Rob Behnke
November 1st, 2022
A step in the process of setting up a new cryptocurrency wallet is the issuance of a 12 to 24 word mnemonic phrase or seed phrases. These seed phrases are necessary for account recovery in case of lost access to users’ funds. The Bitcoin Improvement Proposal number 39 (BIP39) is an implementation design that describes how cryptocurrency wallets generate mnemonic phrases and convert them into binary seeds, which can be used to create deterministic wallets. In short, BIP39 standardizes how wallets handle this overarching process.
Before this standardization, private keys were used to create and access wallets. Having a deterministic private key meant that wallets could be generated and accessed with just a random string of characters. Composed of a less memorable string of both letters and numbers using private keys as the go-to access for wallets heightened the probability of typographical errors. In this article, we’ll break down BIP39, its significance, and its implications for your crypto wallet security.
BIP39 works by taking a random number and deriving a mnemonic phrase from it. This phrase is then used to generate a seed that can, in turn, be used to create private keys and addresses.
The first step is to generate randomness (or entropy), which is a measure of randomness in a system. This makes it more difficult for attackers to guess the phrase and generate the same seed. 128-256 bits of entropy would generate a 12-24 word seed phrase.
Following this process, a checksum is generated. This is a value used to verify the validity of data. Basically, it identifies any errors or alterations to the contents of a file. After combining the checksum with the generated entropy, the concatenated bits are separated into 11-bit groupings which are then used to look up words within the BIP39 word list.
The 12-24 word phrases issued when setting up a BIP39 supported crypto wallet are drawn from the BIP39 word list. These represent a set of specially chosen words. There are 2048 distinct words which share some important characteristics.
Thanks to the BIP39 seed phrase, backup and recovery of crypto wallets are now possible without using complex private keys. Users don’t need to remember long, complicated characters to access their wallets. Instead, the wallet’s recovery seed phrase is composed of more memorable ordinary words. The BIP39 standard enhances crypto security by offering a more user-friendly format for recovery phrases that are less likely to be entered incorrectly.
BIP39 serves another fundamental function. While public blockchains are permissionless, wallets are required to utilize them. In the absence of a standardized seed generating mechanism, crypto wallets would implement proprietary mnemonic formats. This would likely create either centralization concerns for users or serious compatibility issues across wallets.
Different wallets can employ mnemonic seed (recovery) phrases of various lengths. The Ledger Nano S implements a 24-word recovery phrase, while the Trezor T implements a 12-word recovery phrase. A 24-word recovery seed phrase provides more robust protection against hackers attempting to randomly generate a user’s mnemonic phrase and obtain access to their funds.
For assistance auditing smart contracts or securing your assets, please contact our Web3 security experts at halborn@protonmail.com.