compressed')
data = pk + index.to_bytes(4, 'big')
# 計算HMAC-SHA512
i = hmac_sha512(parent_chain_code, data)
i_l = i[:32] # 子私鑰部分
i_r = i[32:] # 子鏈碼
# 橢圓曲線加法計算最終子私鑰
parent_private_num = int.from_bytes(parent_private_key, 'big')
i_l_num = int.from_bytes(i_l, 'big')
curve_order = SECP256k1.order
child_private_num = (parent_private_num + i_l_num) % curve_order
return (child_private_num.to_bytes(32, 'big'), i_r)
def derive_path(seed: bytes, path: str) -> Tuple[bytes, bytes]:
"""從種子按BIP-44路徑派生密鑰"""
# 生成根密鑰
h = hmac_sha512(b"Bitcoin seed", seed)
master_private_key = h[:32]
master_chain_code = h[32:]
# 解析路徑
parts = path.split('/')[1:] # 跳過'm'
current_private_key = master_private_key
current_chain_code = master_chain_code
for part in parts:
# 處理強(qiáng)化派生標(biāo)記'
if part.endswith("'"):
index = int(part[:-1]) + 0x80000000
else:
index = int(part)
# 派生子密鑰
current_private_key, current_chain_code = derive_child_key(
current_private_key, current_chain_code, index
)
return (current_private_key, current_chain_code)
def private_key_to_public_key(private_key: bytes, compressed: bool = True) -> bytes:
"""從私鑰生成公鑰"""
sk = SigningKey.from_string(private_key, curve=SECP256k1)
vk = sk.get_verifying_key()
return vk.to_string('compressed' if compressed else 'uncompressed')
def public_key_to_eth_address(public_key: bytes) -> str:
"""將公鑰轉(zhuǎn)換為以太坊地址"""
# 以太坊地址是公鑰哈希的后20字節(jié)
keccak = hashlib.new('keccak_256')
keccak.update(public_key[1:]) # 移除前綴0x04
return '0x' + keccak.digest()[-20:].hex()
def public_key_to_btc_address(public_key: bytes) -> str:
"""將公鑰轉(zhuǎn)換為比特幣地址(Bech32格式)"""
# 計算哈希
sha256 = hashlib.sha256(public_key).digest()
ripemd160 = hashlib.new('ripemd160', sha256).digest()
# Bech32編碼(主網(wǎng)前綴'bc')
return bech32.encode('bc', bech32.convertbits(ripemd160, 8, 5))
def generate_chain_addresses(mnemonic: List[str], chains: List[str] = None) -> Dict[str, Dict[str, str]]:
"""生成指定鏈的私鑰、公鑰和地址"""
if not chains:
chains = CHAIN_PATHS.keys()
result = {}
seed = mnemonic_to_seed(mnemonic)
for chain in chains:
if chain not in CHAIN_PATHS:
continue
path = CHAIN_PATHS[chain]
private_key, _ = derive_path(seed, path)
public_key = private_key_to_public_key(private_key, compressed=chain == "BTC")
# 根據(jù)不同鏈生成地址
if chain in ["ETH", "BSC"]: # ETH和BSC地址格式相同
address = public_key_to_eth_address(public_key)
elif chain == "BTC":
address = public_key_to_btc_address(public_key)
result[chain] = {
"path": path,
"private_key": binascii.hexlify(private_key).decode(),
"public_key": binascii.hexlify(public_key).decode(),
"address": address
}
return result
def main():
# 1. 生成助記詞
mnemonic = generate_mnemonic(128) # 12個單詞
print("助記詞:")
print(" ".join(mnemonic) + "\n")
# 2. 生成多鏈地址信息
chain_data = generate_chain_addresses(mnemonic)
# 3. 輸出結(jié)果
for chain, data in chain_data.items():
print(f"=== {chain} 信息 ===")
print(f"路徑: {data['path']}")
print(f"私鑰: {data['private_key']}")
print(f"公鑰: {data['public_key']}")
print(f"地址: {data['address']}\n")
if __name__ == "__main__":
main()
五、實際應(yīng)用與注意事項
1. 多鏈地址生成
同一份助記詞可生成不同鏈的地址,只需使用對應(yīng)鏈的BIP-44路徑:
| 區(qū)塊鏈 | coin_type | 地址路徑示例 |
|---|---|---|
| 比特幣 | 0' | m/44'/0'/0'/0/0 |
| 以太坊 | 60' | m/44'/60'/0'/0/0 |
| BSC | 56' | m/44'/56'/0'/0/0 |
| 萊特幣 | 2' | m/44'/2'/0'/0/0 |
2. 安全性最佳實踐
- 助記詞備份:手寫備份,離線存儲,避免數(shù)字記錄
- 密碼保護(hù):使用強(qiáng)密碼(passphrase)增強(qiáng)種子安全性
- 隨機(jī)數(shù)質(zhì)量:確保熵的生成使用加密安全的隨機(jī)數(shù)生成器
- 路徑規(guī)范:使用標(biāo)準(zhǔn)路徑,避免自定義路徑導(dǎo)致的兼容性問題
3. 常見問題
- 助記詞順序重要嗎? 是的,單詞順序錯誤會導(dǎo)致種子錯誤
- 可以修改助記詞中的單詞嗎? 不可以,任何修改會導(dǎo)致校驗和不匹配
- 忘記密碼(passphrase)怎么辦? 無法恢復(fù),需使用無密碼方式重新導(dǎo)入
- 不同錢包導(dǎo)入同一份助記詞,地址相同嗎? 遵循相同BIP標(biāo)準(zhǔn)的錢包會生成相同地址
六、總結(jié)
HD錢包通過BIP-32、BIP-39和BIP-44等協(xié)議的有機(jī)結(jié)合,構(gòu)建了一套安全、便捷、可擴(kuò)展的私鑰管理系統(tǒng)。其核心創(chuàng)新在于:
- 用助記詞解決了私鑰的備份難題
- 用分層結(jié)構(gòu)實現(xiàn)了多賬戶的有序管理
- 用標(biāo)準(zhǔn)化路徑支持了多幣種的統(tǒng)一管理
七、相關(guān)面試問題
以下是針對BIP32、BIP39、BIP44/49/84/86的核心面試點及詳細(xì)解答,涵蓋原理、流程、關(guān)鍵細(xì)節(jié)及實際應(yīng)用場景,適合面試準(zhǔn)備和技術(shù)理解。
一、BIP32(分層確定性錢包)面試點
1. 核心問題:BIP32解決了什么問題?為什么需要分層確定性錢包?
解答:
傳統(tǒng)錢包中,每個地址對應(yīng)獨立的私鑰,管理時需要備份所有私鑰(繁瑣且易丟失)。BIP32(Bitcoin Improvement Proposal 32)提出“分層確定性錢包(HD Wallet)”概念,通過一個種子生成所有私鑰,且私鑰間存在層級關(guān)系(父子、兄弟),解決了以下問題:
- 只需備份一個種子,即可恢復(fù)所有私鑰(無需逐個備份);
- 支持層級結(jié)構(gòu)(如按賬戶、鏈、地址類型分組),便于管理(如區(qū)分“接收地址”和“找零地址”);
- 可安全共享子公鑰(如商家公開子公鑰讓客戶轉(zhuǎn)賬,無需暴露私鑰)。
2. 核心問題:BIP32的“派生過程”是什么?父密鑰如何生成子密鑰?
解答:
BIP32的核心是“從父密鑰派生子密鑰”,通過“擴(kuò)展密鑰(Extended Key)”實現(xiàn)。擴(kuò)展密鑰包含兩部分:
- 私鑰/公鑰(256位):用于簽名或驗證;
- 鏈碼(Chain Code,256位):隨機(jī)數(shù),用于增強(qiáng)派生安全性(避免子密鑰泄露導(dǎo)致父密鑰被推導(dǎo))。
(1)擴(kuò)展密鑰的分類:
- 擴(kuò)展私鑰(xprv):包含私鑰+鏈碼,可派生所有子私鑰和子公鑰;
- 擴(kuò)展公鑰(xpub):包含公鑰+鏈碼,僅可派生子公鑰(無法派生私鑰,適合共享)。
(2)派生流程(核心):
派生分為“非強(qiáng)化派生(non-hardened)”和“強(qiáng)化派生(hardened)”,區(qū)別在于輸入?yún)?shù)不同:
-
非強(qiáng)化派生(子索引
i < 2^31):
父公鑰可直接派生子公鑰(無需父私鑰),適合共享xpub生成地址。- 子鏈碼計算:
HMAC-SHA512(父鏈碼, 父公鑰 + 4字節(jié)索引i) → 前256位為子鏈碼; - 子私鑰計算:
(父私鑰 + 子鏈碼前256位) mod 橢圓曲線階數(shù)n; - 子公鑰計算:
子私鑰 * G(橢圓曲線點乘,G為生成點),或直接通過父xpub派生(父公鑰 + 子鏈碼前256位 * G)。
- 子鏈碼計算:
-
強(qiáng)化派生(子索引
i ≥ 2^31,記為i'):
必須用父私鑰派生,避免“子私鑰泄露導(dǎo)致父私鑰被推導(dǎo)”(安全增強(qiáng))。- 子鏈碼計算:
HMAC-SHA512(父鏈碼, 0x00 + 父私鑰 + 4字節(jié)索引i) → 前256位為子鏈碼; - 子私鑰計算:
(父私鑰 + 子鏈碼前256位) mod n; - 子公鑰計算:
子私鑰 * G。
- 子鏈碼計算:
(3)關(guān)鍵區(qū)別:
- 非強(qiáng)化派生:父xpub可派生所有子公鑰,適合“只讀場景”(如公開收款地址);但如果子私鑰泄露,結(jié)合父xpub可推導(dǎo)出父私鑰(風(fēng)險)。
- 強(qiáng)化派生:必須用父私鑰派生,子私鑰泄露不會影響父私鑰(安全),但父xpub無法派生子公鑰(需用父xprv)。
3. 追問點:擴(kuò)展密鑰的格式是什么?如何序列化?
解答:
擴(kuò)展密鑰需序列化后存儲/傳輸,格式為Base58編碼,包含:
- 版本號(4字節(jié),區(qū)分主網(wǎng)/測試網(wǎng),如主網(wǎng)xprv為
0x0488ADE4,xpub為0x0488B21E); - 深度(1字節(jié),根節(jié)點為0,子節(jié)點為1,以此類推);
- 父節(jié)點指紋(4字節(jié),父公鑰哈希的前4字節(jié),根節(jié)點為0);
- 子索引(4字節(jié),派生時的索引i);
- 鏈碼(32字節(jié));
- 私鑰/公鑰(33字節(jié),私鑰前加0x00,公鑰為壓縮格式)。
二、BIP39(助記詞)面試點
1. 核心問題:BIP39的作用是什么?為什么需要助記詞?
解答:
BIP39定義了“助記詞(Mnemonic Phrase)”標(biāo)準(zhǔn),將BIP32的“種子(128-256位隨機(jī)數(shù))”轉(zhuǎn)換為人類易記的單詞序列(替代冗長的十六進(jìn)制種子),解決了“種子備份困難”的問題。
- 例如:256位種子(64個十六進(jìn)制字符)可轉(zhuǎn)換為24個單詞,便于手寫備份(如“abandon abandon ... zoo”)。
2. 核心問題:助記詞的生成流程是什么?(熵→校驗和→單詞映射)
解答:
生成流程分5步,核心是“熵→校驗和→單詞索引”的轉(zhuǎn)換:
-
生成熵(Entropy):
熵是隨機(jī)數(shù),長度為128-256位(必須是32的倍數(shù)),對應(yīng)助記詞數(shù)量:- 128位熵 → 12個單詞;
- 160位熵 → 15個單詞;
- 192位熵 → 18個單詞;
- 224位熵 → 21個單詞;
- 256位熵 → 24個單詞。
-
計算校驗和:
對熵做SHA-256哈希,取前熵長度/32位作為校驗和(如128位熵→4位校驗和,256位熵→8位校驗和)。 -
合并熵和校驗和:
將熵(128位)和校驗和(4位)拼接,得到128+4=132位的二進(jìn)制串(12個單詞對應(yīng)12組,每組11位)。 -
分割為單詞索引:
將合并后的二進(jìn)制串按11位一組分割(11位可表示0-2047的索引,對應(yīng)詞庫大小)。 -
映射到詞庫:
每組11位索引對應(yīng)詞庫中固定位置的單詞,最終形成助記詞序列。
示例(12個單詞生成):
- 熵(128位):
00000000000000000000000000000000 - SHA-256哈希(前4位):
0000(校驗和) - 合并后:
000000000000000000000000000000000000(132位) - 分割為12組(每組11位):
00000000000(索引0)重復(fù)12次 - 詞庫中索引0為“abandon”,最終助記詞:
abandon abandon ... abandon(12次)。
3. 核心問題:助記詞如何轉(zhuǎn)換為BIP32的種子?(關(guān)鍵步驟)
解答:
助記詞需通過PBKDF2函數(shù)轉(zhuǎn)換為BIP32的種子(512位),流程:
- 輸入:助記詞字符串(單詞用空格分隔)+ 鹽(Salt);
- 鹽固定為:
"mnemonic" + 密碼(密碼可選,增強(qiáng)安全性,若無密碼則鹽為"mnemonic"); - 算法:PBKDF2-HMAC-SHA512,迭代次數(shù)2048次;
- 輸出:512位種子(作為BIP32的根密鑰輸入)。
代碼片段(Python):
import hashlib
import hmac
def mnemonic_to_seed(mnemonic: str, passphrase: str = "") -> bytes:
salt = f"mnemonic{passphrase}".encode() # 鹽格式固定
# PBKDF2計算:2048次迭代,輸出512位
return hashlib.pbkdf2_hmac(
hash_name="sha512",
password=mnemonic.encode(),
salt=salt,
iterations=2048,
dklen=64 # 512位=64字節(jié)
)
4. 核心問題:如何驗證助記詞的有效性?
解答:
驗證流程是生成流程的逆過程:
- 將助記詞通過詞庫映射回11位二進(jìn)制組,拼接為完整二進(jìn)制串(熵+校驗和);
- 分離熵和校驗和(校驗和長度=熵長度/32);
- 對熵計算SHA-256哈希,取前N位與校驗和對比,一致則有效。
5. 關(guān)鍵細(xì)節(jié):BIP39詞庫的特點?
- 詞庫包含2048個單詞(2^11=2048,對應(yīng)11位索引);
- 單詞唯一且無歧義(如無“apple”和“apples”同時出現(xiàn),避免混淆);
- 支持多語言(中文、英文等),但同索引在不同語言中對應(yīng)不同單詞(但生成的種子唯一,與語言無關(guān))。
三、BIP44/49/84/86(地址派生路徑)面試點
1. 核心問題:BIP44的作用是什么?路徑結(jié)構(gòu)是什么?
解答:
BIP44定義了HD錢包的標(biāo)準(zhǔn)化派生路徑,解決不同錢包間的兼容性問題(確保同一種子在不同錢包中生成相同地址)。
路徑結(jié)構(gòu)(分層):
m / purpose' / coin_type' / account' / change / address_index
各字段含義:
m:根私鑰(種子派生的根節(jié)點);purpose':固定為44'(BIP44標(biāo)識,帶'表示強(qiáng)化派生);coin_type':區(qū)塊鏈類型(如比特幣=0',以太坊=60',萊特幣=2',帶'強(qiáng)化派生);account':賬戶索引(從0'開始,用于區(qū)分不同賬戶,強(qiáng)化派生);change:0=外部地址(接收轉(zhuǎn)賬),1=內(nèi)部地址(找零),非強(qiáng)化派生;address_index:地址索引(從0開始,非強(qiáng)化派生,按順序生成新地址)。
示例:
比特幣第0賬戶的第1個接收地址路徑:m/44'/0'/0'/0/0
2. 核心問題:BIP44、49、84、86的區(qū)別是什么?各自的使用場景?
解答:
這四個BIP均基于BIP44的路徑結(jié)構(gòu),核心區(qū)別是purpose字段和對應(yīng)的地址格式(因區(qū)塊鏈地址格式升級而衍生)。
| 標(biāo)準(zhǔn) | purpose字段 | 地址格式 | 特點/場景 |
|---|---|---|---|
| BIP44 | 44' | Legacy(P2PKH) | 最早的比特幣地址(如1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa),兼容性強(qiáng)但效率低 |
| BIP49 | 49' | 嵌套隔離見證(P2SH-P2WPKH) | 兼容Legacy錢包的隔離見證地址(如3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy),平衡兼容性和效率 |
| BIP84 | 84' | 原生隔離見證(P2WPKH) | 比特幣bech32格式(如bc1qar0srrr7xfkvy5l643lydnw9re59gtzzwf5mdq),體積小、手續(xù)費低 |
| BIP86 | 86' | Taproot(P2TR) | 比特幣Taproot地址(如bc1p5d7rjq7g6rdk2yhzks9smlaqtedr4dekq08ge8ztwac72sfr9rusxg3297),支持復(fù)雜腳本、隱私性和擴(kuò)展性更強(qiáng) |
3. 核心問題:不同區(qū)塊鏈的coin_type如何區(qū)分?
解答:
coin_type用于區(qū)分不同區(qū)塊鏈,由SLIP-44(BIP44的補(bǔ)充)定義,常見值:
- 比特幣(主網(wǎng)):0';
- 以太坊(主網(wǎng)):60';
- 萊特幣(主網(wǎng)):2';
- 比特幣測試網(wǎng):1'。
示例:
以太坊第0賬戶接收地址路徑:m/44'/60'/0'/0/0
4. 關(guān)鍵細(xì)節(jié):為什么purpose、coin_type、account需要強(qiáng)化派生(帶')?
解答:
帶'表示強(qiáng)化派生(hardened),防止子私鑰泄露后推導(dǎo)出父私鑰,保護(hù)核心層級(如不同鏈、不同賬戶的隔離)。而change和address_index用非強(qiáng)化派生,允許通過xpub直接生成地址(方便共享接收地址)。
本文來自博客園,作者:ffffox,轉(zhuǎn)載請注明原文鏈接:http://www.rzrgm.cn/ffffox/p/19005011
浙公網(wǎng)安備 33010602011771號