This guide provides a technical overview of how hierarchical deterministic (HD) wallets are generated and backed up using standards like BIP39, BIP32, BIP44, and PBKDF2. These standards are widely adopted by cryptocurrency hardware wallets, such as Trezor, Ledger, and SafePal, ensuring compatibility and security across different platforms.

Resources

Overview

Modern cryptocurrency wallets rely on a set of standards that define how private keys and addresses are generated, managed, and backed up. These standards enable users to recover their wallets across different devices using a single mnemonic seed phrase and optionally a passphrase. The key standards involved in hierarchical deterministic wallet generation are:
  • BIP39: Defines how to generate a mnemonic seed phrase from random entropy.
  • PBKDF2: A cryptographic function that converts the mnemonic and passphrase into a secure binary seed.
  • BIP32: Defines how to create a hierarchical deterministic (HD) wallet from the binary seed.
  • BIP44: Extends BIP32 by organizing keys into a multi-account hierarchy for various cryptocurrencies.

Key Concepts

BIP39: Mnemonic Seed Phrase

  • Mnemonic Seed Phrase: A human-readable 12-24 word phrase that is generated from random entropy. The seed phrase is used to recover the entire wallet.
  • Checksum: The last word of the seed phrase contains a checksum to validate the mnemonic.
  • Passphrase: An optional string that can be added on top of the seed phrase to generate a different set of addresses (also known as the 25th word).

PBKDF2: Key Derivation Function

  • PBKDF2 (Password-Based Key Derivation Function 2) is used to convert the mnemonic seed phrase (and optional passphrase) into a binary seed. It applies 2048 iterations of HMAC-SHA512 to slow down brute-force attacks.

BIP32: Hierarchical Deterministic (HD) Wallets

  • BIP32 defines how to create a hierarchical deterministic wallet. From a single master private key (derived from the binary seed), multiple child keys can be generated. This allows users to manage multiple addresses and accounts from a single seed.

BIP44: Multi-Account Hierarchy

  • BIP44 extends BIP32 by defining a 5-level path notation (m/44'/coin_type'/account'/change/address_index) that organizes keys and addresses for multiple cryptocurrencies and accounts.
    • Coin Type: Specifies the cryptocurrency (e.g., 60' for Ethereum, 0' for Bitcoin).
    • Account: Allows for multiple accounts within the same wallet.
    • Change: Indicates whether the address is for external transactions (0) or internal change (1).
    • Address Index: Specifies the index of the address being derived (e.g., 0 for the first address, 1 for the second, etc.).

Flow of Wallet Generation

The following diagram illustrates how the different standards interact to generate a hierarchical deterministic wallet.

Bip39 HD Wallet Creation

Step-by-Step Flow

  1. BIP39 Mnemonic Seed Phrase:
    • The process starts by generating a BIP39 mnemonic seed phrase consisting of 12-24 words. This phrase represents the entropy used to derive the wallet.
    • Optionally, a passphrase can be added to provide an additional layer of security.
  2. PBKDF2 Function:
    • The mnemonic and optional passphrase are passed through the PBKDF2 function. This function applies 2048 iterations of HMAC-SHA512 to derive a binary seed from the mnemonic.
  3. Binary Seed:
    • The binary seed is the output of the PBKDF2 function. It is a secure, random value that will be used to generate the master private key.
  4. BIP32 Master Private Key:
    • The binary seed is used to generate the BIP32 master private key and master public key. These keys form the root of the hierarchical deterministic wallet tree.
  5. BIP44 Path Notation:
    • Using the BIP44 path notation (m/44'/coin_type'/account'/change/address_index), child keys are derived from the master key.
    • The path notation allows for the organization of multiple cryptocurrencies (via coin_type), accounts, and addresses.
  6. Derived Addresses:
    • From the BIP44 path, different addresses are derived for different cryptocurrencies and accounts. For example:
      • m/44'/60'/0'/0/0: First Ethereum address for the first account.
      • m/44'/0'/0'/0/0: First Bitcoin address for the first account.
      • m/44'/60'/1'/0/0: First Ethereum address for the second account.

Complete Table of Standards

ConceptDescription
BIP39Defines how to generate a mnemonic seed phrase (12-24 words) from a random entropy value. The seed phrase is used to derive the master key.
Seed PhraseA 12-24 word mnemonic from the BIP39 word list, validated with a checksum. Used to derive the master private key.
PassphraseAn optional, arbitrary string (not limited to BIP39 words) that adds extra security by generating a different wallet.
BIP32A standard for generating hierarchical deterministic (HD) wallets from a single seed, allowing multiple addresses/keys to be derived.
BIP44A standard that defines a multi-account hierarchy for deterministic wallets. It uses a 5-level path notation to organize accounts, coins, and addresses.
PBKDF2A cryptographic function used to derive a secure key from the seed phrase and passphrase, with 2048 iterations.

Conclusion

This guide provides an overview of how hierarchical deterministic (HD) wallets are generated and backed up using BIP39, BIP32, BIP44, and PBKDF2. These standards ensure that users can securely manage multiple cryptocurrencies and accounts from a single seed phrase, while maintaining compatibility across different wallet platforms like Trezor, Ledger, and SafePal. By understanding these standards, you can better appreciate how wallet security, recovery, and address generation work in the background, enabling a seamless and secure user experience across various cryptocurrency platforms.