BIP-39 (Bitcoin Improvement Proposal 39) is a standard for generating mnemonic phrases that can be used to create deterministic wallets. These mnemonic phrases are a human-readable way to derive cryptographic seed phrases, which are then used to generate private keys for accessing and managing cryptocurrency wallets. Here’s an overview of BIP-39.
1. What is BIP-39?
BIP-39, or Bitcoin Improvement Proposal 39, is a standard that defines how mnemonic phrases are generated and used in cryptocurrency wallets. These mnemonic phrases, typically 12 to 24 words long, provide a human-readable way to back up and recover private keys, which are critical for accessing digital assets.
The process starts with entropy, a sequence of random binary digits. The length of the entropy determines the number of words in the mnemonic, with 128 bits producing 12 words and 256 bits producing 24 words. To enhance data integrity, a checksum is appended to the entropy. This checksum is a short hash of the original entropy, ensuring that errors in the mnemonic can be detected.
The resulting binary string is divided into chunks, each corresponding to a word from a standardized list of 2048 unique words. These words are carefully chosen to avoid ambiguity and are standardized across multiple languages, ensuring global compatibility.
Once the mnemonic is created, it is converted into a seed using the PBKDF2 (Password-Based Key Derivation Function 2) algorithm. This process involves hashing the mnemonic phrase with a salt, which may include an optional passphrase for added security. The seed generated is then used as the master key for a hierarchical deterministic (HD) wallet.
HD wallets allow for the deterministic generation of multiple private and public key pairs from the single seed, simplifying wallet management. This makes it easy to back up and restore a wallet without needing to store multiple keys. Additionally, the use of the checksum ensures that errors in the mnemonic phrase are often detectable.
BIP-39 ensures compatibility across many wallets, meaning a mnemonic phrase generated in one wallet can be used to restore the same wallet in another application that follows the standard. This interoperability is a significant advantage of the BIP-39 standard.
The randomness of the entropy, the robustness of the checksum, and the cryptographic strength of the PBKDF2 algorithm make BIP-39 a secure and user-friendly approach to managing cryptocurrency wallets. However, the security of the mnemonic depends on proper storage, as anyone who gains access to it can control the associated funds. This highlights the importance of using secure physical or offline methods to back up mnemonic phrases.
2. Example of Application: Generate a Wallet Mnemonic Phrase
Step 1: Generate Entropy
We start with random entropy. For this example, let’s use 128 bits of entropy (simplified for demonstration):
1101111011001101111011110101010111011010111010111110110110111011
Step 2: Add Checksum
The checksum is calculated as the first 4 bits of the SHA-256 hash of the entropy (4 bits because 128 ÷ 32 = 4). If the SHA-256 hash is:
0e5751c026e543b2e8ab2eb06099daa3d8a06f6c3b8b11590cfd7857b0e296c0
The first 4 bits of the checksum are:
0000
Adding this checksum to the entropy gives us a 132-bit binary string:
11011110110011011110111101010101110110101110101111101101101110110000
Step 3: Divide into Segments
Divide the 132-bit string into groups of 11 bits each:
11011110110 01101111011 11010101011 10110101110 10111110110 11011011101 10000
Each group of 11 bits maps to a word in the BIP-39 English wordlist (2048 words, each represented by 11 bits).
Step 4: Map to Words
Using the BIP-39 wordlist, these segments map to the following words:
1. scout 2. lucky 3. razor 4. infant 5. render 6. talk 7. angle
Your mnemonic phrase is:
“scout lucky razor infant render talk angle”
3. How is that mnemonic phrase compatible with any wallet?
Well that’s the next step, you can provide your Mnemonic phrase and input it into another hardware wallet for example.
Step 5: Convert Mnemonic to Seed
The mnemonic is converted into a binary seed using the PBKDF2 algorithm. Optionally, a passphrase can be added for extra security (let’s say the passphrase is “secure”).
The seed is derived as:
PBKDF2(mnemonic + passphrase, salt="mnemonic" + passphrase, 2048 iterations, HMAC-SHA512)
For our example, the resulting seed (hex) might look like this:
5eb00bbddcf069084889a8ab9155568165f5c8e8a3d3448bfc80e7883a02cf05
Step 6: Derive Wallet Keys Using the Seed
From the seed, we use BIP-32 paths to generate private/public keys. For a Bitcoin wallet, the standard derivation path is:
m/44'/0'/0'/0/0
Here’s how the levels are interpreted:
m= Master key (derived from the seed)44'= Purpose (BIP-44, multi-account standard)0'= Coin type (0 = Bitcoin)0'= Account (first account)0= Change (0 = external, 1 = internal)0= Address index (first address)
4. Summary
When creating a Bitcoin wallet, the wallet software generates a mnemonic phrase to act as a secure backup of your wallet. This mnemonic phrase is a set of 12 to 24 words that represents the cryptographic seed, allowing the deterministic generation of all private keys and addresses for the wallet.
The process begins with the generation of entropy, a random binary sequence. For example, 128 bits of entropy is used for a 12-word mnemonic. A checksum (a short hash derived from the entropy) is then appended to the entropy, creating a longer binary sequence. This sequence is divided into 11-bit segments, and each segment maps to a word in the BIP-39 wordlist, which contains 2048 predefined words. The resulting sequence of words forms the mnemonic phrase.
The mnemonic is portable and generic, adhering to the widely adopted BIP-39 standard. It can be reused to recreate the original wallet or imported into any other wallet that supports BIP-39. During recovery, the mnemonic is input into the new wallet, where it is converted back into the cryptographic seed using the PBKDF2 algorithm.
The portability of the mnemonic lies in the fact that the seed it generates is universal. All wallets following the BIP-39 standard use the same process to derive the seed, ensuring compatibility across different wallet software or devices.
To import the wallet, users simply enter the mnemonic phrase into the recovery option of another wallet. If a passphrasewas used when the wallet was created, it must also be entered during the import process to regenerate the correct seed.
This universal approach simplifies wallet management and backup. Users only need to securely store the mnemonic phrase (and optional passphrase), and they can access their funds on any compatible wallet software. This makes it possible to switch between wallets or recover a wallet in case of loss or damage to the original device. Proper storage of the mnemonic is critical, as it holds complete control over the wallet’s funds.
