What is an Extended Public Key (xpub)?
An extended public key (xpub, ypub, or zpub) is a master public key that can derive all the public keys and addresses in a hierarchical deterministic (HD) wallet. It's a key feature of BIP32 that allows wallet software to generate new receiving addresses without exposing the private keys.
With an xpub, you can:
- Generate unlimited receiving addresses
- Track wallet balances on a watch-only basis
- Set up accounting systems without spending capability
- Create payment addresses for e-commerce
xpub vs ypub vs zpub: What's the Difference?
Different extended key prefixes indicate different address formats and derivation paths:
xpub (BIP44)
Path: m/44'/0'/0'
Addresses: Legacy P2PKH (1...)
Original Bitcoin address format. Higher fees but maximum compatibility.
ypub (BIP49)
Path: m/49'/0'/0'
Addresses: Nested SegWit P2SH (3...)
SegWit wrapped in P2SH for backward compatibility. Lower fees than legacy.
zpub (BIP84)
Path: m/84'/0'/0'
Addresses: Native SegWit (bc1q...)
Most efficient format with lowest fees. Recommended for new wallets.
Understanding Derivation Paths
A derivation path describes how to navigate the key hierarchy to reach a specific address. The format m/purpose'/coin'/account'/change/index breaks down as:
- m - Master key
- purpose' - BIP number (44, 49, or 84)
- coin' - Cryptocurrency (0 for Bitcoin)
- account' - Account number (usually 0)
- change - 0 for receiving, 1 for change addresses
- index - Sequential address number
The apostrophe (') indicates hardened derivation, which provides additional security by preventing child key leakage if one private key is compromised.
Frequently Asked Questions
Is it safe to share my xpub?
Sharing your xpub allows others to see all your addresses and transaction history, but they cannot spend your funds. However, it does compromise your privacy. Only share your xpub with services you trust, like accounting software or watch-only wallets.
What is HD wallet derivation?
Hierarchical Deterministic (HD) wallets use a single seed to generate an unlimited number of key pairs. This means you only need to back up your seed phrase once, and you can recover all addresses. BIP32 defines this standard for Bitcoin.
Why are there receiving and change addresses?
In HD wallets, index 0 is used for receiving addresses (where you receive payments) and index 1 is for change addresses (where leftover funds go after spending). This separation improves privacy by making it harder to link transactions.
What is the difference between xpub and xprv?
An xpub is a public key that can only generate addresses and verify signatures. An xprv is a private key that can sign transactions and spend funds. Never share your xprv with anyone.
Can I use a testnet xpub?
Yes! This tool supports testnet keys: tpub (legacy), upub (nested SegWit), and vpub (native SegWit). Testnet addresses start with m, n, 2, or tb1 instead of 1, 3, or bc1.
How many addresses can I derive from an xpub?
You can derive over 2 billion addresses from a single xpub (2^31 per account). In practice, wallets typically use a "gap limit" of 20 unused addresses to scan for funds.
Is this tool secure?
Yes. All derivation happens locally in your browser using JavaScript. Your xpub is never sent to any server. You can verify this by checking the network tab in your browser's developer tools.
Build with Bitcoin
Spark provides HD wallet infrastructure for developers. Generate addresses, track balances, and build Bitcoin applications with our SDK.