The ndau wallet app lets you create and manage an arbitrary number of addresses that you can use with the ndau cryptocurrency. To an outside observer, each of these addresses is unique and unrelated to any other. However, your wallet app can generate them in a way that allows you to recover and manage them safely, without having to memorize or record the individual keys.
This technology is known as an HD Wallet; the HD stands for “Hierarchical Deterministic”.
We start out by generating a master private key. This is a very large random number (the idea is to be very confident that no one else could possibly know what it is). To make sure of that, we combine two things:
- The “secure random” data source that is built into your phone
- A random “scribble” that you generate by drawing on the screen of your phone
The combination of these two factors ensures that your random key cannot be predicted by anyone — even someone who watches you do it.
We then take the random master key and convert it to a recovery phrase. This is a set of words that you can (and must) record and store in a secure place that is not your phone. A fireproof safe or a safety deposit box are good choices. The recovery phrase can be converted back to your master key so that you can recover your wallet in the event that your phone is lost or damaged.
One we have a safely recorded random key, we can start to generate the account information. This process works by following the arrows in the diagram below.
These are one-way arrows:
- A public key can be generated from a private key, but not the reverse.
- A child can be generated from a parent, but not the reverse.
- An address can be generated from a public key, but not the reverse.
Note that there are two ways to create a given grandchild public key — you can generate its corresponding private key and create a public key from it, or you can derive it from its public parent. This has safety benefits when managing collections of related accounts.
What are these keys and accounts used for?
A Public Address looks something like this:
For normal accounts, it always starts with nda, and it’s 48 characters long. It’s got a few safety features:
- To avoid visual confusion, it will never have a 0, 1, o, or l in it
- It doesn’t matter if it’s uppercase or lowercase.
- Like a credit card, it is self-checking — if you transpose a pair of letters or get one of the letters wrong, it won’t be valid.
Sometimes you’ll see addresses represented as a QR code — but that QR code is literally just an easy way for your phone’s camera to read that string of letters and numbers.
If someone wants to send you ndau, they only need a public address — nothing else.
The Public Key and Private Key are a matched pair. They’re different, but they only match with each other, like adjacent pieces in a jigsaw puzzle. Transactions are signedusing an account’s private key — but the private key never needs to leave your phone and is never exposed, even to you.
The public key is stored on the blockchain with the account, and is used to verify your transactions. A transaction that has been created and signed with a given private key can only be verified with the corresponding public key. This way, you can prove that you have the private key (and thus are authorized to do a transaction) without actually letting anyone else know what it is.
All of this is normally invisible to you as the user of the ndau wallet app unless you really want to see it. Key management and generation is managed for you by the app.