UNDERSTANDING YOUR MNEMONIC PHRASE
by Chris Palasz
If you are new to owning Bitcoin, you will be told you need to download a wallet app. And after you download a Bitcoin wallet app onto your phone, computer, or some other device; you’ll see an option to “create a new wallet”. So you’ll do that, then be sternly told to write down a list of words (either 12 or 24 depending on the wallet) and don’t take a picture of them. It'll tell you to keep them safe, and if you lose or forget them, there will be no way to access any of the coins in the wallet you just created.
You’re here, now, because you want to do your own research (DYOR). You “don’t trust”, you “verify”. It’s not good enough to just be told, “Here, take these words. Don’t lose them. Don’t show anyone. Good luck!” and then just to go on your way. You want to understand where they come from and what they mean. Most importantly, you want to know how and why those words allow you to own the Bitcoin in your new wallet.
You’re in the right place, and you’re going to not only get the explanation you need, but you also won’t have to trust this article. You can verify the sources of information for yourself.
Your Private Key in Mnemonic Form (BIP39)
The short answer is that these 12 or 24 words are what you get when you translate from binary (the language computers use, consisting of 1’s and 0’s) into the language that you can understand, recognize, and (perhaps most importantly) remember. Bitcoin is a purely digital fortress of math. It would be strange and difficult if you had to read, copy, or type a string of 256 ones and zeros as your private key to claim ownership of some amount of bitcoin. To make things easier and safer for all users, a standard system was developed with security in mind, known as BIP39, to conveniently provide you with a set of words, called your mnemonic phrase or mnemonic seed (both names can be used interchangeably).
The BIP39 Github Repo
Since your private key which, allows you to spend your bitcoin, is an exact, ordered string of 256 bits, you must always keep those 256 bits in the same order if you want to spend. And since your mnemonic seed consists of words that each represents part of your secret key, you must keep those words in the same order with the same spelling. If not, your secret key will not be recognized because the wallet cannot translate your mnemonic back into the correct binary.
That is the simple answer, but it’s only ‘good enough’ as a concept. If you own any bitcoin or plan to own any, keep reading. Understanding your secret key is of great importance for anyone with bitcoin.
Your Wallet Is Not a Bank Account
The above answer is just the first and most basic of concepts to understand. If you do not care to learn anymore, then do not buy bitcoin – not until you are ready to be responsible for it.
When you downloaded a Bitcoin wallet, selected ‘create a new wallet’, and received your mnemonic phrase, you did not just create a new account for your bitcoin like you would at your local bank for your dollars. In fact, the name “wallet” is misleading because it doesn’t actually store your bitcoin at all. It’s just software that stores your secret key (which is your mnemonic phrase) and allows you to spend your bitcoin. If you store your mnemonic safely and then drop your phone into the ocean never to be seen again, you could simply buy a new phone, download the Bitcoin wallet again, input your mnemonic seed, and recover access to your bitcoin. Potentially, you don’t even need to download the same wallet again. You could download any wallet that supports BIP39 and input your mnemonic phrase to access your bitcoin with the new software.
Are you starting to see the ‘magic’ of Bitcoin, yet? Keep reading to learn what BIP39 is and how it works.
Bitcoin Improvement Proposal #39: What is It and How Does It Work?
The phrase “Bitcoin Improvement Proposal” is shortened to ‘BIP’. You can browse them and read about them on github here, but for our purposes, we’re only going to take a look at BIP-0039 (commonly referred to simply as BIP39). BIP39 describes the steps that should be taken to convert a wallet seed into a mnemonic seed and has become a standard for wallets and has also been adopted for use in numerous other cryptocurrency projects, as well (mostly “shitcoins”). It’s important enough to be covered in books that explain the fundamentals of Bitcoin (such as Mastering Bitcoin, by Andreas Antonopoulos, and Grokking Bitcoin, by Kalle Rosenbaum) in the sections that talk about wallets.
BIP39 helps users to secure secret keys by presenting the secret key in the form of a deterministic key: simple and common words that can more easily be spoken, written, or possibly memorized. The easiest way to explain how this works is to show you how it works. So we’re going to create our very own bitcoin private key.
How to Make Your Own Bitcoin Private Key
The following steps are a general guideline for how to generate a private key on our own. We will go over each step in detail throughout the rest of this article.
2. Plug the hexadecimal (entropy) into the SHA256 (binary) hash function to get another hash which we will use to create our checksum.
3. The new hash will appear written in hexadecimal, so we will take the first 2 characters and convert them from hexadecimal into 8 characters (bits) of binary. Once we have our final 8 bits, we will append them to our original 256 bits for a total of 264 bits.
4. Divide our 264 bits into groups of 11.
Plug each group of 11 bits (from left to right) into our converter so we’re looking at common numbers (Base10) instead of binary (base2).
5. Find the corresponding word on the BIP39 word list.
Warning: binary begins counting with 0. If you are looking at a BIP39 word list such as the one referenced in the actual BIP, take note of whether the list begins counting with “1” or with “0”. If it begins with “1”, you will need to add +1 to your binary-to-decimal output in order to find the correct corresponding word on the BIP39 wordlist.
7. Use Ian Coleman’s excellent Mnemonic Code Converter and verify that you did everything correctly!
8. Marvel at how awesome we are for having created our own secret key and transforming it into a BIP39 seed phrase.
If you make any mistakes during this process, you will likely produce invalid results, and it’s not so difficult to make a mistake. Therefore, before you begin, get a text document ready and record the information you use in the following steps so that you can check them again if you need to.If you do happen to produce invalid results, read some tips at the end on what might have gone wrong and why.
Step 1: Choosing Our Bits
When choosing your 256 bits that you will use to create your mnemonic, you ideally want randomness. Using the wallet you downloaded to auto-generate your random mnemonic is probably the best way to go. However, in the name of education, we’ll make our own.To get my 256 bits, I will type the phrase “billfold waterproof fireproof metal” into a SHA256 hash function and I’ll use that 256-bit output as my random set (it’s often called ‘entropy’).I used this online SHA256 hash generator, Be aware that you cannot use binary as the input for this generator. It only reads an input in hexadecimal. If you need to hash binary, see step 2.
For any random SHA256 hash generator online, your output will more than likely be written in hexadecimal (as shown above). Save this information because you’ll use it in step 2.
Step 2: Hash the Chosen 256 Bits and Use the Output to Create the Checksum.
From here on, you will likely need to do several conversions between hexadecimal and binary (one way or the other). Use this excellent converter from Math Is Fun for all of it. It’s a great tool.If you’re starting from binary, convert the chosen 256 bits into hexadecimal.
Now, take the hexadecimal output and paste it into this converter to get your SHA256 binary output.
After that, if you scroll down, you will see a list of outputs. Scroll near the bottom of the list and find SHA256. Copy just the first two digits of that hash as shown below:
My hash result begins with “41” which is written in hexadecimal. However, we need the binary (8 bits), so I quickly went back to Math Is Fun’s conversion tool and typed in those first two characters from the hash to find the 8 digits we needed: 11000000
Step 3: Append First 8 bits From the Hash to the Original 256 Bits to Get 264 Bits
Note that we want 24 words in our BIP39 seed phrase, so we are using 256 bits because it is said to be more secure. However, you may follow the instructions in BIP39 with only slight changes to get 12, 15, 18, or 21 words.
Step 4: Divide Our 264 Bits Into Twelve Groups of 11 Bits
Once we do that, here’s what we get:
Step 5: Convert binary (Base 2) to hexadecimal (Base 10)
If it starts listing the words with number one, you need to add +1 to each number you just calculated to find the corresponding word. If your list begins with zero, you do not need to change anything.
BIP39 has a word list. There are 2048 words on the list because there are 2048 possible arrangements of ones and zeros for a group of 11 bits. They are listed 1-2048 on the BIP39 file reference, but you may find another file that lists them 0-2047 because zero is included. Each of your 11-bit arrangements will map to one of the words on the list. In order to do this part, we need to convert our 11 bit groups from binary (Base 2) into the system we’re all familiar with: hexadecimal (Base10). If you want to do this in your head, you’ll have to learn binary. Since I didn’t, I went back to Math Is Fun’s conversion tool and copy/pasted. Notice how none of my numbers will be greater than 2048.
Keeping the same order for my 11-bit groups shown above here are my corresponding hexadecimal (Base 10) numbers.
Step 6: Convert hexadecimal (Base 10) to BIP39 words
Step 7: Don’t Trust. Verify.
Use Ian Coleman’s Mnemonic Code Converter to verify that you just created a valid 24-word mnemonic seed phrase. Type your 24 words into the box titled “BIP39 Mnemonic”. If you did everything correctly, then you will see no errors. Scroll down and this tool will show you a lot of information about your seed and your addresses. You can also use this tool to extend your seed and add an extension word for greater security and use with an HD wallet.
Warning: use this tool only if you have an air-gaped computer to run it on. If you plan on using the online version, only use it to verify that the process we have described above works as advertised. We do not advise inputting any mnemonic phrase you intend on actually using to back up coins into any site.
If the Mnemonic Converter Says Your seed is Invalid
We’ve all been there. It’s easy to screw up. Here are some suggestions if this happens:
- Make sure your checksum is correct. That’s the most likely point of error
- When creating your checksum, make sure you’re using the SHA256 hash generator that I suggested because it is hashing the binary. If you use a different SHA256 generator, it might be hashing the hexadecimal and not the binary, and that will give you a completely different result!
- The most likely point of failure is the checksum, the second is the hashing, but the third is mapping the numbers to the words on the list. Unfortunately, you’ll need to check again that you did it correctly, but if you’re doing this so you can really use this bitcoin address for money, then you must be certain that everything is correct. Do it.
- My final suggestion, if all else fails, is that you start all the steps again from scratch and follow these steps meticulously. They work.
Adding Security: Extension Words
An ‘Extension Word’ is similar to a password, but saying password is avoided to differentiate this from another password you might have to open your bitcoin wallet.
Extension words are also called seed extensions or are referred to as “stretching” by Andreas Antonopoulos. They increase the security of your mnemonic seed phrase by requiring another special ingredient which is created by you in order to access the bitcoin in your wallet. BIP39 explains a recommended way to create a seed from a mnemonic.
This process is also explained well in Mastering Bitcoin. The BIP39 mnemonic seed phrase plus the word “mnemonic” plus an optional passphrase created by the user are all input into a Key Stretching Function called PBKDF2 using HMAC-SHA512. The input makes 2048 rounds through the function and out comes 512 bits which is your new seed. This seed has extra protection because a would-be thief needs to know your passphrase in addition to the words in your mnemonic seed phrase.
Using this newly created seed phrase, a heirarchical deterministic (HD) wallet can derive an effectively limitless supply of bitcoin addresses for you. All of those addresses are protected by your secret seed.Now you know more about your secret mnemonic phrase and how important it is. For more information, try these excellent posts, one on Reddit and one on Bitcointalk, or jump down the Bitcoin Wiki rabbit hole!
Warning: This is just an example for educational purposes so you can understand what your wallet is doing. It is better to let your wallet software randomly choose your seed phrase. Do not type your seed phrase into the internet. Do not type it into a text document on your computer. Do not take a screen capture of it. Do not send it in an email. Do not use these websites that I have used to generate your keys.
You have been warned.
For more warnings, see the Bitcoin Wiki page.
And that's it - you've done it! You have created your own secret key and turned it into a mnemonic phrase, but more importantly, you understand what your wallet is doing under the hood. That is something you can't put a price on...well, except for a few Bitcoins maybe.