Mnemonic

A mnemonic is a group of easy to remember words generated from the entropy. It is used to generate a seed, which will be used to derive a HD wallet. It first appeared in BIP39, which is a standard for mnemonic generation.

Entropy

Entropy is a measure of randomness. The more entropy, the more secure. A bit is the smallest unit of data in a computer. It can be either 0 or 1.

We use the crypto.getRandomValues() function to generate random bits. This function is available in modern browsers and Node.js. Learn more on MDN

Entropy to Mnemonic

A mnemonic is a group of easy to remember words generated from the entropy. The valid number of words for a mnemonic is 12, 15, 18, 21, or 24. Different numbers of words require different lengths of entropy.

It takes 2 steps to convert an entropy to a mnemonic:

Checksum

By adding a checksum to the entropy, we can make the mnemonic self-verifiable. This is useful fot detecting errors when fat fingering the words.

The checksum is the first 4 bits of the SHA256 hash of the entropy.

For different lengths of entropy, the checksum will be different. A 128 bits entropy will have a 4 bits checksum.

Entropy

SHA-256

Checksum

Entropy (bits)	Checksum (bits)	Entropy + checksum (bits)	Mnemonic length (words)
128	4	132	12
160	5	165	15
192	6	198	18
224	7	231	21
256	8	264	24

1215182124

🎲

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

0

1

1

TOTAL 132 BITS

Map to Words

The entropy itself is 128 bits, plus 4 bits for the checksum, for a total of 132 bits.

All 132 bits can be divided into 12 groups of 11 bits each.

The 11-bit binary number can convert to a decimal value between 0 and 2047.

We can use this value as an index to get a word from the BIP-39 wordlist.

The BIP-39 wordlist contains 2048 words. Supports multiple languages. The mostly used language is English.

The 2048 English words are choosen in a way that the first 4 letters of each word are unique. This way, the first 4 letters are enough to identify a word.

1215182124

🎲

0 0 0 0 0 0 0 0 0 0 0	#0	1abandon
0 0 0 0 0 0 0 0 0 0 0	#0	2abandon
0 0 0 0 0 0 0 0 0 0 0	#0	3abandon
0 0 0 0 0 0 0 0 0 0 0	#0	4abandon
0 0 0 0 0 0 0 0 0 0 0	#0	5abandon
0 0 0 0 0 0 0 0 0 0 0	#0	6abandon
0 0 0 0 0 0 0 0 0 0 0	#0	7abandon
0 0 0 0 0 0 0 0 0 0 0	#0	8abandon
0 0 0 0 0 0 0 0 0 0 0	#0	9abandon
0 0 0 0 0 0 0 0 0 0 0	#0	10abandon
0 0 0 0 0 0 0 0 0 0 0	#0	11abandon
0 0 0 0 0 0 0 0 0 1 1	#3	12about

Mnemonic to Seed

A seed is a 512-bit (64-byte) value generated from mnemonic . Will be used to derive the master extended key. We will cover this in the next section.

You may have noticed that the length of a mnemonic is not fixed, but the seed requires exactly 512 bits. To achieve this, the mnemonic needs to be processed through a function called PBKDF2 (Password Based Key Derivation Function 2).

PBKDF2

PBKDF2 is a key derivation function with a sliding computational cost. It is used to protect against brute-force attacks by increasing the cost of key derivation. Briefly, it will hash the data for 2048 rounds using HMAC-SHA512.

PBKDF2 is designed to be slow by hashing the data for 2048 rounds. Make it more difficult for anyone to brute-force other people's mnemonic sentences.

Last generation took 0ms on your device.

PBKDF2 accepts a "Passphrase" as a salt. Different Passphrase produce completely different seeds from the same mnemonic

Most wallets use an empty string as a Passphrase. If you use a Passphrase, make sure you remember it. Losing it will result in the loss of all funds.

This seed will be used to derive a HD wallet.