Wallet History and Mnemonic Seeds

The following two lessons were written with the goal of providing a good foundation for building or working with Bitcoin wallets. As such we’ll cover a bit of history and then the current de facto standard for Bitcoin wallets which consists of four BIPS, 39, 32, 43 & 44.

These BIP’s cover mnemonic seeds and hierarchical deterministic(HD) wallets.

History:

Cryptocurrency wallets have evolved substantially since the first wallet which was included in the original version of the Bitcoin core client. Let’s first discuss some of the history of Bitcoin wallets to understand why these improvements came about.

JBOK, or Just a Bunch of Keys wallets:

This type of wallet is simply a collection of randomly generated private keys with no particular relation to one another.

While these wallets worked, there was an issue with backing up the wallet data. For greater privacy, addresses were not reused. This means new addresses, and thus new keys, were generated regularly. New addresses were created on each receive transaction, with a cap of 100 addresses/key kept at any time.

Notes: This includes change transactions. When a UTXO that is larger than the amount being spent is used, the UTXO is split and the remaining balance is returned to the sender as change.

An early method for backing up a wallet was simply to copy the wallet.dat file that contained the private keys and then store this file in a secure location. However, if regular backups were not taken then they would quickly become outdated.

If a user attempted to restore a heavily used JBOK wallet, they may find that the keys in their backed up wallet.dat file no longer control any value on the blockchain. Essentially, a backup could quickly become useless.

Also, backing up a wallet meant storying what was essentially a database file. This made backups not at all user-friendly.

To solve these problems mnemonic seeds and HD wallets were created.

Mnemonic Seeds:

The process outlined in BIP 39 is the current best practice for creating wallets with mnemonic seeds.

So, what is a mnemonic seed?

It is a set of data encoded as a series of words, usually 12 or 24, which can be used to restore an entire wallet.

Note: Mnemonic – a device such as a pattern of letters, ideas, or associations that assists in remembering something.

HD wallets, which we will cover in depth in the next lesson, have a parent private key which can be used to derive many child keys. In this way, one set of data, which is called the “seed”, can be used to migrate or restore a wallet with many keys and addressed.

It is, however, important to note that the “seed” is more than just the parent private key. The seed also contains the “chain code”. This is a bit of data which is necessary for the derivation of the child keys, which we’ll discuss in the next lesson.

How this works…

This is a simplified version of the process which is meant simply to give you a starting point. For a more in-depth explanation please see the BIP 39 repo, and chapter 5 of Master Bitcoin 2nd Edition.

First, the wallet should have some source of entropy which is used to generate 128-256 bits of data.

This data is then mapped to a predefined dictionary of 2048 words. This is how those 12-24 words that make up the seed are selected.

Once the seed words have been selected, a “salt” and optionally a password are selected. In BIP39 compatible wallets, the salt is automatically set to “mnemonic” plus the password if one was added.

Note: The addition of a password will change the resulting 512-bit seed. This provides an extra security feature. Even if an attacker was able to acquire a wallet mnemonic phrase they would be unable to recreate the necessary seed data without the addition of the password. Also, a wallet can be created that has two passwords, one for normal use and another “duress password” that results in the recreation of a wallet with only a small amount of funds to fool an attacker.

Once the mnemonic phrase and salt has been selected, they are run through a “key stretching function”. This function hashes the data 2048 times! Which produces the 512-bit wallet seed.

Takeaways:

The mnemonic phrase, the parent private key and the seed are not the same things.

The seed is built from the mnemonic phrase + salt and contains both the parent private key and the chain code.

The seed contains all the components necessary to migrate or restore an HD wallet.

Before we move on let’s take a quick look at wallets in the context of internet security and usage. Often, when wallet types are being discussed the speaker is referring to what device the wallet seed is stored on or accessed from. This is important from the context of accessing funds and keeping them safe from theft.

Hot wallets: A wallet that exists on an internet connected device. In this situation the users private keys are stored on this internet connected device which can make them susceptible to theft. It is recommended to only store a small amount of funds for immediate use on hot wallets.

Cold/hardware wallets: This is a wallet that is stored on a device that is “air gapped”, has no internet connect. This is often done in the form of a small hardware device. Wallets such as this are recommended for longer term storage.

Custodial wallets: These are wallets provided by services that hold key on behalf of the user. While this can provide some convenience it is important to note that it involves trusting a third party to store your funds honestly and competently.

Paper wallets: A paper wallet is a common type of “cold storage”. It’s a method of storing keys offline. This can be done by writing out your wallet seed or private keys on a piece of paper and storing it somewhere safe such as a home fire safe. There are stainless steel versions of these types of wallet that allow you to etch your wallet seeds into a steel plate which provides improved durability.

Further Reading:

We’ll have a look at chain codes and HD wallets in the next lesson.