This can serve as a guide for developers and merchants to show the actual process of how merchants can securely generate valid receiving addresses without hosting or communicating private information, and how "watch only" wallets are implemented.

Public keys are at the heart of transacting in Bitcoin - not only do they provide validation of transaction signatures via ECDSA, they also prove "ownership" of coins through consensus and are identifiers. With only one extended public key, a large amount (232) of addresses can be derived in a predictable yet seemingly random way. These public keys are then hashed and placed into address formats.

Currently, 3 main address formats are common:

  • P2PKH (pay-to-public-key-hash) that begin with "1"
  • P2WPKH (pay-to-witness-public-key-hash) that begin with "bc1"
  • P2SH-P2WPKH (pay-to-witness-public-key-hash wrapped in pay-to-script-hash) that begin with "3"

The Account-Level extended public key (like those exported from wallet software*) will have different versions based on the purpose of the derivation path, aka m/44'/0'/0' or m/49'/0'/0' or m/84'/0'/0'. The extended public key will start with xpub, ypub, or zpub respectively. The version dictates what type of address to derive.

* Some wallets such as BRD and Bitcoin Core use different derivation paths that do not follow BIP44 architecture but instead follow a custom derivation model or the BIP32 architecture

For xpub, P2PKH addresses are derived. For ypub, P2SH-P2WPKH addresses are derived. For zpub, P2WPKH addresses are derived. All of the addresses generated from a single extended public key will belong to the owner of the extended private key. This way, a service or wallet doesn't need any private information to be able to generate or track the value of addresses.

I hope you find the more technical bits enjoyable :)