3) Example demonstration
We start from the seed generated by BIP39 and gradually deduce how BIP32 is executed.
(1) Seed:
0x5b56c417303faa3fcba7e57400e120a0ca83ec5a4fc9ffba757fbe63fbd77a89a1a3be4c67196f57c39a88b76373733891bfaba16ed27a813ceed498804c0570
(2) Derive master key
Find online tools to generate 512-bit results (if not found, please private message me)
0xb2a0d576b828b537688b561f2cfa8dac3602d54c62bde619ad5331e6c235ee26b70d675323c40ec461e0a6af603b1f135fb2af9ae753eeff18922732a73b0f05
Obtain master private key:
0xb2a0d576b828b537688b561f2cfa8dac3602d54c62bde619ad5331e6c235ee26
Master public key:
0x03ca72b45eede592f059b7eaf3da13eb7d8d15aa472b6f79f74820bb22ff596186
Master chain code:
0xb70d675323c40ec461e0a6af603b1f135fb2af9ae753eeff18922732a73b0f05
(3) Derive child key
A. Hardened Derivation
Derive according to the rules described above
data = 0x00 || ser256(k_par) || ser32(i)
I = HMAC_SHA512(key = c_par, msg = data)
I_L, I_R = I[:32], I[32:]
k_i = (I_L + k_par) mod n
c_i = I_R
Where:
c_par is the master chain code
k_par is the master private key
i is the depth, hardened derivation starts from 2^31
data = 0x00 || ser256(k_par) || ser32(i) =
0x00b2a0d576b828b537688b561f2cfa8dac3602d54c62bde619ad5331e6c235ee2680000000
I = HMAC_SHA512(key = c_par, msg = data) =
0xfd61ec4eff9af45c137d8e49cd152c736284aab45469981358c9ee070c9c264fce62c620b7cd66e27f970d0f29e4f2082c6b7740bd184d0c9c61f79d819af563
I_L = 0xfd61ec4eff9af45c137d8e49cd152c736284aab45469981358c9ee070c9c264f
I_R = 0xce62c620b7cd66e27f970d0f29e4f2082c6b7740bd184d0c9c61f79d819af563
k_i = (I_L + k_par) mod n
Where n you know: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
Use online tools to generate results
k_i (child private key) = 0xb002c1c5b7c3a9937c08e468fa0fba20ddd8a31a07deddf1464ac160fe9bd334
c_i (child chain code) = 0xce62c620b7cd66e27f970d0f29e4f2082c6b7740bd184d0c9c61f79d819af563
B. Normal Derivation
Derive normally according to the rules described above
data = serP(K_par) || ser32(i)
I = HMAC_SHA512(key = c_par, msg = data)
I_L, I_R = I[:32], I[32:]
k_i = (I_L + k_par) mod n
c_i = I_R
Where:
c_par is the master chain code
K_par is the master public key
i is the depth, hardened derivation starts from 0
data = ser256(K_par) || ser32(i) =
0x03ca72b45eede592f059b7eaf3da13eb7d8d15aa472b6f79f74820bb22ff59618600000000
I = HMAC_SHA512(key = c_par, msg = data) =
0xa195f406434d6609e583caa55322cea249820a439ad695101807bd9d6a784a71a74b758d3dc442f8620a2438f56629e62a743a4b4fe1ad02166185bf290b56d1
I_L = 0xa195f406434d6609e583caa55322cea249820a439ad695101807bd9d6a784a71
I_R = 0xa74b758d3dc442f8620a2438f56629e62a743a4b4fe1ad02166185bf290b56d1
k_i = (I_L + k_par) mod n
Where n you know: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
Use online tools to generate results
k_i (child private key) = 0x5436c97cfb761b414e0f20c4801d5c4fc4d602a94e4bdaee058890f75c77f756
c_i (child chain code) = 0xa74b758d3dc442f8620a2438f56629e62a743a4b4fe1ad02166185bf290b56d1