Scribd
Upload
213 views27 pages

5.1 - HD Wallets and Seeds

wallets

Uploaded by

Moez Baklouti
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
213 views27 pages

5.1 - HD Wallets and Seeds

wallets

Uploaded by

Moez Baklouti
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

Hierarchical Deterministic Wallets

and Seeds
BIP-32

HIERARCHICAL DETERMINISTIC
WALLETS

2
Hierarchical Deterministic Wallets
• Hierarchical Deterministic Wallets are wallets
that can be easily backed up with seed word
lists.
• If you lose the device holding your wallet, you
can recreate the wallet using your seed words,
and regain access to your funds.
• You can use the seed words to create the same
wallet on several different devices.
• Most modern wallets are hierarchical
deterministic wallets.
3
Hierarchical Deterministic Wallets (HD)
• Hierarchical: because all keys and addresses in
the wallet are derived from one initial “master
seed” (i.e. a very large number).
• The master seed is used to generate the initial key
• Sub-keys are generated from the initial key (i.e.
child keys, grandchild keys, etc.)

• Deterministic: if you start with the same initial


seed when you install a wallet, the master key
and subkeys which will be derived from it will
be identical.

4
Master Seed = Number = Seed Words List
• Master seeds are a random number
• The number is represented by a list of words.
• It is easier for humans to remember a list of words than
large numbers.

• Wallets typically use 12 or 24 words to represent a


master seed.
• 12 words are primarily used for cell phone and
computer wallets.
• 24 words are primarily used for hardware wallets.

• Some wallets allow you to use a pass phrase as


well as seed words in order to generate the master
seed.
5
Seeds and Keys

6
SEED WORD LISTS

7
Seed Word Lists
• Lists of words which function as wallet backups.

D10
Wallets and Seeds
• Seed word lists are used to back up most digital
wallets:
Cell phone wallets
Computer wallets
Hardware wallets
Browser plugin/extension wallets
• Seed word lists aren’t used to back up some
wallets:
Paper wallets
Custodial wallets
9
When you set up a wallet
• Your wallet software will supply you with a word
list if you are setting up a new wallet.
• Wallets do not come with seed word lists coded
into them.
• Wallets use a number of “environmental factors”
to generate a random number.
• The random number determines which words to
give you.

• Both hardware wallets and software wallets


supply you with a seed word list when you set
them up.

10
How seed word lists are generated
(short version)

• During the wallet installation a random


number is generated.
• Some mathematics are applied to the
number.
• The resulting number is split into 12 smaller
numbers.
• Each smaller number maps to one of 2048
specific words.

11
How seed word lists are generated
(slightly longer explanation…)
1. During installation the wallet generates a
random 128-bit number (i.e. the Seed).
2. The random number is hashed (SHA-256)
3. The first 4 bits of the hash are added to the
end of the random number.
4. The resulting 132-bit number is split into twelve
11-bit numbers.
5. Each word in the BIP-39 word list maps to a
specific number.
6. The ordered sequence of words represents the
initial seed number.
12
12 Seed Words = 132 Bit Number

11001000100010001101110101000110001100010110
10000011010011111100110111010110000111001100
00011011010110011110011100011110100111110101

Each 11 bits are represented by a different word

13
Antonopoulos, A. and G.
Wood (2018). Mastering
Ethereum. Implementing
Smart Contracts, O'Reilly.

14
Seeds Can Generate Keys for
Different Coin Types

15 https://github.com/satoshilabs/slips/blob/master/slip-0044.md
BIP-39

SEED WORD LIST STANDARD

16
BIP-39 Standard

• Changes made to Bitcoin are made and


adopted via proposals called Bitcoin
Improvement Proposals (BIP).
• BIP-39 is a proposed and accepted
standard for creating wallet backups using
seed word lists.
• BIP-39 includes lists of seed words in 10
different languages
• Most wallets follow the BIP-39 standard, but
some do not.
17 https://github.com/bitcoin/bips/
Wordlists (BIP-39)
Ten Languages
2048 words in each language
• English
• Japanese
• Korean
• Spanish
• Portugese
• Chinese (Simplified)
• Chinese (Traditional)
• French
• Italian
• Czech
18 https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md
https://github.com/bitcoin/bips/tree/master/bip-0039

19
Some Wordlist Considerations (BIP-39)

• Smart selection of words


• The wordlist is created in such way that it's enough to
type the first four letters to unambiguously identify
the word

• Similar words avoided


• Word pairs like "build" and "built", "woman" and
"women", or "quick" and "quickly" not only make
remembering the sentence difficult, but are also
more error prone and more difficult to guess

20 https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
Note:
Some wallets do not use BIP-39

• Electrum Wallet does not use BIP-39


• Created 2 years before BIP-39 standard propsed
• Electrum derives its private keys and addresses
from a seed phrase made of natural language
words.
• Electrum uses a different seed derivation
algorithm.
• New installs of Electrum now use the standard
BIP-39 word lists.

21 https://electrum.readthedocs.io/en/latest/seedphrase.html
DERIVATION PATHS

22
Derivation Paths
• There are different paths which can be used to
derive keys from the master key.
• The default derivation path for Bitcoin is
m/44'/0'/0'/0.
• Each number in that path represents a certain
level and path in the tree.
m / purpose' / coin_type' / account' / chain / address_index

Different wallets use different derivation paths.


When you use a seed word list to re-create a wallet, you
need to use the right wallet.
23
Derivation Paths

24
What Seed Word Lists and Derivation
Paths Mean for an Investigator
• If you know a person’s seed word list:
1. You can generate all their keys and addresses.
2. You can control spend their cryptocurrency
3. You can map out all their transactions
• You need to know their wallet type:
• When you re-create the suspect’s wallet, you
need to use a wallet which uses the same
derivation paths.

• You don’t need to know their password


• Their password is used to encrypt their wallet
after it has been created.
25
Resources – YouTube Videos
(Andreas Antonopoulos)

• Bitcoin Q&A: How do mnemonic seeds work?

• Bitcoin Q&A: Passphrases and seed storage

26
Bitcoin Improvement Proposals (BIP)

• BIP-32: Hierarchical Deterministic Wallets

• BIP-39: Mnemonic code for generating


deterministic keys

• BIP-44: Multi-Account Hierarchy for


Deterministic Wallets

• BIP-49: Derivation scheme for P2WPKH-


nested-in-P2SH based accounts

27

You might also like