Does a passphrase create new Xpubs? [Bitcoin]

First off, I read this page (and a few others): Recovery seed - Trezor Wiki

I am trying to understand the relationship between the passphrase and the Xpub (or Zpub for native segwit, etc). I am reasonably familiar with the privacy implications of Xpubs- if someone knows it they can track all your future addresses.

Basically, a new “master binary seed” is used every time you plug in the device. If you never use a passphrase, then cool- you are always using the same master binary seed. The 12 word recovery seed hashes into the master binary seed with no other considerations. Same if you always use the same passphrase.

  1. So is the master binary seed essentially creating the Xpub?
  2. If one day you decide you want a new Xpub for privacy reasons, can you just throw a simple passphrase at the end of the 12 word recovery seed to get an entirely new Xpub?

My understanding is that because the master binary seed is a HASH of the 12 word recovery seed + the passphrase, then even the smallest change in passphrase will yield a massive change in the output So, for privacy reasons you could just add a single letter or number.

For security reasons, you may want to consider a strong passphrase.

You first need to understand that Trezor doesn’t just have one XPUB.

Each account has its own separate XPUB. For privacy reasons, you can just create multiple accounts, each with its own XPUB.

Adding a passphrase changes the master binary seed, which in turn changes all the XPUBs for all accounts.

1 Like

Thank you. Concise answer to exactly what I was curious about.

In cryptocurrencies, a public key is used as the basis for an address. Each public key corresponds to a specific private key, which can be used to spend the funds associated to the corresponding public key or address. A public key can be calculated from a private key, but it is not possible to calculate a private key from a public key.

The address derivation is as follow:

Recovery seedAccount private keyPrivate keyPublic key → Address