Seed Phrase

A seed phrase deterministically generates an entire hierarchy of private keys and addresses from a single root. This means:

• The same 12 or 24 words will always produce the same wallet and addresses on any compatible software.
• It enables portability, allowing you to restore access on any device.
• The process uses standardized algorithms like BIP-39 and BIP-32.

The security of a seed phrase originates from cryptographic entropy. When created, the wallet software:

• Gathers high randomness from the system.
• Encodes this randomness into a binary sequence (e.g., 128 or 256 bits).
• Maps this sequence to a wordlist (like the BIP-39 standard list of 2048 words).
• The immense number of possible combinations (2^128) makes brute-force attacks practically impossible.

A built-in checksum protects against transcription errors. The process:

• Takes the initial random entropy and calculates a SHA-256 hash.
• Appends a portion of this hash (e.g., 4 bits for 12 words) to the entropy.
• This final sequence is split into the word indices.
• During recovery, the wallet verifies the checksum; an invalid word order or typo will cause the check to fail, alerting the user.

Seed phrases use predefined, optimized wordlists (e.g., BIP-39 English list). Key characteristics:

• Contains 2048 simple, distinct words.
• The first four letters of each word are unique, allowing for abbreviated entry in some wallets.
• Words are chosen to minimize confusion (e.g., no similar-sounding words like 'wear' and 'where').
• This standardization ensures interoperability between different wallet applications.

The relationship between the seed phrase and public addresses is a one-way function. This means:

• You can derive all public addresses from the private seed.
• It is computationally infeasible to reverse-engineer the seed phrase from a public address or transaction.
• This property is fundamental to the security model of public-key cryptography used in blockchains.

The single point of failure nature of a seed phrase dictates critical security practices:

• Digital Risks: Storing it on a connected device exposes it to malware, hacking, or accidental deletion.
• Physical Security: Best practice is offline, durable storage on metal plates or in secure locations.
• Never share it or enter it on a website. Legitimate wallets only require it for initial setup or recovery within the application itself.

A secure seed phrase must be generated offline by a trusted hardware wallet or reputable open-source software. Never generate one on a website or a device connected to the internet. The process uses cryptographically secure random number generation (CSPRNG) to create 12, 18, or 24 truly random words from the BIP-39 standard wordlist. Key principles:

• Generate in a private, physically secure location.
• Verify the wallet is genuine and its software is not compromised.
• The phrase is created once; you should never need to see it again after secure backup.

The primary backup must be physical and durable. Write the phrase by hand on a purpose-made steel backup plate or indelible ink on archival paper. Critical rules:

• Never store a digital copy (no photos, cloud notes, text files, or emails).
• Create multiple copies stored in separate, secure geographic locations (e.g., home safe, safety deposit box) to protect against fire or flood.
• Shamir's Secret Sharing (SLIP-39) is an advanced method to split a secret into multiple shares, requiring a threshold (e.g., 3-of-5) to reconstruct, reducing single-point failure risks.

Violating these rules dramatically increases the risk of total fund loss.

• Never share your seed phrase with anyone, for any reason. Legitimate services will never ask for it.
• Never type it into a computer or phone unless absolutely necessary for recovery onto a hardware wallet.
• Never use it to "connect" to a website or dApp; that is the function of derived private keys.
• Beware of social engineering and phishing attacks designed to trick you into revealing the phrase.

Practice recovering your wallet with your seed phrase immediately after generation while the funds are negligible. This verifies the backup is correct and you understand the process. Use a temporary, clean device if possible. Steps:

1. Wipe/reset your hardware wallet.
2. Use the "Restore" or "Recover" function.
3. Input your seed phrase in the correct order.
4. Verify the generated public addresses match your original ones. This proves you can regain access if your primary device is lost.

A BIP-39 passphrase adds an extra, user-created word (or string) to your seed phrase, creating a completely new set of accounts. This is not a 13th/25th word in the sequence, but a separate component. Security benefits:

• Acts as a "salt," protecting against physical theft of your seed phrase backup.
• Creates a hidden wallet; without the passphrase, the attacker sees only a decoy wallet.
• Crucial: The passphrase is not stored by the wallet and must be memorized or stored separately from the seed. If forgotten, funds are permanently lost.

Plan for secure transfer of assets in case of incapacity or death. A seed phrase stored in a single location is a liability. Best practices:

• Use a multi-signature wallet requiring approvals from trusted family members or legal entities.
• Place seed phrase backups in tamper-evident bags within safety deposit boxes accessible to heirs.
• Provide clear, secure instructions (without the phrase itself) in a legal will or with an attorney, detailing how to access the separate storage locations and any required passphrases.

A common error is assuming any set of 12 common words is a valid seed phrase. In reality, a valid mnemonic must be generated from the official BIP-39 wordlist and include a final checksum word. Randomly chosen words will fail the checksum and cannot generate a valid wallet. The wordlist is designed to avoid lookalike words (e.g., 'cat' and 'cats') to prevent input errors.

The seed phrase itself is not a file stored on your phone or computer. It is a human-readable representation of the master private key. When you create a new wallet, the software generates this key and its mnemonic representation. The only persistent copies are the ones you physically write down. Deleting a wallet app does not delete your seed phrase; it merely removes one interface to the keys derived from it.

Capturing a screenshot or digital photo of your seed phrase fundamentally compromises its security. This creates a permanent, easily exfiltrated digital copy vulnerable to:

• Malware and screen-scraping viruses
• Cloud backup synchronization (e.g., iCloud, Google Photos)
• Physical device theft A proper backup is offline, analog, and durable, such as words written on a cryptosteel or etched metal plate, stored securely.

While BIP-39 supports 12, 15, 18, 21, and 24-word phrases, a 12-word phrase (128 bits of entropy) is already cryptographically secure against brute-force attacks for millennia. The primary benefit of a 24-word phrase (256 bits of entropy) is not practical security against guessing, but a more robust checksum that helps detect manual entry errors. The weakest link is almost always user opsec, not entropy length.

A seed phrase is a recovery mechanism, not a password. You should only need to use it in two scenarios:

1. Recovering access to your wallet on a new or reset device.
2. Importing your keys into a different wallet software. Typing it regularly into apps or websites dramatically increases exposure risk. For daily transactions, use derived public addresses and confirm with your wallet's normal interface (PIN, biometrics).

If you lose your seed phrase but still have an active wallet app, your funds are at extreme risk. The wallet is a temporary window. If the app is deleted, the device fails, or you upgrade phones, access is permanently lost. Conversely, if someone else finds your written phrase, they can instantly drain all assets from all derived accounts, regardless of your current device's status. Control is defined solely by possession of the seed.

A public key is derived from the private key using elliptic curve cryptography and can be safely shared. It is used to generate a public-facing wallet address, which is an alphanumeric string where users receive funds. The critical relationship is: Seed Phrase → Private Key → Public Key → Wallet Address. Anyone can send to the address, but only the holder of the originating private key can spend from it.

An HD Wallet is a system defined by the BIP-32 and BIP-44 standards that generates a tree of keys from a single seed phrase. This allows users to:

• Manage multiple accounts and addresses from one backup.
• Generate new public addresses without accessing the private key.
• Maintain a clear, organized structure for different cryptocurrencies. The seed phrase is the root seed of this entire hierarchical structure.

A key derivation path is a notation (e.g., m/44'/60'/0'/0/0) that specifies how to navigate the hierarchical tree of an HD wallet to derive a specific key pair. It defines:

• The coin type (e.g., 60 for Ethereum).
• The account number.
• The change address type (internal/external).
• The address index. Different paths allow one seed phrase to manage keys for Bitcoin (m/44'/0'), Ethereum (m/44'/60'), and other networks.