A software wallet uses a random number to generate a master private key.
Then, through a deterministic and irreversible algorithm, it can derive an unlimited number of child private keys from that master private key.
Why do we need a deterministic and irreversible algorithm?
Because deterministic means that all child private keys can always be generated from the same master private key, while irreversible means that the master private key cannot be reconstructed from any child private key.
This is why it is called a Hierarchical Deterministic (HD) wallet. The derivation structure of private keys resembles a tree: a parent key can derive multiple child keys, each child key can derive multiple grandchild keys, and this process can continue indefinitely.
When an HD wallet is first created, or when a wallet is backed up, a mnemonic phrase is generated. A mnemonic phrase is a sequence of English words. This sequence is used to generate the seed, and the seed is then used to generate all private keys in the wallet. In other words, the mnemonic phrase serves as the backup of the wallet, because it can be used to restore the wallet. The seed, in turn, corresponds to the original random number behind the deterministic wallet.
One major advantage of an HD wallet is that only the master public key is required to generate any number of child public keys. In other words, new public addresses can be created from the master public key without requiring access to the private keys, whether the master private key or the child private keys. However, all of these generated addresses can still ultimately be controlled by the master private key.
Of course, this design also comes with risks. If the mnemonic phrase is exposed, it is essentially equivalent to exposing all private keys. Once that happens, the security of the digital assets in the wallet is effectively lost.
Why Are So Many Private Keys Needed?
The reason users need so many private keys can be understood through the change mechanism in Bitcoin transactions.
A Bitcoin transaction is a data structure that contains inputs and outputs. It also includes the necessary scripting information that transfers value from its source (the input) to its destination (the output).
To understand Bitcoin inputs and outputs, it is important to know the concept of UTXO (Unspent Transaction Output). A UTXO is the basic unit of a Bitcoin transaction and represents an unspent transaction output. A single bitcoin is actually distributed across many transactions and many blocks in the form of UTXOs. In reality, there is no centralized record storing a simple account balance; instead, there are only decentralized UTXOs locked to their respective owners.
A UTXO can represent any amount of value, but once it is created, it is indivisible in the same way that a physical coin cannot be split in half. If the value of a UTXO is greater than the amount needed for a transaction, the entire UTXO must still be spent, and the excess will be returned as change.
For example, imagine you have a UTXO worth 20 units and want to pay 1 unit. The transaction must consume the full 20-unit UTXO and create two outputs: one output sends 1 unit to the recipient, while the other sends 19 units back to your wallet as change. In this sense, most Bitcoin transactions generate change.
This leads to another question: should the change be sent back to the original address, or to a newly generated address?
When Satoshi Nakamoto designed Bitcoin, a change address mechanism was used, meaning that a new address is often created to receive the change from each transaction. The benefit of this design is that it helps protect user privacy and reduces certain security risks.
In real life, this can be compared to opening several bank accounts under different names and identities at different banks. Even if someone can observe the money flow in each account, it becomes much harder for them to trace all of it back to the true owner of the digital assets. This is part of what gives Bitcoin its relative anonymity.
That is why wallet users need so many private keys. Since public keys and private keys always exist in pairs, and each transaction may generate a new change address, storing and backing up the private keys corresponding to all these addresses would otherwise become a major technical challenge. The HD wallet solves this problem by allowing a single root to generate any number of child public keys and child private keys, greatly improving the usability of digital wallets.