> Is there a good overview of the types of wallets, their architecture and evolution?
A wallet is a userland abstraction where it groups together all of your keypairs.
With each keypair (ECDSA) you have a public and private key. The address is derived from a hash and encoding of the public key. The private key is used to sign a script that unlocks the transaction outputs you have access to.
For this reason, your balance is also a userland abstraction. A balance is the sum of all the outputs you have the ability to unlock by signing the input.
Whats important to understand about transactions is that you need to spend the entire input. If you have 10 coin sitting in an output and want to send 7 to someone, you need to structure the transaction so that the 3 change goes back to you as well
The way fees work is that the miner picks up any difference between the outputs and the input, for ex.
You now have a balance of 0 in your input address, and you're left with 2.9btc in your change address which will become the input on your next transaction
There is no reason why the change address cannot be the same as the input, but it means a loss of privacy since you can then see the 2.9 btc was change, thus output1 was the recipient, and you link the future transaction back to yourself as well.
If you then want to send 11 coin to someone, you can combine other inputs:
This is how wallet identification works as described in the OP - you can assume that any inputs shared in a transaction are from the same owner since they were signed together. If you parse the blockchain and continue grouping common inputs like that you end up with a graph of wallets. Sometimes it only requires a single transaction to group together entire clusters - especially if you're using wallet software that selects inputs to use in sequence, doesn't create change correctly, or if you sweep all your smaller and smaller inputs into an aggregate address
What the original wallets did, and what OP explains, is they would pre-generate the next 100 keypairs and add them to the end of the list, and with each transaction that requires change it would move the pointer for next change address up one
All of your addresses start as either receive addresses, or as change addresses, and end up becoming your balance addresses until they are spent
To backup these wallets you had to backup every key pair, which is why most modern wallets use deterministic keys usually derived from a mneumonic. HD wallets use a master key pair, where the private key is usually derived from a mneumonic. That key pair is then used to generate the key chains that are used as receive and change addresses. It means you only need to backup your master keypair or your master mnemonic and can then generate and check all the key chains
The new wallet format is defined in bip32 [0] while the mnemonic to generate seeds is defined in bip39[1] - which you can test using a browser client app[2] (don't store coin using these - generate them securely)
Most wallets now support these deterministic wallets, including bitcoin core
The three main wallet types are full node, thin node (SPV) or web wallet
You can run a full node with Bitcoin Core[3] or Bcoin[4] (a Javascript implementation) - both support pruning the blockchain at a specified block height
The most popular SPV clients are Electrum[5] cross-platform, breadwallet for ios/android[6]. SPV uses block headers and peer queries (sometimes using bloom filters for privacy) to query your unspent transaction outputs and to verify transactions (there are variations of the architecture). The bcoin project also allows you to run an SPV client in the browser or via node (i'm really starting to like this project - they were the first to implement p2p authentication and encryption which is specified in bip150/bip151)
Electrum supports Trezor and hardware wallets, multisig wallets, 2FA wallets and have their own mnumonic and deterministic wallet format (but it also just involves saving a seed for the master key)
Web wallets store your wallet (usually) encrypted on their server and then unpack and decrypt in your browser client, then making HTTP API queries to verify transactions, get your unspents, broadcast transactions etc. The most popular are Blockchain.info[7] (disclaimer: I worked for them) and GreenAddress[8] - you can use blockchain.info via a tor hidden service at blockchainbdgpzk.onion
Good ways of getting started if you're more interested in the tech is Electrum (web wallets tend to obfusacte a lot of what is going on to make them easy to use), a full node with Bitcoin Core or running bcoin - and running them on testnet so you can build and broadcast your own transactions without fear of losing funds (the scripting language has also evolved a lot).
The other Javascript lib you can use to create transactions is bitcoinjs-lib[9] - there are libs available for deterministic wallets and some good transaction/script abstractions.
A wallet is a userland abstraction where it groups together all of your keypairs.
With each keypair (ECDSA) you have a public and private key. The address is derived from a hash and encoding of the public key. The private key is used to sign a script that unlocks the transaction outputs you have access to.
For this reason, your balance is also a userland abstraction. A balance is the sum of all the outputs you have the ability to unlock by signing the input.
Whats important to understand about transactions is that you need to spend the entire input. If you have 10 coin sitting in an output and want to send 7 to someone, you need to structure the transaction so that the 3 change goes back to you as well
The way fees work is that the miner picks up any difference between the outputs and the input, for ex.
You now have a balance of 0 in your input address, and you're left with 2.9btc in your change address which will become the input on your next transactionThere is no reason why the change address cannot be the same as the input, but it means a loss of privacy since you can then see the 2.9 btc was change, thus output1 was the recipient, and you link the future transaction back to yourself as well.
If you then want to send 11 coin to someone, you can combine other inputs:
This is how wallet identification works as described in the OP - you can assume that any inputs shared in a transaction are from the same owner since they were signed together. If you parse the blockchain and continue grouping common inputs like that you end up with a graph of wallets. Sometimes it only requires a single transaction to group together entire clusters - especially if you're using wallet software that selects inputs to use in sequence, doesn't create change correctly, or if you sweep all your smaller and smaller inputs into an aggregate addressWhat the original wallets did, and what OP explains, is they would pre-generate the next 100 keypairs and add them to the end of the list, and with each transaction that requires change it would move the pointer for next change address up one
All of your addresses start as either receive addresses, or as change addresses, and end up becoming your balance addresses until they are spent
To backup these wallets you had to backup every key pair, which is why most modern wallets use deterministic keys usually derived from a mneumonic. HD wallets use a master key pair, where the private key is usually derived from a mneumonic. That key pair is then used to generate the key chains that are used as receive and change addresses. It means you only need to backup your master keypair or your master mnemonic and can then generate and check all the key chains
The new wallet format is defined in bip32 [0] while the mnemonic to generate seeds is defined in bip39[1] - which you can test using a browser client app[2] (don't store coin using these - generate them securely)
Most wallets now support these deterministic wallets, including bitcoin core
The three main wallet types are full node, thin node (SPV) or web wallet
You can run a full node with Bitcoin Core[3] or Bcoin[4] (a Javascript implementation) - both support pruning the blockchain at a specified block height
The most popular SPV clients are Electrum[5] cross-platform, breadwallet for ios/android[6]. SPV uses block headers and peer queries (sometimes using bloom filters for privacy) to query your unspent transaction outputs and to verify transactions (there are variations of the architecture). The bcoin project also allows you to run an SPV client in the browser or via node (i'm really starting to like this project - they were the first to implement p2p authentication and encryption which is specified in bip150/bip151)
Electrum supports Trezor and hardware wallets, multisig wallets, 2FA wallets and have their own mnumonic and deterministic wallet format (but it also just involves saving a seed for the master key)
Web wallets store your wallet (usually) encrypted on their server and then unpack and decrypt in your browser client, then making HTTP API queries to verify transactions, get your unspents, broadcast transactions etc. The most popular are Blockchain.info[7] (disclaimer: I worked for them) and GreenAddress[8] - you can use blockchain.info via a tor hidden service at blockchainbdgpzk.onion
Good ways of getting started if you're more interested in the tech is Electrum (web wallets tend to obfusacte a lot of what is going on to make them easy to use), a full node with Bitcoin Core or running bcoin - and running them on testnet so you can build and broadcast your own transactions without fear of losing funds (the scripting language has also evolved a lot).
The other Javascript lib you can use to create transactions is bitcoinjs-lib[9] - there are libs available for deterministic wallets and some good transaction/script abstractions.
[0] https://github.com/bitcoin/bips/blob/master/bip-0032.mediawi...
[1] https://github.com/bitcoin/bips/blob/master/bip-0039.mediawi...
[2] https://iancoleman.github.io/bip39/
[3] https://bitcoincore.org/
[4] https://github.com/bcoin-org/bcoin
[5] https://electrum.org/
[6] https://breadwallet.com/
[7] https://blockchain.info/wallet/#/home
[8] https://greenaddress.it/en/
[9] https://github.com/bitcoinjs/bitcoinjs-lib