December 2021. Kevmate.
Why do I have lots of addresses?
There are lots of wallets in the Crypto-World which only have one address. This makes things simple, the address doesn't change and it's easy to see the balance, trace the history on a blockchain explorer, and tell people it when you want money. Clearly you hold the private key for the address, so it seems better to keep it simple. After all, you won't lose your money if it comes to that address; it's tried and tested.
But it is better to have more addresses for privacy. Everyone knows that blockchains are not private because every transaction is published for all to see. It isn't obvious who an address belongs to, but if you receive some Ada into an address the person who sent it might know who you are. If you receive more Ada into the same address they can see that as well. As you send Ada from that address they can see the spends and might want to guess what you are buying and why.
Some people instinctively need privacy, others feel they have nothing to hide, but not many people would think it a good idea to publish their bank statement. An eye on privacy is a good thing.
So, to reduce visibility and traceability Ada wallets will often generate a new address for every receipt.
If you have a private key you can generate an address from it, or you can use a slightly different rule to generate a completely different address. This way you can have as many addresses as you like all generated from the same private key. The wallet can easily add up the balance to show the total as long as it can re-generate all the original addresses.
I might be interested how that works, because I like techno-jargon
Right, well I will avoid describing eliptic curve crytography for now, because it gets a bit long winded, and just say that while one important feature is that you can't get back to the private key from the public key, another is that a tiny change to the private key will cause a completely different public key to be generated. Unrecognisable in every way.
So, if you just added 1 to the private key a million times, you would generate a million separate public keys. All different. And still no clues as to what the private key is. Very clever.
But if you are building on a protocol as clever as that, and you are super clever, you might go further.
Ok, you are now ready for an introduction to the wonderful "Hierarchical Deterministic Wallets", a term which is often shortened to "HD". This was first introduced as BIP-32 for Bitcoin and has become a standard for generating addresses from keys. This is a Bitcoin standard rather than a Cardano one, and it's not obligatory, but it's a well established and useful way to do it. Yoroi is an HD wallet, as are many other wallets across the world.
The idea is that the private key is used to generate an extended public key, which has enough information in it to create more addresses without knowing the private key. Each of these addresses can also be used, along with the seed key, to generate a child key, and then that child key can be used to generate it's own list of addresses. In this way child keys can create more children so that a tree-like structure is built. From the key at the root of the tree a wallet can use the rules to re-generate any key and so sign any transaction, but one of the child keys can only sign for it's own generated addresses and their children.
To describe which key is being used the nodes on the tree are defined so that 'm' is the master key, the first child is 'm/0', the second is 'm/1', etc. 'm/0/0' would be the first child of the first child, 'm/0/1' the second child of the first child, and so on. I'm sure you get the idea.
The advantages of this are, first, the wallet can generate new addresses using an extended public key without knowing a private key. Second, it is possible to store a child key which has access to some of the money, but not all of it.
Can I have a quick reminder about the eUTXO model please?
The money in a UTXO model is not stored in the address. It is stored in the received transactions for that address, until they are spent. So if you receive some Ada, then some more, then some more, you have three unspent transactions against addresses and you can sign them to spend them. When you want to send some Ada you have to select a list of unspent transactions adding up to a number equal to or greater than the required amount. You can't select half a transaction, it's all or nothing.
The e in eUTXO stands for Extended. This just means a bit of extra space has been added to allow some data to be stored for use in Smart Contracts. I won't cover all the detail here, because it is part of a different story, but in we need to bear in mind that the extended bit might add some complications later.
So think of the wallet as holding a list of unspent transactions (UTXOs), each against an address that we know how to sign for. When we want to send Ada we need to select a list of UTXOs and sign for them using the key for the address they were sent to so that they can be included in a new transaction.
Choosing the UTXOs sounds easy.
If you were paying for an item in a shop with cash you might start by looking through your small change trying to get the right amount, then through the notes from the smaller ones first, until you had it covered. You might be a bit embarrassed if that meant handing over a large bag of tiny value coins to buy something expensive, but you would try to keep the amount of small change you are carrying down. This is the problem the wallet faces, but the ideal approach is a little different.
Instead of choosing all the smallest value UTXOs, then, we could choose the highest value ones. But this method also can have drawbacks. It tends to leave low value UTXOs unspent for a long time, which build up and eventually become difficult to spend. You don't want to end up with a pocket full of Dust.
So, after a bit of thought...
The solution which has been developed for Cardano is the Random-Improve method. To pick UTXOs from the list you just choose randomly, and keep going until you get over double the amount you want. When you submit your transaction you will be asking for change which is just over the value you are spending.
Of course, you might need a fallback. You might not have enough money to ask for that much change, or you might run into the transaction size limit so that you need to go back and pick a smaller number of higher value UTXOs.
Do the source addresses matter?
Well, the transaction can be built from any list of UTXOs for which you have the keys, so it shouldn't matter which addresses they were paid into. And if new addresses are generated frequently there might be a lot. However, building a new transaction with two addresses in it links them together for anyone scanning the blockchain. For this reason there is an advantage to choosing UTXOs from fewer addresses when building a transaction.
You would think this wouldn't apply because you might use a new address for every receipt, but in fact it is common to repeatedly receive cash from the same source to the same address in some circumstances. As a result attempting to select a list of UTXOs from the same address before selecting from other addresses is also a good idea.
What about NFTs? Wouldn't they get accidently spent?
An NFT is a Non-Fungeable Token. It's a simple idea. As I mentioned above, it is possible to add a bit of data to the transaction which gets stored in the UTXO. This means that all the transactions are not equal, and the data (normally called meta-data) can specify a smart contract and a reference which makes it special. Usually, the amount of ADA in an NFT transaction is 1 Lovelace, or 0.000001 ADA, so it doesn't have much value. The value comes from the fact that it has been generated by a smart contract which people care about, and that contract includes rules which limit the number which can be created. Copies of that contract are not the same, because the original has a unique identifier generated when it is released onto the blockchain.
So, the wallet needs to be aware of this. NFTs need to be kept out of the list when sending money, and consciously selected when being traded. A wallet will not take on the job of trading an NFT. Instead it is able to hold it as a UTXO and keep it out of normal transactions, then include a feature to allow it to be sent deliberately when required.
Wallets which act as a plug-in to a web browser will support an option to let the web page see the list of UTXOs held and generate new transactions which can be signed. This allows the website to render the NFTs properly, help the user to verify their source, and trade them intelligently. All of this is done by the website rather than the wallet.
Wallets which are not browser plug-ins simply keep the NFT aside, then allow them to be selectively sent on demand.
Of course, to do the really clever stuff, you need to apply rules.
This is a page about wallets, so I won't go into detail on smart contracts here. But you might be wondering how they fit in, and whether you need to worry about them when you think about how your wallet works.
There is a good technical walkthough available for developers in the Cardano docs.
This website was created by Kevmate. Its all my own work. Contact me by emailing me at email@example.com