Key Model
The 3-level key hierarchy — master wallet, slot families, and webcash 4-chain derivation.
Three Levels
| Level | What | How |
|---|---|---|
| 1. Master Wallet | BIP39 mnemonic (24 words) | BIP32 hardened derivation into slot families |
| 2. Slot Families | Independent 32-byte secrets | One slot per purpose: webcash, bitcoin, RGB, vouchers, PGP |
| 3. Webcash Chains | 4 SHA256 chains per webcash slot | RECEIVE, PAY, CHANGE, MINING — each with unlimited depth |
The master wallet is not a webcash wallet. It is a keychain that contains webcash wallets, bitcoin wallets, RGB identities, voucher wallets, and PGP signing keys as derived slots.
Level 1: Master Wallet
A single BIP39 mnemonic (24 words, 256-bit entropy) generates all keys. The BIP32 derivation path:
m / 83696968' / 0' / family' / index' All indices are hardened. No public key derivation, no leakage between slots.
The master database stores: root mnemonic, wallet slot registry, PGP identity registry, RGB contracts, and certificates. It does not store webcash balances or bitcoin UTXOs — those live in per-slot databases.
Level 2: Slot Families
| Family | Max Slots | Purpose |
|---|---|---|
| webcash | 256 | Bearer e-cash. Each slot initializes a webylib HDWallet with 4 SHA256 chains. |
| bitcoin | 256 | On-chain Bitcoin via BIP86 (Taproot) and BIP84 (SegWit). ARK off-chain protocol. |
| rgb | 256 | Client-side validated smart contracts. Multiple witness backends (Bitcoin, Webcash Witness, Harmoniis Witness). |
| voucher | 256 | Bearer credits from voucher service providers. |
| pgp | 1000 | Ed25519 signing identities for authentication and contract signing. |
Labeled wallets
Within each family, multiple labeled sub-wallets exist at different slot indices. Each is an independent BIP32 derivation with its own database:
webcash[0] = "main" (main_webcash.db)
webcash[1] = "savings" (savings_webcash.db)
webcash[2] = "cloudminer" (cloudminer_webcash.db)Level 3: Webcash 4-Chain Derivation
Each webcash slot produces a 32-byte master secret. This initializes a webylib HDWallet with 4 independent SHA256 chains (not BIP32):
| Chain | Code | Used for |
|---|---|---|
| RECEIVE | 0 | Incoming payment secrets |
| PAY | 1 | Outgoing payment outputs |
| CHANGE | 2 | Transaction change |
| MINING | 3 | Mining reward collection |
Derivation
tag = SHA256("webcashwalletv1")
secret = SHA256(tag || tag || webcash_master || chain_code_be64 || depth_be64) Each depth produces a unique secret. Depths increment atomically after each successful server operation.
Visual Summary
BIP39 Mnemonic (24 words)
|
+- BIP32 seed -> master_xpriv
|
+- m/83696968'/0'/ (Harmoniis purpose)
|
+- /2'/0' --- webcash[0] -> 32-byte webcash master --+
+- /2'/1' --- webcash[1] -> labeled wallet |
+- /3'/0' --- bitcoin[0] -> BIP86/BIP84 seed |
+- /1'/0' --- rgb[0] -> RGB contract identity |
+- /6'/0' --- voucher[0] -> voucher master |
+- /4'/0' --- pgp[0] -> Ed25519 signing key |
+- /4'/1' --- pgp[1] -> labeled identity |
|
+---------------------------------------------------+
| webylib HDWallet (SHA256, NOT BIP32)
|
+- RECEIVE (0) -- depth 0, 1, 2, ...
+- PAY (1) -- depth 0, 1, 2, ...
+- CHANGE (2) -- depth 0, 1, 2, ...
+- MINING (3) -- depth 0, 1, 2, ...Recovery
With just the 24-word mnemonic, the wallet reconstructs everything:
- Derive master BIP32 key from mnemonic
- Derive all slot families at their known indices
- For each webcash slot: scan all 4 chains up to the gap limit (default: 20)
- For PGP: scan indices 0..999
- For bitcoin: sync via Esplora/Electrum
A webcash master secret (64-char hex, not the mnemonic) can recover only that webcash slot's funds. Other families are not recoverable from a single slot secret.