Bitcoin Keys 102: How Wallets Generate Seed Phrases and Private Keys
- General workflow
- BIP-39: Mnemonic code for generating deterministic keys
- BIP-32: Hierarchical Deterministic Wallets
- BIP-44: Multi-Account Hierarchy for Deterministic Wallets
- Reference
This article explains how wallets generate seed phrases and derive private keys using standard Bitcoin Propsals (BIP).
- BIP-32: Hierarchical Deterministic Wallets
- BIP-39: Mnemonic code for generating deterministic keys
- BIP-44: Multi-Account Hierarchy for Deterministic Wallets
For more details about a specific wallet, see my articles:
[TOC]
General workflow
As a reminder, the general workflow is the following
1.Generate the seed phrase
2.Create a private key
3.Compute the public key
4.Derive the Bitcoin address from the public key
You can find more details in my article: Bitcoin Keys 101 - From seed phrase to address
BIP-39: Mnemonic code for generating deterministic keys
Author: Marek Palatinus, Pavol Rusnak, Aaron Voisine, Sean Bowe bip-0039.mediawiki
This BIP describes the implementation of a mnemonic code or mnemonic sentence – a group of easy to remember words – for the generation of deterministic wallets.
It consists of two parts:
- generating the seed phrase
- converting it into a binary seed.
This seed can be later used to generate deterministic wallets using BIP-0032 or similar methods.
Schema
Reference:
Why 24 words instead of 12 ?
24 words, instead of 12, is also used in practice. But is it really useful ?
Their goal of this greater entropy is to make more difficult to compute the whole seed phase if you know part of the seed phrase
If an attacker knowns:
-
half of a 128-bit code (64 bits), it’s plausible that they’ll be able to brute force the remaining 64 bits.
-
half of a 256-bit code (128 bits), it’s not plausible that they can brute force the other half.
Reference:
The 24-words was also used by Trezor against a keylogger. Since you have to use the interface, a keylooger could know all the seed words but not the order. In that case 24 words is much safer. At least that’s true for the Trezor.
Reference Reddit - Isn’t a 24-word seed phrase overkill? Is 12 words fine?
BIP-32: Hierarchical Deterministic Wallets
See BIP-32
BIP32 defines Hierarchical Deterministic (HD) wallets. This BIP introduces two main concepts
BIP32 introduces two important concepts: key derivation and the hierarchical tree structure.
- Key Derivation: Keys and addresses are derivedd from a single root key known as the master private key.
- Child keys are derived from this root in a deterministic way
- Public keys are generated without revealing the corresponding private keys, which ensures privacy.
- Hierarchical Tree Structure: Keys can be organized in a multi-level tree structure. A wallet can have and use different child keys, grandchild keys, etc.
Schema from Mastering Bitcoin - ch05_wallets (Andreas M Antonopoulos)
Summary
| Standard | Script | BIP32 path |
|---|---|---|
| BIP44 | P2PKH | m/44'/0'/0' |
| BIP49 | Nested P2WPKH | m/49'/1'/0' |
| BIP84 | P2WPKH | m/84'/0'/0' |
| BIP86 | P2TR Single-key | m/86'/0'/0' |
BIP-44: Multi-Account Hierarchy for Deterministic Wallets
See Bip 0044
This BIP defines a logical hierarchy for deterministic wallets based on an algorithm described in BIP-0032 (BIP32 from now on) and purpose scheme described in BIP-0043.
This BIP defines the following 5 levels in BIP32 path:
m / purpose' / coin_type' / account' / change / address_index
Each level has a specific meaning:
| Level | Example | Description |
|---|---|---|
m |
Master node (root of the HD tree) | |
purpose' |
44' |
Always 44 for BIP-44-compliant wallets |
coin_type' |
0' |
Coin type (e.g., 0 = Bitcoin, 2 = Litecoin) — defined in SLIP-44 |
account' |
0' |
Account index — supports multiple user accounts |
change |
0 |
0 = external (receiving), 1 = internal (change) |
address_index |
0 |
Address number in the chain |
Note:
The value of coin_typeis registed in SLIP-0044 maintained by SatoshiLabs
| Blockchain | Value |
|---|---|
| bitcoin | 0 |
| Dogecoin | 3 |
| Ethereum | 60 |
| Solana | 501 |
Reference
- Bitbox - How is a Bitcoin address created?
- Mastering bitcoin
- mighty block - Seed Phrase vs Private Key: a technical overview
- ChatGPT with the input “Explain how address are created on Bitcoin. Create also a plantuml diagram”, “In bitcoin, you can create a Legacy Bitcoin Address, what are the other type of address and how they are created ?”