Modern HD Wallets enable the wallet owner to create an infinite number of secret wallets backed up with one single recovery seed plus the 25th word passphrase.   Hierarchical Deterministic wallets, also called HD Wallets, were introduced as part of the Bitcoin Improvement Proposal #32 (BIP 32).  Key Terms HD Wallet Passphrases:

1. BIP: Short for Bitcoin Improvement Proposal which is the method to propose, discuss and implement Bitcoin Blockchain features, upgrades and/or information.
   1. BIP-32 – the 32nd Proposal which introduced HD Wallets
   2. BIP-39 – the 39th Proposal which implemented mnemonic phrases from a ‘word list’ that can be converted to binary seeds to create deterministic wallets.
   3. BIP-44 – the 44th Proposal which improves on BIP-32 to allow “handling of multiple coins, multiple accounts, external and internal chains per account and millions of addresses per chain” using prefixes (xpub/xpriv) for extended keys.
2. Wallet: software that generates a public and private key pair to allow users to transact and store cryptocurrency.  
3. Seed Phrase: A string of 12 or 24 words derived from your private key that can be used to restore, recover and access your crypto wallet.  (aka – ‘seed’ ‘master seed’ ‘phrase’ ‘mnemonic seed’, ‘recovery seed’, ‘backup seed’, ‘recovery phrase’ or ‘secret code’) 
4. Passphrase: Optional ‘25th word’ a user can add to their 24 word mnemonic seed phrase to unlock hidden wallets.  (aka – ‘wallet seed extension’)
5. PIN: Enter your PIN or PIN code on a hardware wallet to restrict access to your device.  Some wallet providers, like Ledger, offer an option to create a second PIN.
6. Wallet Password – software wallets, or hot wallets, may require a password separate from your PIN, Passphrase, or Recovery Seed.  The password is used to access the software wallet and in some cases it’s used to encrypt files stored on your computer.
7. Extended Keys (XPRIV & XPUB) – HD Wallets use a master key pair called the Extended Private Key (xpriv) and the Extended Public Key (xpub).  These extended keys are used to derive subordinate child keys which are used to create an infinite number of public addresses from one single master key pair or extended keys.  

Pro Tip – Your 12 or 24 word recovery seed phrase can be used to access, recover, and restore your wallet on ANY third-party software wallet (ie – Electrum or Sparrow) or hardware device (ie – ColdCard, BlockStream Jade, or Ledger) regardless of what service you used to create it.   The wallet may contain multiple addresses with each address having a corresponding public key cryptographically derived from an extended private key.   These different addresses are often referred to as ‘accounts’ within the wallet.  If you use the Ledger hardware wallet, the software program defaults to creating a unique Bitcoin address for every transaction to enhance your privacy on the network.   Your public key is like your bank account number and your private key is like your bank account password.  Each unique key pair derives a public address which the ‘receiver’ shares with the ‘sender’ to initiate a transaction.   Can I use one single recovery seed for different blockchains? Yes, your HD wallet generates one single recovery seed phrase which thanks to the BIP-32 cryptographically derives (via derivation path) and stores the public key and private key pair for each different cryptocurrency ‘wallet chain’ and the various sub-accounts.   Your seed phrase is used for backing up and recovering your wallet, most commonly with a hardware device (cold wallet).  The seed phrase represents the master key pair which includes the extended private key (XPRIV) and extended public key (XPUB).   XPRIV generates new private keys while XPUB is used to display the balances of each public key in your wallet for each different crypto account.   In essence, your seed phrase secures the extended private key which is used to generate a pseudononympus identity for every public address (key pair) you create inside the wallet used to send or receive Bitcoin (or other crypto). You DO NOT need to generate a unique backup recovery seed for the different crypto blockchains (Bitcoin, Ethereum) or their (sub)accounts (addresses) stored on the HD Wallet thanks to the BIP32 deterministic method of deriving key sets…
Click To Tweet
Private keys are used to derive a public key but public keys CANNOT be used to derive a private key.   In a Bitcoin transaction, a ScriptPubKey ‘locks’ bitcoin to the receiver’s address which is a hash (shortened version) of the receiver’s public key.   For example, Pay-to-Public-Key-Hash (P2PKH) is the most common ‘locking script’ compared with an alternative, Pay-to-Public Key (P2PK).  P2PK locks bitcoin to a public key and P2PKH locks bitcoin to a hash, or shortened version, of the public key.  The permissionless nature of most blockchains (Bitcoin, Ethereum) enables the end user to safely and autonomously migrate all crypto accounts in their wallet to different wallet providers using the same original 12 – 24 word backup recovery seed.  Pro Tip: If you are using a recovery seed to migrate from one wallet provider to another (ie Ledger to ColdCard), make sure you confirm that the new wallet provider supports all of your cryptocurrency accounts (Ethereum, Bitcoin, Filecoin etc). How to create a BIP 32 Deterministic Key BIP32 HD wallets allow keys to be organized in a hierarchical, multi-level tree structure to send and receive from an unlimited number of different wallets and accounts (sub-accounts) under a single HD Wallet.   The (1) Seed Phrase represents the (2) Master Key – Extended Private Key with an extra 256 bits of entropy/randomness to create (3) Child Keys and even (4) Grandchild Keys.  HD Wallets (Type 2) were introduced via the Bitcoin Improvement Proposal #32 (BIP32) in 2012 to improve privacy & usability as an alternative to Bitcoin Core ‘Qt’ Wallets which required physical private key backups or hard drive storage on your computer (filename: wallet.dat) for every address key pair you manage.   With HD Wallets, you can always generate the same set of keys from the extended master private key without ever revealing the corresponding private keys.   The only limitation imposed is related to the available storage (~1.5MB) available on a specific hardware wallet and varies depending on the manufacturer. You can try it for yourself using this Deterministic Key Generator tool. Step 1:  Follow the instructions to enter your entropy, which is a mathematical word for randomness.   For example, you could roll a 6 sided dice 53 times and enter the result in order after each roll.   You could also flip a coin 53 times, entering ‘1’ for heads and ‘2’ for tails to create your own randomness (entropy). Step 2: (optional) enter an ‘optional password’ commonly referred to as a password or passphrase.   Step 3: Select whether you want a 12 or 24 word BIP39 phrase (seed phrase/recover seed) and click ‘Generate New Phrase’. Voila!  After some complicated behind the scenes hashing, salting, and checksum operations you just created a new Bitcoin address with the corresponding public and private key pair.   The backup phrase provided was generated from the BIP39 word list which corresponds to a numeric number converted from the output of the key generator which uses entropy. Step 4: (optional) Scroll down the page, select ‘External account (master)’ from the Derivation Path dropdown.  Examples below:

• Path m/0 = The first (0) child private key derived from the master private key (m)
• Path m/0/0 = The first grandchild private key derived from the first child (m/0)
• Path m/1/0 = The first grandchild private key derived from the second child (m/1)

The Account (k) field is where you can enter a number to represent an additional key pair.   We can enter the number 3 to generate the (public/private) key pair for the third Bitcoin address in our HD wallet.  This is the logic that cold wallet device manufacturers like Trezor and Ledger use to generate new, pseudonymous addresses that are not publicly connected but stored within the same wallet.  Here’s a link to their documentation. The example below displays the public and private keys generated based on the account number I enter.   Note: Notice how the ‘BIP 32’ Extended Key, at the top of the image, DOES NOT change.   With HD Wallets, the public and private key pairs are generated from an extended master private key which can be unlocked/restored with a 12 – 24 recovery seed phrase that you must backup and keep secure.  Pro Tip: Generating a paper wallet, like the example above, is not our recommendation because using an online key generator introduces risk (keylogger, bad actor, malware).  You could opt to use a more advanced, secure, and self-contained (air-gapped) option following these instructions (alternative) or allow your wallet provider to generate the private key (and recovery seed). What’s the chance of generating the same private key as someone else? A private key is just a number that can be randomly generated like we just showed in the example above.   Technically, someone could accidentally generate the same BIP39 recovery seed when they are setting up a new wallet.  This is called key collision. The chances of generating the same private key as someone else is 2^256 which is approximately 10^77 Nerd alert – 2^256 (1.15 quattuordecillion) = 1.157920892373162e+77 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 For example, let’s assume that Bitcoin goes through a mass adoption and at some point in the future there are 10 TRILLION addresses (currently ~500 Billion w/ only 30 Million holding Bitcoin).  So, 30 Million to 10 Trillion is a HUGE leap, but let’s keep at it.  If those 10T addresses were evenly distributed, there would still be gaps of 10^64 between each.  Remember we started with 10^77 as the total number of possible addresses.   Your private key is statistically impossible for someone or some quantum computer to guess in the next 10^23 millennia because the number of combinations is comparable to the quantity of atoms in the universe.  So, you’re saying there’s a chance. Bitcoin Wallet Passphrases Buttcoiners and FUD-spreaders are happy to talk about hacking, stealing, scamming or even accidental ‘key collision’ resulting in an unauthorized party having access to your coins because they have your recovery seed. Technically someone could generate the same private key on the first guess.  Unlikely, but possible.  Or maybe you fell victim to a phishing attack or clicked a bad link.   Pro Tip: Never.  Never ever. Never ever type in your seed phrase on ANYTHING other than a cold storage device.  Your hardware wallet’s sole purpose is to be the ONLY thing that can safely accept your recovery seed.  If you have any questions, ask us at team@stratus.io and remember that we will not ask for your seed.   Passphrases are optional and add additional data to the master seed before the extended private key is generated.   Adding a passphrase to your randomly generated private key is the easiest way to protect your wallet from key collision with the drawback of having one additional word or number to backup and keep secure. With a 13th or 25th word BIP-39 passphrase, If someone acquired your seed through hacking or happenstance, they would need both your backup recovery seed + your passphrase to access your passphrase-secured accounts. By default, every wallet uses a ‘blank’ passphrase.  Adding a passphrase replaces the default ‘blank’ placeholder with a ‘string’ (case sensitive letters/words/numbers) that replaces the default ‘blank’ passphrase field. A passphrase offers the greatest value by adding an additional layer of security if your seed phrase is discovered or accidentally revealed to someone.  Pro Tip: A ‘passphrase’ and ‘BIP-39 Passphrase‘ are used interchangeably. A passphrase option is available on BIP-39 compatible wallets which use the list to generate your 12/24 word recover seed. However, your passphrase is NOT limited to one of 2,048 words the BIP-39 list and we strongly encouraged you to use, backup and secure a unique alphanumeric passphrase. How do I set up and recover a passphrase wallet? Depending on the requirements of the wallet provider, a passphrase is CaSe sensitive and can be any combination of numbers, letters, and symbols.  Common words could be brute forced, so consider adding randomness using 12 upper/lowercase letters and numbers.  Some providers may present an option to select a word from the predefined list of 2,048 BIP-39 word list.   You’ll need to decide if simplicity (memorable passphrase) is more important than advanced security (random words/numbers).   Passphrases DO NOT get stored on your device.  Your wallet will combine the recovery seed + passphrase to create a new, unique passphrase-secured private/hidden wallet.  For exmample:

• Wallet A = recovery seed + {default empty passphrase}

• Wallet B = recovery seed + passphrase1

• Wallet C = recovery seed + passphrase2

• Wallet D = recovery seed + passphrase3

If someone generated the same private key by rolling dice or flipping a coin, your passphrase enhances your entropy by adding an additional word (or number) that can’t be randomly generated.   Pro Tip: Best practice is to store your passphrase separately from your backup recovery seed when you self-custody your bitcoin.  Even if you have your recovery seed accessible, if you lose (or forget) your passphrase, you will lose your coins! Accessing your hidden/secret wallets to make a transaction is as easy as accessing your standard wallet then entering your passphrase in where prompted.   If you enter the wrong passphrase, your wallet is NOT able to tell you that it’s incorrect because technically there are no wrong passphrases.  If you enter the wrong passphrase, a NEW hidden/secret wallet will be created for use.  You will need to reset and try again if your passphrase entry does not access the wallet you expected.   The only way to know if you entered the correct passphrase is by the contents of the wallet funds.   You may be wondering, how can I reset or change my passphrase?  You can’t reset or change your passphrase.  Each passphrase you enter accesses a different wallet.  If you want to use a different passphrase, then generate a new passphrase wallet and send bitcoin to this wallet. For example, if you use Trezor watch this video showing how to create hidden wallets and use 3rd party apps like MetaMask or hardware devices like ColdCard with a passphrase. Can I use a second PIN as a passphrase? On some devices, like Ledger, you can create a second PIN for your hardware wallet that uses a PIN to unlock a specific passphrase protected secret wallet.  Entering the second PIN accesses the hidden accounts.   On a Ledger wallet device, you have two options for the second PIN passphrase:

• Attach to Pin: Your device has a standard non-passphrase wallet accessible by your primary PIN.  If you turn your device off, then back on and enter the secondary PIN, your device will allow you to manage your hidden wallets.
  • With Attach to Pin you selected from the device menu, confirm your secondary PIN then confirm a passphrase.  You still have a passphrase, but don’t have to enter it because the PIN serves as a proxy for the passphrase.
  • You can only create one (1) secondary PIN if you select the Attach to Pin.  Creating a separate passphrase attached to a PIN overrides the first PIN code + passphrase combination.  You can still access the overwritten secret wallet by recovering the wallet with a seed and the original passphrase.  

• Set as Temporary: A temporary passphrase generates new accounts on your device for the remainder of the session.  When you turn your wallet off then back on, navigate to the passphrase menu and click ‘set secret passphrase.’  If you want to access a passphrase wallet, enter the passphrase then your primary PIN to validate.
  • Note: This does not assign a PIN to the passphrase like the ‘attach to PIN’ option.  

Generating a Private Key with Passphrase Example:   When we created the master keys in the previous example, we were provided with a recovery seed, private key, public key, public address and an extended key (XPRIV).  12 word recovery seed: banana code hard debate vague ecology mistake sick present prepare nasty manage Private Key (WIF*): L2qM2hSYeC9TW9LhUwtzQMHhaKzeyoNULmuzDQkaiynVaDyByDtR *WIF – “wallet import format” is the standard alphanumeric private key format.   Public Key (hex): 02054f43aa816fe14d4d38a3c01af02844b0366aad8e7a6865780c57062269e05b Public Address: 1EGxUj4NEuXyWoKfGPGhhCHbWAv6LrL5xP Extended Key:  xprv9s21ZrQH143K3FUHuKDbffdt4TYNYigit28odBvz9HZ2QZdu6rybiqDVxpUYoyudsv9tebfY2iJmZke6LDR3EeaVVTQBH3ZgbTBmsTM8wyH Adding a Passphrase “btc” to the backup recovery seed generated a new private key, public key, public address and an extended key (XPRIV). Extended Key with Passphrase: xprv9s21ZrQH143K3QaGxe5JD5rgtHdQmvLZMxM6LBGwgDYEX7jDLXxkjPyV2bsM6RNe8eE8uqicqWRmRoqTF7GkJzmoss64Ua1M92SkVRE8bML It’s like having a completely different wallet with an infinite number of addresses and backed up with the same recovery seed.  Adding a 25th word passphrase creates an entirely NEW wallet with an infinite number of addresses and backed up with the same recovery seed + passphrase. This is the beauty of deterministic wallets which use cryptography to easily derive secure keys to transact with.  Prior to HD wallets, every time you created a new address you were given a new recovery seed to backup to recover the wallet.   HD Wallet Privacy  New key pairs can be derived for each transaction which helps to keep your transactions more private compared to using the same key pair every time you send or receive Bitcoin.   The organizational structure of HD Wallets increases privacy, compared to non deterministic, because if ‘branch A’ is used to receive Bitcoin, ‘branch B’ is used to receive Bitcoin a change outputs within the same wallet.   Another major privacy benefit for HD Wallets is being able to generate and use different public keys in transactions received while eliminating the need to provide the corresponding private key. The Bitcoin blockchain is a public network.   Re-using an address allows anyone with a blockchain explorer to view your transaction history and balance.   Many HD Wallet hardware devices are programmed to generate a new address for every transaction.   The addresses (key pairs) are maintained within your wallet under the same account while being publicly disassociated from each other on the network thanks to the extended public key (XPUB).   Pro Tip: multiple passphrases can also be used to categorize different wallets depending on the transaction type for each.  For example: Passphrase A for your Dollar Cost Averaging (cap gains tax reporting).  Passphrase B for sending/receiving with friends or family.  Passphrase C for merchant transactions.   EVERY passphrase needs to be backed up separate from each other and your recovery seed!! HD Wallet Security You should have a plan for backing up and safely storing your recovery seed to prevent unauthorized access to your wallet(s). Being in your own bank means that you are free to manage a personal strategy for Crypto Operational Security. Hardware wallets store your keys offline and even protect your keys and crypto if you plug your cold wallet into a computer infected with malware.   Most cold storage devices require you to enter a 4-8 numeric Pin (Pin Code) during setup.   If you want to make a transaction, you must physically enter the correct Pin on the hardware device to access your accounts.   Pro Tip: Some wallet manufacturers have a ‘kill switch’ that wipes your device after a fixed number of incorrect PINs have been entered.  If your device is wiped, you can still recover or restore your crypto wallet(s) with your 12-24 word backup recovery seed. You must have a safe, discrete and reliable backup strategy to secure your 1) Recovery Seed, 2) Optional Passphrase(s), 3) physical Hardware Device (cold wallet), and 4) Pin/PinCode. A distributed backup strategy is pretty easy to implement and ensures that your wallet and passphrase backups are stored at different physical locations.   You can deploy OpSec tactics like a honeypot trap to further reduce your risk of losing crypto due to a random collision event, unauthorized discovery of your physical backup(s), or a malicious 3rd party phishing/malware hack. Setting up a Crypto Honeypot Trap Example: 

1. On your device, create a new wallet or select an existing wallet. (‘Wallet A’) 
2. Next, find the setting to add/create a passphrase.
3. Enter a new passphrase or select from the provided list of BIP39 words (if applicable).  Immediately write down your recovery seed and passphrase which will need to be backed up (separately) ASAP!
4. A new wallet ‘Wallet B’ is created and accessible on your device using the passphrase.  Copy the public address and write this down.  Reset your wallet then restore the wallet from the backup seed + passphrase.  Compare the public address to ensure they match.  Repeat this process when creating new passphrase protected wallets.  
5. You can create additional passphrase protected wallets (Wallet C, Wallet D).  An Extended Public Key (XPUB) is generated for each wallet allowing normal transactions.
6. Transfer your bitcoin from Wallet A to Wallet B leaving a small amount in Wallet A.  Pro Tip: Taking this up a notch, you can ‘remove’ Wallet B (passphrase) from your wallet provider’s UI (ie – Ledger Live) if you’re concerned about the unlikely hack-at-home.
7. Next, set up a watch-only wallet, like Blue Wallet.  Provide your public address, xPUB (start w/ 1), yPUB (starts w/ 3) or zPUB (starts w/ bc1).
8. Create an alert in the watch-only wallet for Wallet A (honeypot).  If any Bitcoin moves out of Wallet A, you know that your recovery seed has been compromised though you may still have time to transfer Bitcoin before the bad actor uses brute-force to identify your hidden wallet(s) (Wallet B/C/D).
9. Generate a new set of master keys and a fresh recovery seed by creating a new wallet (software or new device) and copy the public address.
10. Create a transaction in Wallet B to send your bitcoin balance to the public address of the new wallet which is secured by the new recovery seed and optional passphrase.  This is called ‘sweeping’ (aka – key rotation).  The network transactions fees are a small price to pay for peace of mind and an enhanced security protocol.
11. Repeat steps 1-8 and review your backup strategy identifying if the breach was a) physical discovery of your seed, PIN, and/or passphrase, b) random collision, c) whether you suspect you’re being targeted with malware or other internet vulnerability and/or d) on a regular (semi/annual) basis.     

*Note: Most wallet providers require you to first create a wallet before adding a passphrase to it. Adding a passphrase to an existing wallet or new wallet actually creates a new hidden (secret) wallet.   Always refer to your wallet provider’s FAQ/help to confirm. The hacker or bad actor (and anyone else) who compromised your account can view the transaction, including the new bitcoin address on a blockchain explorer but they will be back to square one in attempting to crack your new seed + optional passphrase unless you fail to properly secure your digital and physical environment.    If your new wallet is compromised, it’s safe to assume that you’ve either been physically breached or there is malware installed on your computer.  Time to audit and wipe.   This scenario is not very likely to happen.  A honeypot trap is relatively simple to set up but introduces a vulnerability of losing or failing to secure your seed and passphrase backups. Do whatever makes you most comfortable and helps you to sleep at night.   How to Create a Bitcoin Duress Wallet: Imagine you’re walking out of an airport and get rushed into a car and driven off to an isolated location.   There’s a great big man holding a wrench and your hardware wallet.  He’s going to steal your crypto.  You have two choices 1) enter your PIN or 2) prepare to get hit with the wrench until you cave in and give him the PIN code anyways.   You tell him that you lost your coins in a boating accident but he can have whatever is left. This next step is important.  When he hands the device back, enter the PIN for the main wallet you created after reading the next section and completing the setup for your duress wallet. 

1. Reset your device or use a secondary device to create a new wallet (Wallet B) and write down the recovery seed so you can back it up. Generate a receiving address in Wallet B and copy/paste to use later.  
2. Next, follow the ‘Wallet B’s’ instructions to create a new wallet with a passphrase (back this up) which creates a new passphrase protected wallet we’ll call Wallet B-Passphrase. This new wallet is recoverable with the same recovery seed as Wallet B + passphrase.
3. Generate a receiving address for this passphrase wallet and copy/paste to use later.  

Pro Tip: test the recovery process and confirm addresses before moving on to the next step and adding Bitcoin to the duress wallet.  

4. Now is a great time to review and implement this UTXO management, consolidation and key rotation strategy.   
5. Depending on your personal preference and current wallet setup here are a few options to consider to setup your duress wallet similar to creating a honeytrap:
   1. Option 1) If you’ve completed your UTXO audit and identified the unassociated addresses in Wallet A, you can plan out several smaller transactions at varying times to send to Wallet B’s Address #1.  This is the only scenario I’d recommend re-using an address.  After the transactions have been confirmed, you can consolidate the UTXOs.  Alternatively, create multiple addresses in Wallet B and consolidate those UTXOs.
   2. Option 1) If you have some crypto on an exchange, this is a great opportunity to transfer a small but meaningful amount to your new ‘main’ non-passphrase address.  Consider transferring the majority of your Bitcoin to Wallet B’s passphrase address as long as you have a solid backup process in place.
   3. Option 2) If all of your Bitcoin is in cold storage, transfer some crypto back to an exchange, wait 24 hours then transfer to your new ‘main’ non-passphrase address.  You won’t necessarily be participating in a transaction with the same traceable UTXOs.
   4. Option 3)  If your Bitcoin is associated with a wallet that has been publicly associated with your identity or has been used incorrectly by commingling Bitcoin, it’s time to hit the reset button and transfer back to an exchange.  

The downside to washing your Bitcoin with an Exchange transfer is that all the attacker needs to do is force you to log in to an exchange where they can see the addresses you sent or received to/from.  They may have already hacked your email and know that you hold crypto on Binance and Coinbase.  Non-KYC exchanges, mixers or P2P transfers are alternatives but be sure to check the laws affecting your jurisdiction.

6. Make note of which wallet is the decoy.  Your primary wallet should not have the majority of your crypto.  Wallet B could be the decoy/duress wallet with the majority of your Bitcoin stored elsewhere like a passphrase wallet.  
7. Transfer a small, but meaningful enough amount of crypto in multiple transactions from various wallets to make it look like there’s real activity. (Keep the remaining crypto in other ideally unconnected passphrase wallets)
8. When forced to hand over the goods, remember to use the correct passphrase for the ‘duress/decoy’ wallet which creates plausible deniability of your real holdings.

Even the best laid plans are still susceptible to unknowingly making poor choices for your personal Bitcoin security. The most vulnerable crypto storage scenarios include:

• You’re forced to open up your exchange or other mobile wallet app on your iphone and transfer your Bitcoin to the assailant.
• Your computer is compromised with malware that infiltrates your browser based wallet.
• A Bitcoin dusting attack to dox your identity.
• Accidentally blind signing a smart contract and getting your wallet drained. 
• Losing your Bitcoin backup recovery seed because you outsmarted yourself.

Hidden wallets with passphrases on cold storage devices offer reliable protection against attack as long as you keep them secret and maintain a backup recovery plan.   Note: Stratus does NOT provide investment, legal or tax advice.  All information in this article is for educational purposes and should not be interpreted as investment, legal or tax advice.  The opinions expressed are those of the author for informational purposes and neither Stratus nor the author are liable for any errors, inaccuracies or omissions.  Digital assets, such as cryptocurrencies or decentralized finance, present unique risks for investors.  For investment, legal, tax, or other financial guidance you should consult your own advisor.  The post How to Create Secret Bitcoin Wallets with Passphrases first appeared on Stratus Crypto.

Bitcoin keys and addresses are a string of unique numbers used to send and receive Bitcoin on the network.  Keys and addresses function like a checking account at a bank similar to your checking account number and account password. Your public key is your account number.  Your private key is your account password.   Your address is like your Venmo or Zelle @handle that functions like your account number that is given to the sender who creates the transaction. What is a Bitcoin private key? Your private key is like a password that secures the Bitcoin and is used to sign a transaction which prevents people from sending Bitcoin from your wallet to their address.  A private key is also called a secret key or (SK-secret key). Private keys are randomly generated 256-bit numbers generated by a SHA-256 algorithm.  The number ‘256’ in SHA-256 represents the number of hexadecimal characters produced as an output of the algorithm which represents the data that was encrypted.   Since Bitcoin Core is a computer program run by all nodes, the software must be able to read the information.  Computers like to use Binary, elemental numbers (1s and 0s) to store data in bits.   In the example below, Hexadecimal (hex) and Decimal numbers can be converted to Binary.  These conversions from one format to another are interchangeable and all represent the same private key.  Note: Never share your private key with anyone! Your private key is used to sign a Bitcoin transaction on the network and unlock your Bitcoin UTXOs to spend. If someone has your private key they can drain (sweep) Bitcoin from your account.   Self-custody of your private key is a fundamental right and responsibility of Bitcoin investors. Non-custodial wallets enable you to become your own bank and serve as an alternative solution to 3rd party custodial wallets, like an exchange, used for private key management.  If you are using an exchange wallet (Coinbase) or software wallet (MetaMask), then you do not control your private key.  The ‘hot wallet’ provider is acting as the custodian.  Private keys stored offline in cold storage transfers the custodial risk (hacks, theft, negligence) away from the third party hot wallet provider directly to you.     Most wallet services (hot and cold) provide a way to backup and restore your private key by providing you with a recovery seed phrase (12-24 words) that represents your 256 bit private key. How do I generate a Bitcoin private key offline? Generating a private key is like creating a new bank account to send and receive Bitcoin.   To create a new bank account at Chase you have to fill out a form, provide ID, and receive permission from the bank before you’re given an account number.   At any time, for any reason that same bank could freeze or cancel your account preventing access to your funds at the directive of the government or an employee.   Creating a private key doesn’t require anybody’s permission and effectively creates your own ‘account’ on the Bitcoin Network.  Being your own sovereign bank is liberating and a fundamental right offered by Bitcoin. You can manually create a private key without a wallet provider simply by generating a 256-bit random number.   Here are a few examples of how to generate a private key:

1. Flip a Coin 256 times.  SRSLY.  Get a piece of paper, a pen and a coin.  For each flip, if the coin lands on ‘heads’ record a ‘1’ and if the coin lands on ‘tails’ record a ‘0’.

You now have a private key in binary format.  You can follow these technical instructions to create a public key then a corresponding Bitcoin address.  None of these steps require approval by any authority.

2. If you can code, use something like Python’s random number generator which will spit out a private key in decimal which can then be converted to binary and/or hexadecimal.

3. Another option is an online random number generator, like BitAddress, to generate a private key.  If you choose this option, stay alert and do your own research since you risk a bad actor (site owner) saving your private key and draining your wallet.  

4. A software (hot) wallet can create and store your private key.  You will be provided with a backup and recovery seed in case you get locked out of the account or want to transfer services.   

5. A cold storage hardware wallet will also generate, encrypt and store a private key.  Hardware wallets, like Trezor and Ledger,  make the process really simple by providing a backup/recovery seed and an interface to send/receive Bitcoin.  

Yes, if someone happens to generate the same random 256-bit private key, called key collision, they could technically sweep all of the Bitcoin from your account.   It’s exponentially more probable for someone to have the same fingerprint than it is for a collision event of two people having the same private key.   You’re far more likely to lose your recovery seed phrase. Adding a passphrase to your Bitcoin wallet backup adds another layer of security. If you’re still skeptical about self custody the alternatives include storing BTC on Centralized Custodial Exchanges, like Coinbase, or learning how the Bitcoin ETF works.   What is a Bitcoin public key? The public key (PK) is your account number.   It’s going to be seen by other people.   For example, in real life when you pay a utility bill (gas, water, electric) the paper check that you mail back lists your bank account number.  Bob, who works in the accounts receivable department at the electric company, opens your check and can see your account number because it’s public.  When you transact with Bitcoin, your public address is going to be seen by other people or companies who are using a blockchain explorer.  A public key is cryptographically derived from your private key using SHA-256 and RIPEMD-160 hash functions (algorithms) and stored as a hexadecimal value. The public key is used during a transaction to programmatically lock the Bitcoin UTXO sent to your public address. (h3) How can I get the public key from the private key? Your public key is derived from your private key using a math function, an elliptic curve multiplication (aka – Elliptic Curve Digital Signature Algorithm or ECDSA.) The public key (PK) is a one-way function of the private key (SK) with a cryptographic ‘trapdoor’ to disallow a private key being derived from the public key.  Your public key + digital signature proves that you own your Bitcoin without having to disclose your private key to anyone when making a Bitcoin Transaction. What is a Bitcoin Address? Your Bitcoin Address is a shortened version of your public key that is easier to interact with.  It functions like the @handle you share with others on peer-to-peer instant banking systems like Zelle, Venmo, and Paypal. QR codes are another easy way to share your address and receive Bitcoin: Your Bitcoin public address is computed from the hash of your public key.   Bitcoin software uses the two hash functions (algorithms), RIPEMD-160 and SHA-256, to generate the public bitcoin address derived from the public key. The recipient’s public address receives Bitcoin from the sender’s public address.  Keys and addresses are used in multiple functions aside from just being identifiers of the senders and receivers.   For example, 3 technical functions of a Bitcoin Key Pair are:

• GenerateKeys () – you make a key pair by generating a random secret (private) key and a public key which are used to create a wallet and public addresses.
• Sign(secretKey, message) – the holder of a secretKey can sign a message which creates the signature. 
• Verify(publicKey, message, signature) – anyone with a public key can verify the message + signature which returns a boolean response true/valid =(1) or false/not valid (0).

You can verify this with a blockchain explorer and our guide on how to decode a Bitcoin transaction. H2 Bitcoin Address Formats Bitcoin addresses come in a variety of different formats which can impact the size of the data required to lock or unlock UTXOs spent and received in a transaction.   Your wallet address has a direct impact when calculating the size and cost of a transaction.  

• Pay-to-Pubkey-Hash Legacy Address (P2PKH) is the original address and uses the most data.  It’s a hash of the public key from the private key.
  • Example: 1e16hWo7CShMgbAfo9c3Ykj5C7BLq7Hot (starts with 1)
• Pay-to-Script-Hash (P2SH) ~25% smaller than P2PKH conditional spending address because they do not use hash of the public key but a script instead.
  • Example: 35NShWo7CShMgbAfo9c3Ykj5C7BLq7Not (starts with 3)
• Pay-to-Witness-Public-Key-Hash Native SegWit – Bech32 (P2WPKH) addresses use ~38% less data than legacy and most common address because the sig is not within transaction (in the witness token) and a checksum to detect and correct errors.
  • Example: bc1q53lja80elem1anu9q9s4h2n7908re0jax667qdd (starts with bq1q)
• Pay-to-Witness-Script-Hash (P2WSH) – this is the SegWit upgraded version of P2SH and also uses bech32.  Easy to send, complicated and expensive w/ fees for the receiver’s address if it’s P2WSH due to the scripting.  (starts with bq1q)
• Taproot (P2TR): A pay-to-taproot most advanced security, privacy, flexibility and scaling for Bitcoin enabling smart contracts introduced in 2021 to improve privacy and multi-sig.
  • Example: bc1pw508d6qejxtdg4y5r3zarvary0c5xw7kv8f3t4 (starts with bc1p)

You don’t have to memorize all of these wallet types when you’re mastering Bitcoin.  Just like you don’t need to know that a bank wire transfers through SWIFT or that it’s an acronym for Society for Worldwide Interbank Financial Telecommunications. All bitcoin addresses in a wallet are derived from a seed phrase and you DO NOT need a new seed for each address. Bitcoin Addresses on Crypto Exchanges Crypto Exchanges, like Coinbase, are defined as Virtual Asset Service Providers (VASPs) which are Money Service Businesses (MSBs) engaged in government classifications of specific financial activities.    These definitions are tied to Anti-Money Laundering (AML) and with know-your-customer (KYC) laws based on different jurisdictions.   When your Bitcoin is kept on-exchange, the exchange manages your keys.  Coinbase creates different addresses each time you request a new address to receive Bitcoin.    These addresses are derived from your keys and are managed by the exchange.   Law enforcement agencies can subpoena the exchange to uncover all of the transactions that took place on the exchange. Tracing Bitcoin Addresses: Every time you want to receive Bitcoin on your Coinbase account a new address will be created.  Let’s say you receive 1 BTC total via 52 weekly transfers from an external wallet of ~0.0192 BTC each.  Each week you generated a unique receiving address totalling 52 unique addresses generated from your Coinbase exchange account.  If you decide to send your Coinbase balance to an external wallet, you create a transaction with the new wallet’s public address.  The transaction contains 1 input UTXO of 1 BTC, NOT 52 separate inputs because Coinbase is a custodial service.   When transferring from an exchange to a different wallet address, the general public would not be able to associate your 52 transactions totalling 1 BTC.  However, because you’re using a KYC verified account, Coinbase could be subpoenaed by law enforcement and they would disclose the details of the 52 transactions because they manage your keys.   The most common ways to increase your on-chain privacy include:

1. Coin mixing – Different jurisdictions approach the legality of coin mixing so you should always DYOR.  Some wallet providers perform this function by batching transactions together creating different outputs that are harder to track. 

2. Multiple Wallets – the more wallets you route your transactions through can increase your privacy as there is no way of knowing that you own all wallets. Hierarchical Deterministic HD Secret wallets using Passphrases create branches of different key sets which can appear disassociated but easily managed and restored by a single recovery seed.

3. Running a Full Node: The Bitcoin Blockchain is a network of nodes and anyone with an internet connection can run a full node of the Bitcoin Core software.  If you run a node, you can create and broadcast your Bitcoin transaction.  Your transaction will be difficult to distinguish from other transactions your node is simultaneously broadcasting thanks to the Bitcoin Core software.

These solutions are examples for educational purposes which may require advanced technical skills and an understanding of the risks involved. How do I Import my Keys to a New Wallet? Your recovery seed words are used to verify your ownership of the keys to recreate your wallet on another device or with a different wallet provider.   There is no cost or fees to do this.  It’s not uncommon to switch wallet providers until you find one that fits with your Bitcoin security and usability preferences.   The most common reasons for importing your keys are:

• Switching to a new software wallet provider
• Restoring NEW hardware device due to loss or theft*
• Changing hardware wallet to new model or device provider
• Adding a ‘contingency’ device to your backup and recovery strategy
• Creating a duress wallet or a decoy wallet

*If restoring to a new device due to a security concern like loss, theft or suspected vulnerability, it’s best to restore then transfer your Bitcoin to a NEW wallet with a different recovery seed. When you switch devices or providers, your keys never move from one wallet to another.   Your keys are simply replicated on the new device which can be used to send/receive, spend with a merchant, buy more, swap with another coin or just HODL.  Pro Tip: when you buy Bitcoin on an exchange, you don’t control your keys and there is no recovery seed because the exchange is the custodian of your Bitcoin. Wallet providers and device manufacturers have detailed instructions for importing keys with your recovery seed. After successfully importing your keys, be sure to verify account balances and review the wallet providers options to backup and protect your funds.  Changing wallets or upgrading cold storage devices is a great opportunity to implement a strategy for UTXO management and consolidation. Note: Stratus does NOT provide investment, legal or tax advice.  All information in this article is for educational purposes and should not be interpreted as investment, legal or tax advice.  The opinions expressed are those of the author for informational purposes and neither Stratus nor the author are liable for any errors, inaccuracies or omissions.  Digital assets, such as cryptocurrencies or decentralized finance, present unique risks for investors.  For investment, legal, tax, or other financial guidance you should consult your own advisor.  The post Bitcoin Keys and Addresses first appeared on Stratus Crypto.

The goal of Bitcoin dust attack is to expose your identity and holdings. An attacker will send a small amount of crypto to different wallet addresses hoping the wallet owner will eventually batch or consolidate their UTXOs, including the dust, to use in a future transaction. Once the recipient (you) spends the dust in a transaction, the attacker can connect the dots to associate the dusted address with other addresses you own.  For example, if you inadvertently send the dust to a centralized exchange to cash out, the attacker could target you with a phishing attack to compromise your account or install malware.  Most dust can’t be spent on its own because it’s too small and less than the network fee.   To spend the dust, you must combine the dust with other UTXOs which is exactly what the attacker wants you to do.   How to protect your wallet from bitcoin dusting? You can’t prevent a dusting attack because anyone can send Bitcoin to any address without censorship.  Here are some proactive measures to protect against a dust attack:

1. Before creating a transaction, regularly scan your wallet for dust size UTXOs.
2. Most wallets have default dust thresholds that will automatically reject, isolate and freeze suspected dusting UTXOs.  Bitcoin Core has a 546 satoshi dust limit.  
3. Create a rule in your wallet, if available, that prevents UTXOs under a certain value from being included in a transaction.  
4. Only use wallets with a Coin Control feature.  The wallet owner can select to include or exclude certain UTXOs from a transaction. 
5. Use an HD Wallet to generate a new address every time you receive Bitcoin.  Hackers often fine tune their research looking for addresses which have received more than one transaction which can place a target on your back.  
6. Whitelisting, if provided by your wallet, sets specific addresses and prevents inadvertently sending crypto to an address you haven’t previously authorized.  
7. Don’t commingle coins from different sources or addresses.  
8. Practice UTXO management, including a UTXO consolidation strategy.
9. Execute good crypto operational security.  For example, use a VPN to avoid geolocation and log in to a website from your browser rather than clicking a link in an email the website sent you.  Inadvertently scanning fake QR codes on bogus phishing sites or offline IRL is another exploit hackers will target.  
10. Avoid signing up for free airdrops of crypto as these sites are often created by the attacker to resemble authentic sites with the purpose of getting you to connect a wallet or disclose an address or other personally identifiable information.
11. Avoid using vanity addresses which are susceptible to ‘address poisoning’ where the attacker finds your vanity address, creates a similar address to transact with your vanity address hoping you accidentally transact with the fake address instead of your real address at some point in the future.  Double check you’re using the correct address.

As the Bitcoin price goes up and Bitcoin transaction fees increase, dusting attacks are becoming more expensive for the attacker.  The natural reaction for the attacker is to focus their attention on wallets with higher balances which should put Bitcoin wholecoiners on high alert.  What should I do if my wallet is dusted? The proactive actions we suggested in the previous section may help you mitigate a crypto dusting attack. If you’ve been dusted, don’t freak out and don’t spend any Bitcoin dust in a transaction.   In fact, don’t even click on the token to prevent any malicious code in a smart contract from activating.   Pro Tip: Identify the unsolicited dust-size UTXOs.  Freeze the UTXOs you deem as malicious or mark/note as Do Not Spend.  Archiving the UTXO is your safest option and be cautious if your wallet offers a dust conversion to swap the UTXO for another coin.   The attacker is baiting you to interact with the dust so they can track the transaction, even if it’s a swap, then analyze future transactions until they find a vulnerability.  Software wallets, particularly browser-based, are more frequently attacked with altcoin dusting because these wallets are primarily used for Web3, Decentralized Apps (DApps), and altcoins.   You can use a blockchain explorer to trace the transaction if you receive dust.  Check your address to see who the sender was.  Next, check the sender’s address on the explorer to see how many other dust transactions were created.   Report dusting attacks to your wallet provider and to law enforcement’s cyber division like the FBI’s guidance for cryptocurrency scam victims.  Will I lose my Bitcoin if I spend the dust? Transacting with Bitcoin dust won’t necessarily allow the hacker to drain your wallet but does open the vulnerability for them to de-anonymize the wallet and target you with a phishing attack to eventually gain access.  Crypto dusting with altcoins is more common than Bitcoin dusting because it’s cheaper and more susceptible to smart contracts which do have the ability to access your keys and drain the wallet thanks to blind signing.   Smart contracts are embedded into transactions and most wallets do not show the details of the functions in the smart contact.   The vulnerability of smart contracts is linked to code designed to execute when you link your wallet to a specific website, most commonly a decentralized exchange, which can execute a set of instructions to drain your wallet.  This happens more commonly with DeFi compared to Bitcoin because it’s cheaper to transact and easier to exploit Risks of Promotional Crypto Dusting Not all dust is a scam or attack.   Researchers use dust to gather data.  Governments use dust to identify criminal activity.  Developers use dust to stress test their software.  Marketers use dusting to promote new projects. New crypto projects (NFTs and coins) dust addresses similar to spamming an email address.  The dust UTXOs could be benign and contain promotional messages or simply meant to entice you to search for the project and visit the project’s website.   You still shouldn’t engage (click, transact, swap) with dust, ever! How do you know that the site you’re visiting is legitimate?  What if an attacker created a fake spoofed site (or app) and got it to rank higher than the legitimate site? Even if you’re certain the site is legitimate, once you open the site your IP address can expose city, state, country, latitude, longitude, ZIP code, time zone, ISP and other sensitive data.   Now that the marketer or hacker knows your location, if you interact with the dust you could get doxed and and inadvertently reveal your crypto net worth. Getting doxed by a dusting attack is easier than you might think.  Transacting with dust is always a NO! Personally, accepting airdrops from sites that I haven’t vetted are always a NO!   There’s no such thing as a free lunch. Stay vigilant, trust no one, and do your own research! Note: Stratus does NOT provide investment, legal or tax advice.  All information in this article is for educational purposes and should not be interpreted as investment, legal or tax advice.  The opinions expressed are those of the author for informational purposes and neither Stratus nor the author are liable for any errors, inaccuracies or omissions.  Digital assets, such as cryptocurrencies or decentralized finance, present unique risks for investors.  For investment, legal, tax, or other financial guidance you should consult your own advisor.  The post How to Prevent and Detect Bitcoin Dust Attacks first appeared on Stratus Crypto.