Number: SLIP-0032
Title: Extended serialization format for BIP-32 wallets
Type: Standard
Status: Draft
Authors: Pavol Rusnak <stick@satoshilabs.com>
Created: 2017-09-06
BIP-0032 already defines a serialization format for hierarchical deterministic keys. In this document we present extended version of the serialization format, which aims to overcome some limitations of the original proposal.
First modification is including full BIP-32 path of the exported node, so wallet can check whether the provided key was exported from expected part of the deterministic hierarchy.
Second modification is removal of fingerprint field, which was barely used by wallets and introduces unnecessary extra computation steps during serialization of the key. Sometimes it is even not possible to compute the fingerprint at all (when the parent key is unknown).
Third modification is the addition of "birthday" attribute, which describes the moment, when the deterministic hierarchy was generated.
Last modification is the change from Base58 encoding to Bech32 encoding, which is more efficient in many areas.
Extended public and private keys are serialized as follows:
- 1 byte: depth: 0x00 for master nodes, 0x01 for level-1 derived keys, ...
- 4 * depth bytes: serialized BIP-32 path; each entry is encoded as 32-bit unsigned integer, most significant byte first
- 4 bytes: wallet birthdate; number of seconds since 2009-01-09 00:00 UTC (equals to Unix epoch minus 1230768000); encoded as 32-bit unsigned integer, most significant byte first; use zero to not use birthdate
- 32 bytes: the chain code
- 33 bytes: the public key or private key data (serP(K) for public keys, 0x00 || ser256(k) for private keys)
This structure is encoded using Bech32 format described in BIP-0173. We will use 'xpub' human-readable part for extended public keys and 'xprv' for extended private keys.