One backup, infinite possibilities: BIP-85 child keys explained

Q: How can I switch to a child key wallet?

The BitBox does not offer a way to seamlessly switch to a wallet created with a child key, as this is not a primary or intended use case of the feature. However, the BitBox can be reset at any time and restored with the seed phrase of a child key – and vice versa.

Q: Can a BIP-85 child key create even more BIP-85 child keys?

Yes, but it is generally not recommended. If you restore the wallet of a child key, you can create additional grandchild keys from there, since the child key works like any other seed phrase. However, this adds complexity and increases the risk of losing track, with no clear benefits.

Q: What information do I need to access a certain child key?

You only need two pieces of information: the number of words and the index of the key. Any BIP-85 enabled wallet should be able to access the same child key with this data. Both are chosen when deriving a child key on the BitBox and are included in the BIP-85 derivation path shown on the device. If you use many child keys, it's wise to record these details along with their purpose.

Q: Are hot wallets created with child keys more secure?

Not necessarily. While a child key is as random and secure as your main Bitcoin backup, its actual security depends on the environment in which it's used. A child key used as a hot wallet on your phone is generally just as secure—or insecure—as a hot wallet created directly on the phone.

Managing and securing the backup of your Bitcoin wallet is arguably the most important aspect of self-custody. But with a growing number of wallets used for different purposes, doing exactly that can become a bit of a mess, as every wallet needs its own dedicated backup.

What if you could use your already existing wallet backup to simply create additional wallets from it? Well, you can! The BIP-85 standard and so-called “child keys” enable you to derive additional, independent seed phrases from your existing backup, which can be restored at any time from within the original wallet on your BitBox. One backup – lots of wallets with different use cases and levels of security. Let’s explore how child keys work and what their actual benefits are!

Derivation paths

Modern Bitcoin wallets are able to create an arbitrary amount of keys, even though your backup only consists of mere 12 or 24 recovery words. This is enabled by using cryptographic hash functions such as SHA-256, which also happens to secure the Bitcoin network as we speak in a process known as mining.

These functions have a unique and very important property: They only work one-way! While it is easy to verify a given input results in a certain hash value, it is impossible to do the same in reverse – the best you can do is take a guess.

Below, you can see the resulting SHA-256 hash value of the word “BitBox”. You can easily verify this result with e.g. this online tool.

However, you won’t be able to calculate or even guess the original input value used for this second hash value:

Now, to derive several private keys from just one single seed, we can use hash functions many times in a row, slightly changing the input each time, resulting in completely different values. This is great, because if we know the initial seed value, we can always recreate or “derive” all private keys from scratch, as long as we know the correct derivation path – which is just a fancy word for a guidepost on how to get to a specific key.

This is exactly how the BitBox is able to derive and restore several accounts and addresses from just one seed phrase, which always stays the same:

Pretty much all Bitcoin wallets today, including the BitBox, work this way and implement the same standardized derivation paths, allowing users to recover their wallet, independent of the hardware and software in use. These keys, derived from the initial seed, can technically already be called child keys.

Deriving BIP-85 child keys

Now, we simply apply the same principle to a different purpose: Instead of deriving new keys for different accounts or new addresses, we use the derived key – which is essentially just a very large number – to create a new seed phrase, and that’s it!

The role of BIP-85 in this process is relatively straightforward. It’s simply a standard the industry agreed upon, on how to get to the child keys used for this purpose. It essentially “reserves” a very specific derivation path to only be used for BIP-85 child keys. Whether you’re using a BitBox or a different BIP-85 enabled wallet, the same derivation happens in the background to recover the same child keys – again and again.

Remember the “one-way” property of hash functions? Because the child key – or seed phrase in this case – which the BitBox derived is the result of thousands of iterations of such a hash function, it is not possible to calculate the initial input, i.e. the seed phrase of your original wallet, even if you know the child key.

This is also the reason why it’s safe to use child keys outside the secure environment of the BitBox. For example, you can simply import a child key on your phone and use it to create a software wallet – without affecting the original and secure wallet on your BitBox in any way.

Use cases

Although it’s undoubtedly a rather advanced feature, child keys can have several neat benefits and use cases, which we will explore a bit further now. Whatever you do with them, it’s crucial to remember that the creator of a child key always retains full control over any wallet that is created with said child key.

Personal hot wallets

Child keys are arguably the most useful when it comes to managing additional hot wallets. Many users store the majority of their savings on hardware wallets like the BitBox, but still use simple hot wallets or Lightning wallets on their phone for smaller, on-the-go payments. Instead of creating entirely new backups for such wallets, child keys offer a simple way to always restore them in the future, without needing to worry about additional backups.

Gift & beginner wallets

Similarly, child keys can be used to create new wallets for other people, such as when gifting bitcoin to friends and family, where you want to ensure they do not lose access to the coins. Another example would be using child keys to literally create a wallet for your own child. That way, you give them the freedom of using a wallet on their own, while the original wallet still acts as a fail-safe, should they ever lose access to it.

In any case, please make sure to properly educate the other person involved with child key wallets that you are still in control of their backup. If they ever want to become fully self-sovereign, they have to create their own wallet independently.

Passwords for … anything?

Last but not least, we come back to the fact that child keys are just large numbers – neatly encoded as English words. As such, they can be used for virtually anything that requires a strong and secret password. For example, you might use the seed phrase of a child key to encrypt a personal hard drive, containing sensitive information or your family photo library. Of course, it’s not really practical to enter 12 English words whenever you log into your social media account. But in cases where there is no alternate way of restoring access, as is the case with an encrypted hard drive, it can make sense to use a child key.

By integrating BIP-85 child keys into your digital life like this, managing backups becomes a lot simpler. Instead of managing and keeping track of various important passwords, stored in password managers or on loose post-it notes, child keys can always be restored by your main Bitcoin wallet, if needed. This way, your Bitcoin backup is the only backup you need to protect – and you can fully focus on doing it properly.

No additional security

As should become clear when looking at the use cases of child keys, they are primarily a convenience feature, enabling the creation of independent seed phrases that can always be restored by the original wallet they were created with. They do not offer any additional security. A child key can only be as secure as its parent key. And always remember, anyone with access to the original key, has immediate access to all child keys.

For users who want to add additional security mechanisms to their wallet setup, optional passphrases or even multi-sig are more applicable options.

Conclusion

In theory, the backup to your Bitcoin wallet could be the only physical backup you ever need to secure not just your bitcoin, but your entire digital life. With BIP-85, your backup can serve as a “secure master secret” to all of your wallets and important passwords, and combined with U2F authentication on the BitBox02 Multi edition, it can even log you into your online accounts and services.

Of course, BIP-85 child keys are a rather specific application, and some users may simply prefer to keep things simple and avoid them entirely – and that’s perfectly fine. The goal of the BitBox has always been to make self-custody as simple and secure as possible, while also offering advanced features, should you ever need them in the future.

FAQs

How can I switch to a child key wallet?

The BitBox does not offer a way to seamlessly “switch” to a wallet created with a child key, as this is not a primary or intended use case of the feature. Of course, if needed, the BitBox can be reset at any time and restored with the seed phrase of a child key – and the other way around.

Do child keys reveal any information about the original wallet?

No, child keys do not reveal information about your original wallet and its seed phrase, and they cannot even be identified as a child key in the first place. Without context, they just look like any other seed phrase.

Can a BIP-85 child key create even more BIP-85 child keys?

Yes, but we would generally not recommend it. If you restore the wallet of a child key, you can create even more “grandchild keys” from there, since the child key works just like any other seed phrase. However, there are no obvious benefits to this approach, and it quickly adds complexity to your setup, with the possibility of loosing track.

What information do I need to access a certain child key?

The only two pieces of information necessary to access a specific child key are the amount of words and the index of the key. Any BIP-85 enabled wallet should then be able to access the same child key. Both the amount of words and the index have to be selected on the BitBox when deriving a child key, and they are also included in the BIP-85 derivation path – shown on the BitBox. If you are a heavy user of child keys, it makes sense to write down the word count and indices along with their purpose to keep track of them.

Are hot wallets created with child keys more secure?

Not really. While the child key itself is just as random and secure as your main Bitcoin backup, its general security depends on the environment you end up using it in. A child key used as a hot wallet on your phone is, for the most part, just as (in)secure as a hot wallet created directly on your phone.

Don’t own a BitBox yet?

Keeping your crypto secure doesn't have to be hard. The BitBox hardware wallets store the private keys for your cryptocurrencies offline. So you can manage your coins safely.

Both the BitBox02 Nova and the BitBox02 also come in a Bitcoin-only edition, featuring a radically focused firmware: less code means less attack surface, which further improves your security when only storing bitcoin.

Pre-order BitBox02 Nova or grab a BitBox02 in our shop!

Shift Crypto is a privately-held company based in Zurich, Switzerland. Our team of Bitcoin contributors, crypto experts, and security engineers builds products that enable customers to enjoy a stress-free journey from novice to mastery level of cryptocurrency management. The BitBox02, our second generation hardware wallet, lets users store, protect, and transact Bitcoin and other cryptocurrencies with ease — along with its software companion, the BitBoxApp!