Understanding Bitcoin Keys: Bip39 Seed Words
The foundation of Bitcoin self-sovereignty is control of private keys. Without this, you are in some way transferring control of your money to someone else. There is a saying that goes, “It’s not about the keys or the coins.” A counterintuitive aspect of Bitcoin for those unfamiliar with its technical underpinnings is “where” Bitcoin actually is. When people think of a wallet, they think of ‘a place to store money.’ Your Bitcoin wallet does not actually “hold” your Bitcoins, it only stores your private keys. Your Bitcoin is just a data item on a blockchain hosted by everyone participating in the network. When you go to spend Bitcoin, what it’s actually doing is proposing updates to the data stored on the blockchain. Private keys are how the protocol ensures that you and only you can approve updates to the blockchain that uses Bitcoin.
So what is your private key? That’s a very big number. It’s very big. This is your private key in binary format.
111000101101100101111011110000010100010000001000100111101011101101010111011100111111111110101011101001011101001110100111001 01001101111010001100001111110101111001101001011110011011101000001101101101110001101000110001111010001001001111011010101011001 1 01101010
256 random 1s and 0s. These random numbers are ultimately what protects your Bitcoin. It may not seem like a big deal, but randomness ensures the security of your wallet. There are almost as many Bitcoin private keys as there are atoms in the visible universe. This is the number of numbers a computer must compute to generate and catalog all potentially possible private keys. As long as the process used to generate the key is truly random, the key is safe.
Here’s what the private key looks like in hexadecimal (binary uses two digits to encode the numbers 1 and 0, hexadecimal uses 16 digits 0-9 and AF):
E2D97BC144089EBB5773FFABA5D3A729BD187D79A5E6E836DC68C7A24F6AB36A
The private key in uncompressed Wallet Import Format (WIF) is:
5KYC9aMMSDWGJciYRtwY3mNpeTn91BlagdjzJ4k4RQmdhQvE98G
The WIF format was the way everyone interacted with private keys in the early days of Bitcoin. In this day and age, you can generate one private key at a time and then generate a public key from there. The process of generating a public key is essentially multiplying very large numbers, but there is more to it than that. Every public key is an x and y point on the graph. very A big curve that goes back on itself.
The graph curve has a point called the ‘generator point’ for Secp256k1 for Bitcoin. This generator point can be considered the “baseline” of the Secp256k1 curve. This is essential to the process of generating and signing keys. The creation points of the Bitcoin curve are as follows:
G = 02 79BE667E F9DCBBAC 55A06295 CE870B07 029BFCDB 2DCE28D9 59F2815B 16F81798
To generate a public key from a private key, multiply the private key you generate by the generator points. That’s it. This establishes a point on the graph with a mathematical relationship to the private key you generated, which now only you know.
This is an uncompressed public key representing both x and y points.
04C0E410A572C880D1A2106AFE1C6EA2F67830ABCC8BBDF24729F7BF3AFEA06158F0C04D7335D051A92442330A50B8C37CE0EC5AFC4FFEAB41732DA5108261FFED
It’s very common to “compress” a public key in the rare opportunity you interact with it to store the x-coordinate with a byte to tell whether the y-coordinate is negative or positive. This will shorten it considerably.
04C0E410A572C880D1A2106AFE1C6EA2F67830ABCC8BBDF24729F7BF3AFEA06158F0C04D7335D051A92442330A50B8C37CE0EC5AFC4FFEAB41732DA5108261FFED
When you sign a transaction with your private key, once again it essentially just comes down to multiplication. You create a signature (consisting of two values, r and S) by generating a random number (nonce) and essentially multiplying that number with the hash of the transaction you want to sign using your private key. This allows someone to run an algorithm to verify that a message is signed with the appropriate private key without having to reveal that key. Ensuring that only you can authorize the use of Bitcoin is essentially multiplying a very large number.
If you aren’t familiar with these concepts before reading this, this may all seem a bit intimidating. Binary? Hexadecimal? Graph points? How do I back up WIF?
Since more intuitive ways to handle this data have been developed, most users are unfamiliar with this complex format. Perhaps you have more experience with word seeds, also known as seed phrases.
BIP 39 Mnemonic Seeds
Mnemonic seeds, or seed phrases, were created to solve the problem of interacting with private keys.
As discussed earlier, your private key is ultimately a long series of randomly generated 1s and 0s. Imagine you want to make a copy of this and check that no errors occurred while copying it.
111000101101100101111011110000010100010000001000100111101011101101010111011100111111111110101011101001011101001110100111001 01001101111010001100001111110101111001101001011110011011101000001101101101110001101000110001111010001001001111011010101011001 1 01101010
It only takes one error to copy a single digit to render a key backup useless. This is where mnemonic seeds come in handy. 256 consecutive 1s and 0s in a row is not a human-friendly way to interact with sensitive information. If you record this number incorrectly, you will lose access to your account.
truck renewal anger donkey reminds laptop reform details split sadness because of fat
That’s much easier to handle, right? It’s just 12 words. So how does it work to turn random ones and zeros into a string of words that actually make sense? It’s the same encoding method as binary or hexadecimal!
Each of the 12 words in the mnemonic seed above is a binary number: Encoding method Maps specific strings of 1’s and 0’s to words. If you look back at our previous WIF private key example, it was simply a number encoded in a specific encoding scheme. In this case base 58 (case sensitive), which uses all numeric and alphabetic characters except 0 and 1, O and l. Excluding those letters was done specifically to avoid transcription errors by confusing 1 for l and 0 for O. bech32 and bech32m, used by Segwit and Taproot, take this to the next level by using only this character set ( qpzry9x8gf2tvdw0s3jn54khce6mua7l).
Bitcoin Improvement Proposal 39 (BIP 39) introduced a standardized encoding scheme in which each word in a specially created dictionary is mapped alphabetically to a binary number from 00000000001 to 11111111111. The demo seed above is:
Truck: 11101001001
Update: 10110110001
Anger: 01011110011
Donkey: 01000001001
Notification: 10110101110
Laptop: 01111101000
Reform: 10110100010
Details: 00111100010
Split: 11010010001
Sadness: 01100110100
Because: 00010011110
Province: 01010011011
If you look at it in binary terms, it looks like this:
11101001001 10110110001 01011110011 01000001001 10110101110 01111101000 10110100010 00111100010 11010010001 01100110100 000 10011110 0101001 1011
There are 2048 words, each mapped to a specific 11-character string of 1s and 0s, which makes it easier for people to interact with private keys, among other things. Once you generate a random number for your private key, the wallet breaks that number into chunks of 11 binary digits and maps them into the BIP 39 mnemonic dictionary. It’s still the same big number, but now you can read it as an English word. Because your brain is much more accustomed to this format than to long strings of 1s and 0s. Boldly It reduces your chances of writing something wrong and losing your Bitcoin in the process.
You can see above that the raw binary encoding of the word seed has 4 separate digits (1011) and that the final “word” is actually 8 digits long. This is a checksum that verifies that the seed phrase is valid. When generating random numbers, there are not enough digits to map to exactly 12 (or 24) words. The wallet hashes the existing number you generated, takes the first few digits of the hash, and adds them to the end of the random number. This will give you enough numbers to map to the last word.
These last words allow you to perform a safety check on your seed copy. If you enter the mnemonic seed into your wallet incorrectly, the checksum will not match. Each 12- or 24-word seed will have multiple valid checksum words, but if the last word does not match the checksum of the correct seed, the wallet will warn you that the word is invalid. This gives people an intuitive, yet still mathematical way to ensure that their backups are correct, as opposed to the messy process of copying and backing up raw binaries.
If you select a specific word from a list, you can guarantee that none of the 2048 words have the same first four letters. This was done to reduce the chance of making transcription errors by confusing similar words and backing up private keys incorrectly.
If we translate this word as set Using multiple private/public keys is very simple. The mnemonic seed is taken and hashed using SHA512, which outputs a hash of 512 individual 1s and 0s. Half of that output is used as the actual private key, and the other half is used as input to SHA512 using the index number and existing private or public key to generate a new key pair. You can do this as many times as you want to generate new private/public keys, all recoverable from a single mnemonic phrase.
This allows you to easily manage your private keys. safety, you are least likely to make mistakes that could cost you money. And it’s all done using math! I hope you now understand why people say Bitcoin is ‘mathematically protected’ money.