Meet Vault12 at CryptoMondays London, December 9, 2024 and The Digital Commonwealth Awards, London, December 13, 2024
Contents
- What is BIP39?
- Why is BIP39 important?
- Why is it called "BIP39?"
- What Is a BIP39 mnemonic sentence / seed phrase?
- What is a passphrase for a BIP39 Seed phrase?
- How much security does a passphrase add?
- How likely is your BIP39 seed phrase to be guessed?
- Why are BIP39 words chosen from a limited dictionary?
- Do you need to understand BIP39 mathematics?
- What are BIP32 and BIP44?
Basics of Crypto Security
What are BIP39, BIP32, and BIP44?
This article explains BIP39, the standard that defines how seed phrases are made, and summarizes how BIP32 and BIP44 standards allow wallets to supercharge seed phrases to support many more keys.
August 31 2024
Articles about cryptocurrency wallets are dotted with quite a few references to a mysterious-sounding "BIP39." Once you learn a little about it, you see that BIP39 is actually not mysterious at all - in fact, its very purpose is to make encryption keys less mysterious for people to work with.
TL;DR (concentrated takeaways)
BIP39 is a common and useful standard in crypto wallets.
BIP39 defines how wallets create seed phrases and generate encryption keys.
It is critically important that the numbers selected to create the BIP39 seed phrase be random!
A BIP39 seed phrase created with appropriate randomness can not be guessed through brute force, because there are simply too many permutations.
In addition, BIP39 defines the passphrase option, that adds a moderate amount of additive protection in case your seed phrase is stolen or otherwise accidentally exposed. However, it also adds some risk, so it is recommended for more experienced users.
BIP32 and BIP44 are related standards that have paved the way for other wallet features, making it more convenient for users to manage their crypto assets.
What is BIP39?
BIP39 is a design implementation that lays out how cryptocurrency wallets create the set of words (or "mnemonic codes") that make up a mnemonic sentence, and how the wallet turns them into a binary "seed" that is used to create encryption keys, which are then are used to execute cryptocurrency transactions.
In setting guidelines for how wallets do this, BIP39 simplifies cryptocurrency for us. (Can you imagine how complicated it would be if every wallet had its own way of doing things?)
It isn't necessary to know all the details of BIP39 in order to use cryptocurrency - but you would certainly benefit from knowing a little about it.
Why is BIP39 important?
BIP39 is a great icebreaker at cocktail parties! Well ... maybe not, but if you want to purchase some cryptocurrency, and have decided to set up your own cryptocurrency wallet, it becomes relevant whether your choice of wallet supports BIP39. If you use a wallet that implements BIP39, and in the future you decide to migrate your keys to a different wallet, you can re-create your crypto holdings in your new wallet just by feeding it your original BIP39 mnemonic sentence. This works because BIP39 is supported by so many wallet manufacturers. As a result, not only does BIP39 simplify wallet and key management, it also opens the door to much simpler wallet migration. Although it is a "Bitcoin Improvement Proposal," in practice, BIP39 is a de facto standard that has greatly evolved the cryptocurrency industry.
Why is it called "BIP39?"
BIP39 is just one of a set of multiple technical design documents introduced by the cryptocurrency community since Bitcoin's inception. Its name comes from the fact that it was the 39th Bitcoin Improvement Proposal (BIP). It actually has a longer formal title: "Mnemonic code for generating deterministic keys" -- a bit of a mouthful -- so you can think of "BIP39" as its nickname. BIP39 has turned out to be one of the most widely-used BIPs, and it's now implemented by many wallet manufacturers, and used for many more cryptocurrencies than just Bitcoin.
What Is a BIP39 mnemonic sentence / seed phrase?
A BIP39 mnemonic sentence is a set of words (most commonly 12 or 24) that we can interact with more successfully than other characters that aren't words (bits and numbers and the like). BIP39's purpose in introducing the use of mnemonic words is to reduce the errors that often occur when we try to communicate long strings of unfamiliar characters. The wallet handles the heavy lifting of converting the mnemonic words through a process of complex hashing, salting, and checksum operations into a binary "seed," which is then used to generate the all-important private and public encryption keys.
It's very important that the mnemonic sentences are generated from randomly selected numbers! These numbers can be generated in a variety of different ways, which are described in other articles here, like "What is an RNG" and Seed Phrase Generation.
What is a passphrase for a BIP39 Seed phrase?
The BIP39 standard also defines an option for users to add a long "password" of sorts to a seed phrase. Understand that these are two separate things:
- A BIP39 Seed Phrase is a set of 12 or 24 words from the BIP39-defined dictionary. It is the core secret for a digital wallet (and often the only secret).
- A Passphrase is an option, that could be used or not, that allows you to add an additional random secret to a wallet's seed phrase.
Passphrases are a bit of a tricky concept. By default, some cryptocurrency wallets disable the use of the optional passphrase. Although it can add some security, it also adds complexity. If you set a passphrase, your backup strategy has just gotten more complicated: you now have two important pieces of information (your mnemonic sentence and your passphrase) which are critical to store securely. This additional complexity increases the risk of misplacing the passphrase, and thus losing your cryptocurrency.
How much security does a passphrase add?
Because the BIP39 seed phrase itself offers an incredibly high level of protection against being guessed, the addition of a passphrase actually doesn't significantly reduce the risk of a brute-force guessing attack. Instead, the primary purpose of a passphrase is to add an extra layer of security to protect against the possibility that your seed phrase may be accidentally revealed to someone.
However, being shorter and less random than the seed phrase itself, the passphrase likely could be guessed eventually with a brute-force attack. If someone did gain access to your seed phrase, the level of protection that a passphrase offer is short-lived. You might have a chance of saving your cryptocurrency from theft only if you noticed that someone had gained access to your seed phrase before they were able to brute-force guess your passphrase. In practice, this could be days or weeks, depending on how hard to guess it was. But is that limited increase in security worth the increased risk of loss of the passphrase? Based on your individual situation, you can decide that for yourself, but you can see why many experts recommend against setting a passphrase.
How likely is your BIP39 seed phrase to be guessed?
A mnemonic sentence constructed from random inputs is much more unique than most people can possibly imagine. For example, in a 24-word BIP39 sentence, there are 2048 to the 24th power possible combinations of words (or stated another way, around 3 x 10 to the 79th power). To try to comprehend how enormous this number is, it's often compared to an estimate of the total number of atoms in the known universe. In practice, it is effectively unguessable with today's technology.
Why are BIP39 words chosen from a limited dictionary?
BIP39 wordlists may seem arbitrary, but they are not - they are carefully chosen to reduce the chance of mis-specification. Words in a BIP39 wordlist are selected with the parameters in such a way that they don't have synonyms, don't have alternative spellings, don't have only 1 character variation with other words in the list, and aren't profane. These rules apply for every language. In addition, the first four characters of each word are unique to each wordlist, which is convenient when typing them into hardware wallets with limited input mechanisms, stamping them onto steel cards, or backing them up in any other form.
BIP39 wordlists can be seen here: https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md).
Also, you don't necessarily have to remember this, but BIP39 wordlists have 2048 words in them. The reason for this is because it aligns with how BIP39 uses 32-bit blocks of entropy (random inputs) plus a checksum bit sequenced into a long binary string that is divisible into 11-bit numbers. Each of those numbers can hold up to 2048 bits. In short, 2048 words are all that are needed to achieve extremely high levels of entropy.
Do you need to understand BIP39 mathematics?
As a user of a cryptocurrency wallet, you don't necessarily need to understand the precise details of BIP39 calculations. However, you might want to understand that they include the generation of a checksum of random numbers, and this is used as an integrity check. A checksum is a small piece of data that allows you to check if another piece of data is the same as expected. This checksum is included in the last mnemonic code word of a sequence, and it helps wallets to verify the validity of every mnemonic sentence. So if a user types in a set of words and it fails validation because the checksum isn't as expected, there is likely a typo in what the user entered.
BIP39's other mathematical functions transform its inputs (the random numbers plus the optional passphrase) through one-way functions that guarantee that they can not be reverse-engineered from the public key.
If you'd like to do a deep dive, and understand the exact mechanisms of how BIP39 wallets convert mnemonic codes into a binary seed, there is a description in the design document at https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki.
Vault12 also has a more detailed description in "How to Generate a Seed Phrase."
What are BIP32 and BIP44?
As described in this article, the BIP39 standard describes how a seed phrase is constructed.
Related to BIP39, the most prominent wallet standards include BIP32 and BIP44:
BIP32 ("Hierarchical deterministic wallets") lays out a framework for Hierarchical Deterministic wallets (HD Wallets) for Bitcoin so that the wallet software can control multiple separate Bitcoin accounts using a single seed phrase.
Furthermore, BIP44 ("Multi-account hierarchy for deterministic wallets") defines the same organizational hierarchy for managing multiple accounts in deterministic wallets for all other than Bitcoin cryptocurrencies, like Ethereum, Dogecoin, etc.
BIP32 and BIP44 work together to add flexibility, privacy, and interoperability to HD Wallets. HD Wallets extend the capabilities of deterministic wallets, allowing for the management of a huge number of keys, all of which are derived from the original BIP39 mnemonic sentence (seed phrase).
For the purposes of the guides on our website, we focus on how to manage BIP39 seed phrases, since they are supported by every modern crypto wallet, and it is the core thing to understand and be able to properly backup almost any crypto assets. You may also come across wallets like Coinomi which also use BIP44 and default to 24-word seed phrases.
Feel free to learn more about all of the BIP cryptocurrency standards that may be relevant to you!
https://www.linkedin.com/in/artk42/
https://startag.xyz/artk42
Basics of Crypto Security
What are BIP39, BIP32, and BIP44?
This article explains BIP39, the standard that defines how seed phrases are made, and summarizes how BIP32 and BIP44 standards allow wallets to supercharge seed phrases to support many more keys.
August 31 2024
Art Krotou
Art is a crypto-security expert and researcher with serial entrepreneurship background. Having a degree in physics and experiences in multiple cutting-edge industries like fintech, secure hardware and semiconductors, and identity gave him a unique multi-faceted perspective on the problem of key management for individuals in the crypto networks and the evolution of the internet in general.
In his current work, he is specifically researching how cryptographic keys can be inherited without posing a threat to 3rd parties in edge cases. In addition, he advocates for "fault-tolerance via secrets automation". He discusses the quantitative impact of user experience factors on the uptake of non-custodial solutions.
As one of his most notable accomplishments, he co-founded and led through the early years of the company that contributed to the complex technology behind Apple's recent M-series CPUs. He is also the creator of the most friendly and aesthetically pleasing, but nonetheless super secure and fault-tolerant hardware wallet - U•HODL.
Check out his curated series of "Vault12 Learn" contributions below, and follow him on Twitter and LinkedIn for more sharp insights.
Vault12
Vault12 is the pioneer in crypto inheritance and backup. The company was founded in 2015 to provide a way to enable everyday crypto customers to add a legacy contact to their cry[to wallets. The Vault12 Guard solution is blockchain-independent, runs on any mobile device with biometric security, and is available in Apple and Google app stores.
You will lose your Bitcoin and other crypto when you die...
...unless you set up Crypto Inheritance Management today.
It's simple — if you don't worry about crypto inheritance, nobody else will — not your software or hardware wallet vendors, not your exchanges, and not your wealth managers. So it's up to you to think about how to protect the generational wealth you have created, and reduce the risks around passing that wealth on to your family and heirs. What are the challenges with crypto inheritance?
- Crypto Wallets are difficult to use and do not offer crypto inheritance management. In fact, most of them tell you to write down your seed phrase on a piece of paper, which is practically useless.
- Some people back up their wallet seed phrases or private keys on paper, local devices like hardware wallets or USBs, or in the cloud. All of these options have severe drawbacks that range from hacking to accidental loss to disrupted cloud services.
- Software wallets operate onspecific blockchains, yet your crypto assets span multiple blockchains. For inheritance to work, you must be able to manage inheritance across every blockchain — now and forever.
Vault12 is the pioneer in crypto inheritance management. Watch our explainer video above, or our inheritance demo today.
Crypto Inheritance Management: Get ready today
Vault12 is the pioneer in Crypto Inheritance Management, and offers an easy-to-use and secure method for assigning a legacy contact to your crypto wallets. Vault12 Guard enables you to pass on your wallet seed phrases and private keys for any cryptos including Bitcoin (BTC) and Ethereum (ETH) to future generations. It's designed for everyday people, yet strong enough for Crypto OGs.
This innovative, decentralized system uses a hybrid approach of software fused with the Secure Element of phone devices (the Secure Enclave for iOS devices, and Strongbox for Google devices).
Vault12 Guard enables users to appoint one or more people or mobile devices as Guardians. The designated Guardians are entrusted to collectively protect the user's comprehensive collection of wallet seed phrases and private keys, which are safely stored within a decentralized digital Vault. Nothing is stored on cloud servers or Vault12 servers, and no assets are stored on local devices, making them less of a target.
The decentralized approach reduces points of failure and removes the necessity for regularly revising wallet inventories or modifying instructions for your lawyers (which could lead to privacy breaches). Simply put, Vault12 Guard is the best way to preserve crypto generational wealth.
Take the first step and back up your crypto wallets.
Designed to be used alongside traditional hardware and software crypto wallets, Vault12 Guard helps cryptocurrency owners back up their wallet seed phrases and private keys (assets) without storing anything in the cloud or any single location. This increases protection and decreases the risks of loss. Making sure you have an up to date back up is the first step in crypto inheritance management.
The Vault12 Guard app enables secure decentralized backups and provides inheritance for all your seed phrases and private keys across any blockchain, including Bitcoin, Ethereum, ERC-20, and other crypto wallets.
Note: For anyone unfamiliar with cryptocurrencies, Vault12 refers to wallet seed phrases and private keys as assets, crypto assets, and digital assets. The Vault12 Guard app includes a software wallet that works alongside your digital Vault. The primary purpose of this is to guard your Bitcoin (BTC) or Ethereum (ETH) wallet seed phrases, private keys, and other essential data, now and for future generations.