Content
Last week, I came across BIP-39 and learned about its role in securing web3 wallets. Curious, I decided to try out a demo to see how it actually works. A web3 wallet, which can be software or hardware-based and is self-custodial, helps users keep track of their blockchain funds. These wallets are governed by private keys that should never be shared. But how exactly is this private key created? And if you want to recover your account, do you need to remember that long, complicated private key? The quick answer is no.
Instead of having to memorize or store that unwieldy private key, wallets use something called a seed phrase—usually a sequence of 12 or 24 words. This mnemonic phrase is what you get when you set up your wallet, and you’re strongly warned not to share it with anyone. But what’s the origin of this phrase? Is it just a random collection of words thrown together? To understand this better, let’s break down the process.
For a 12-word seed phrase, the wallet first generates an entropy, which is a large pseudorandom number. This entropy is created using a Cryptographically Secure Pseudo Random Number Generator (CSPRNG). Now, for my demo, I used a less secure generator, but normally the entropy size is 128 bits for 12-word phrases. Then, the entropy is hashed using the SHA-256 algorithm. From the hash, the last four bits are taken as a checksum, which is appended to the original entropy, making a total of 132 bits.
That checksum acts like a safety net during recovery—it ensures that if you’re retyping your seed phrase, you’re less likely to mess it up without realizing. After forming this 132-bit number, it’s split into 12 groups of 11 bits each. Each 11-bit group converts to a decimal number between 0 and 2047. These numbers correspond to words in the BIP-39 standard wordlist, which contains exactly 2048 unique words. So, the seemingly random list of words you get is actually derived systematically from this bit-level encoding.
Once you have your 12-word seed phrase, it’s passed through a special function to produce a master seed. This master seed acts as the single source for generating an infinite number of private keys and addresses in a deterministic way. The odds that two wallets will generate the same seed phrase are astronomically small—there are 2^128 possible combinations! This huge number makes brute forcing practically impossible because it’s computationally insane to try every combo.
When you want to recover a wallet, you simply input the 12 words in order. The wallet software looks up each word’s decimal index in the BIP-39 wordlist and converts these back into 12 sets of 11-bit binary numbers. Joining these together gives back the 132-bit number. The last 4 bits (checksum) are separated from the first 128 bits (entropy). The entropy is hashed again and the checksum is verified against the original. If they match, the wallet knows the seed phrase is valid and then recreates the master seed and the corresponding private keys.
This whole system might seem complex, but it’s basically just math, code, and some solid cryptography. It’s what keeps your web3 wallets secure while allowing easy recovery through human-friendly seed phrases instead of impossible-to-remember private keys.
