This page describes a BIP (Bitcoin Improvement Proposal).
Please see BIP 2 for more information about BIPs and creating them. Please do not just create a wiki page.
How Does The Mnemonic Seed Phrase Work? The mnemonic seed phrase can be a 12, 18 or 24 word phrase that’s directly connected to your private keys. Think of them as an alternate password or decryption keys in the event of a loss of your private keys. These are typically provided by your cryptocurrency wallet when you’re setting it up the. Now imagine you’re a thief determined to steal bitcoin. One strategy might be to compile a list of easy-to-remember private keys. Next, generate the addresses for these keys and monitor the Bitcoin network for incoming payments to one of them. When one arrives, immediately sign a transaction moving the funds to another address you control.
Abstract
This BIP describes the implementation of a mnemonic code or mnemonic sentence --a group of easy to remember words -- for the generation of deterministic wallets.
It consists of two parts: generating the mnemonic, and converting it into abinary seed. This seed can be later used to generate deterministic wallets usingBIP-0032 or similar methods.
Motivation
A mnemonic code or sentence is superior for human interaction compared to thehandling of raw binary or hexadecimal representations of a wallet seed. Thesentence could be written on paper or spoken over the telephone.
This guide is meant to be a way to transport computer-generated randomness witha human readable transcription. It's not a way to process user-createdsentences (also known as brainwallets) into a wallet seed.
Generating the mnemonic
The mnemonic must encode entropy in a multiple of 32 bits. With more entropysecurity is improved but the sentence length increases. We refer to theinitial entropy length as ENT. The allowed size of ENT is 128-256 bits.
First, an initial entropy of ENT bits is generated. A checksum is generated by
taking the first bits of its SHA256 hash. This checksum is
appended to the end of the initial entropy. Next, these concatenated bitsare split into groups of 11 bits, each encoding a number from 0-2047, servingas an index into a wordlist. Finally, we convert these numbers into words anduse the joined words as a mnemonic sentence.
The following table describes the relation between the initial entropylength (ENT), the checksum length (CS) and the length of the generated mnemonicsentence (MS) in words.
Wordlist
An ideal wordlist has the following characteristics:
a) smart selection of words
b) similar words avoided
c) sorted wordlists
![]()
The wordlist can contain native characters, but they must be encoded in UTF-8using Normalization Form Compatibility Decomposition (NFKD).
From mnemonic to seed
A user may decide to protect their mnemonic with a passphrase. If a passphrase is notpresent, an empty string ' is used instead.
To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonicsentence (in UTF-8 NFKD) used as the password and the string 'mnemonic' + passphrase (againin UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used asthe pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).
This seed can be later used to generate deterministic wallets using BIP-0032 orsimilar methods.
The conversion of the mnemonic sentence to a binary seed is completely independentfrom generating the sentence. This results in rather simple code; there are noconstraints on sentence structure and clients are free to implement their ownwordlists or even whole sentence generators, allowing for flexibility in wordlistsfor typo detection or other purposes.
Although using a mnemonic not generated by the algorithm described in 'Generating themnemonic' section is possible, this is not advised and software must compute achecksum for the mnemonic sentence using a wordlist and issue a warning if it isinvalid.
The described method also provides plausible deniability, because every passphrasegenerates a valid seed (and thus a deterministic wallet) but only the correct onewill make the desired wallet available.
WordlistsTest vectors
The test vectors include input entropy, mnemonic and seed. Thepassphrase 'TREZOR' is used for all vectors.
Also see https://github.com/bip32JP/bip32JP.github.io/blob/master/test_JP_BIP39.json
(Japanese wordlist test with heavily normalized symbols as passphrase)
Reference Implementation
Reference implementation including wordlists is available from
The inn of many cracks, keygens, serial numbers. If you are here, you are at the right place. Cracks Key generators Console emulators Cheating, hacking, game exploits Threats of violence or harassment, even as a joke Posted copyright material such as magazine scans Soliciting, begging, auctioning, raffling, selling, advertising, referrals Racism, discrimination Abusive language, including swearing Drugs and alcohol.
![]() Other Implementations
Go:
Elixir:
Objective-C:
Haskell:
.NET C# (PCL):
.NET C# (PCL):
JavaScript:
How Does Bip39 Generate Keys For Multiple Coins In Order
Ruby:
Rust:
Swift:
How Does Bip39 Generate Keys For Multiple Coins In Minecraft
C++:
How Does Bip39 Generate Keys For Multiple Coins Work
C (with Python/Java/Javascript bindings):
How Does Bip39 Generate Keys For Multiple Coins Money
Retrieved from 'https://en.bitcoin.it/w/index.php?title=BIP_0039&oldid=67377'
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |