Trying to understand extended keys

Question

I'm slowly getting educated about how the blockchain and Bitcoin addresses work. I now understand why it is more secure to use a different Bitcoin address for every transaction you make but I'm now trying to understand how I could achieve that with something as basic as paper wallets for educational purposes.

So, I noticed most big exchanges nowadays do generate a new public address every time you want to deposit cryptocurrencies. From what I've read, this is made possible by the use of an extended key, which contains a public and private part, just like regular keys. Now, where I'm still a little bit confused is how does it work exactly for them (the exchanges) to access all the funds from all the public addresses you generated at the same time (since they do show you a total balance and you can spend that balance with what seems to be only 1 transaction). Does the private extended key give you access to spend all the funds in all the public addresses generated with that 1 private extended key?

Also, when we say addresses should never be used more than 1 time, I assume it still must be used 2 times at some point, since you add funds and then withdraw it, meaning 2 transactions total? Or do I get it completely wrong?

Answer 1

Does the private extended key give you access to spend all the funds in all the public addresses generated with that 1 private extended key?

No, the extended private key just lets you derive all of the child private keys, which would then be used to spend any funds that were sent to the corresponding public keys (addresses). The extended private key itself cannot be used to sign for child key transactions.

An exchange can keep an extended pubkey on their server to generate new receiving addresses for customers, while keeping the extended privkey offline. This allows them to derive derive addresses and priv keys securely in a low-maintenance manner.

Also, when we say addresses should never be used more than 1 time, I assume it still must be used 2 times at some point, since you add funds and then withdraw it, meaning 2 transactions total?

Yes, generally when people say "only use an address once", they mean "only send bitcoin to this address once". Of course, to later spend that bitcoin, you'd need to create another transaction.

Answer 2

It is not more secure to use different adress for every bitcoin you receive, it just gonna give you more privacy since it is gonna be harder to track you.

I guess the exchange use different bitcoin account then generate different adress for them just like we could, and keep a track of all that.

I think you are just confuse about the way exchange keep your coins, once you send them your bitcoin, you do not have a bitcoin key to access the adress you send your bitcoin to, they just have keep track of it, and if you want to withdraw your bitcoin to your cold wallet, they will use one of their wallet to send it.

And as I said it is safe to use the same adress to receive your bitcoin, but you are right in your example they gonna be 2 transactions.