Modern HD Wallets enable the wallet owner to create an infinite number of secret wallets backed up with one single recovery seed plus the 25th word passphrase.
Hierarchical Deterministic wallets, also called HD Wallets, were introduced as part of the Bitcoin Improvement Proposal #32 (BIP 32).
Pro Tip – Your 12 or 24 word recovery seed phrase can be used to access, recover, and restore your wallet on ANY third-party software wallet (ie – Electrum or Sparrow) or hardware device (ie – ColdCard, BlockStream Jade, or Ledger) regardless of what service you used to create it.
The wallet may contain multiple addresses with each address having a corresponding public key cryptographically derived from an extended private key.
These different addresses are often referred to as ‘accounts’ within the wallet.
If you use the Ledger hardware wallet, the software program defaults to creating a unique Bitcoin address for every transaction to enhance your privacy on the network.
Your public key is like your bank account number and your private key is like your bank account password. Each unique key pair derives a public address which the ‘receiver’ shares with the ‘sender’ to initiate a transaction.
Yes, your HD wallet generates one single recovery seed phrase which thanks to the BIP-32 cryptographically derives (via derivation path) and stores the public key and private key pair for each different cryptocurrency ‘wallet chain’ and the various sub-accounts.
Your seed phrase is used for backing up and recovering your wallet, most commonly with a hardware device (cold wallet). The seed phrase represents the master key pair which includes the extended private key (XPRIV) and extended public key (XPUB).
XPRIV generates new private keys while XPUB is used to display the balances of each public key in your wallet for each different crypto account.
In essence, your seed phrase secures the extended private key which is used to generate a pseudononympus identity for every public address (key pair) you create inside the wallet used to send or receive Bitcoin (or other crypto).
You DO NOT need to generate a unique backup recovery seed for the different crypto blockchains (Bitcoin, Ethereum) or their (sub)accounts (addresses) stored on the HD Wallet thanks to the BIP32 deterministic method of deriving key sets…
Click To Tweet
Private keys are used to derive a public key but public keys CANNOT be used to derive a private key.
In a Bitcoin transaction, a ScriptPubKey ‘locks’ bitcoin to the receiver’s address which is a hash (shortened version) of the receiver’s public key.
For example, Pay-to-Public-Key-Hash (P2PKH) is the most common ‘locking script’ compared with an alternative, Pay-to-Public Key (P2PK). P2PK locks bitcoin to a public key and P2PKH locks bitcoin to a hash, or shortened version, of the public key.
The permissionless nature of most blockchains (Bitcoin, Ethereum) enables the end user to safely and autonomously migrate all crypto accounts in their wallet to different wallet providers using the same original 12 – 24 word backup recovery seed.
Pro Tip: If you are using a recovery seed to migrate from one wallet provider to another (ie Ledger to ColdCard), make sure you confirm that the new wallet provider supports all of your cryptocurrency accounts (Ethereum, Bitcoin, Filecoin etc).
BIP32 HD wallets allow keys to be organized in a hierarchical, multi-level tree structure to send and receive from an unlimited number of different wallets and accounts (sub-accounts) under a single HD Wallet.
The (1) Seed Phrase represents the (2) Master Key – Extended Private Key with an extra 256 bits of entropy/randomness to create (3) Child Keys and even (4) Grandchild Keys.
HD Wallets (Type 2) were introduced via the Bitcoin Improvement Proposal #32 (BIP32) in 2012 to improve privacy & usability as an alternative to Bitcoin Core ‘Qt’ Wallets which required physical private key backups or hard drive storage on your computer (filename: wallet.dat) for every address key pair you manage.
With HD Wallets, you can always generate the same set of keys from the extended master private key without ever revealing the corresponding private keys.
The only limitation imposed is related to the available storage (~1.5MB) available on a specific hardware wallet and varies depending on the manufacturer.
You can try it for yourself using this Deterministic Key Generator tool.
Step 1: Follow the instructions to enter your entropy, which is a mathematical word for randomness.
For example, you could roll a 6 sided dice 53 times and enter the result in order after each roll.
You could also flip a coin 53 times, entering ‘1’ for heads and ‘2’ for tails to create your own randomness (entropy).
Step 2: (optional) enter an ‘optional password’ commonly referred to as a password or passphrase.
Step 3: Select whether you want a 12 or 24 word BIP39 phrase (seed phrase/recover seed) and click ‘Generate New Phrase’.
Voila! After some complicated behind the scenes hashing, salting, and checksum operations you just created a new Bitcoin address with the corresponding public and private key pair.
The backup phrase provided was generated from the BIP39 word list which corresponds to a numeric number converted from the output of the key generator which uses entropy.
Step 4: (optional) Scroll down the page, select ‘External account (master)’ from the Derivation Path dropdown. Examples below:
The Account (k) field is where you can enter a number to represent an additional key pair.
We can enter the number 3 to generate the (public/private) key pair for the third Bitcoin address in our HD wallet. This is the logic that cold wallet device manufacturers like Trezor and Ledger use to generate new, pseudonymous addresses that are not publicly connected but stored within the same wallet. Here’s a link to their documentation.
The example below displays the public and private keys generated based on the account number I enter.
Note: Notice how the ‘BIP 32’ Extended Key, at the top of the image, DOES NOT change.
With HD Wallets, the public and private key pairs are generated from an extended master private key which can be unlocked/restored with a 12 – 24 recovery seed phrase that you must backup and keep secure.
Pro Tip: Generating a paper wallet, like the example above, is not our recommendation because using an online key generator introduces risk (keylogger, bad actor, malware). You could opt to use a more advanced, secure, and self-contained (air-gapped) option following these instructions (alternative) or allow your wallet provider to generate the private key (and recovery seed).
A private key is just a number that can be randomly generated like we just showed in the example above.
Technically, someone could accidentally generate the same BIP39 recovery seed when they are setting up a new wallet. This is called key collision.
The chances of generating the same private key as someone else is 2^256 which is approximately 10^77
Nerd alert – 2^256 (1.15 quattuordecillion) = 1.157920892373162e+77 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
For example, let’s assume that Bitcoin goes through a mass adoption and at some point in the future there are 10 TRILLION addresses (currently ~500 Billion w/ only 30 Million holding Bitcoin). So, 30 Million to 10 Trillion is a HUGE leap, but let’s keep at it. If those 10T addresses were evenly distributed, there would still be gaps of 10^64 between each. Remember we started with 10^77 as the total number of possible addresses.
Your private key is statistically impossible for someone or some quantum computer to guess in the next 10^23 millennia because the number of combinations is comparable to the quantity of atoms in the universe.
So, you’re saying there’s a chance.
Buttcoiners and FUD-spreaders are happy to talk about hacking, stealing, scamming or even accidental ‘key collision’ resulting in an unauthorized party having access to your coins because they have your recovery seed.
Technically someone could generate the same private key on the first guess. Unlikely, but possible.
Or maybe you fell victim to a phishing attack or clicked a bad link.
Pro Tip: Never. Never ever. Never ever type in your seed phrase on ANYTHING other than a cold storage device. Your hardware wallet’s sole purpose is to be the ONLY thing that can safely accept your recovery seed. If you have any questions, ask us at team@stratus.io and remember that we will not ask for your seed.
Passphrases are optional and add additional data to the master seed before the extended private key is generated.
Adding a passphrase to your randomly generated private key is the easiest way to protect your wallet from key collision with the drawback of having one additional word or number to backup and keep secure.
With a 13th or 25th word BIP-39 passphrase, If someone acquired your seed through hacking or happenstance, they would need both your backup recovery seed + your passphrase to access your passphrase-secured accounts.
By default, every wallet uses a ‘blank’ passphrase. Adding a passphrase replaces the default ‘blank’ placeholder with a ‘string’ (case sensitive letters/words/numbers) that replaces the default ‘blank’ passphrase field.
A passphrase offers the greatest value by adding an additional layer of security if your seed phrase is discovered or accidentally revealed to someone.
Pro Tip: A ‘passphrase’ and ‘BIP-39 Passphrase‘ are used interchangeably. A passphrase option is available on BIP-39 compatible wallets which use the list to generate your 12/24 word recover seed. However, your passphrase is NOT limited to one of 2,048 words the BIP-39 list and we strongly encouraged you to use, backup and secure a unique alphanumeric passphrase.
Depending on the requirements of the wallet provider, a passphrase is CaSe sensitive and can be any combination of numbers, letters, and symbols. Common words could be brute forced, so consider adding randomness using 12 upper/lowercase letters and numbers. Some providers may present an option to select a word from the predefined list of 2,048 BIP-39 word list.
You’ll need to decide if simplicity (memorable passphrase) is more important than advanced security (random words/numbers).
Passphrases DO NOT get stored on your device. Your wallet will combine the recovery seed + passphrase to create a new, unique passphrase-secured private/hidden wallet. For exmample:
If someone generated the same private key by rolling dice or flipping a coin, your passphrase enhances your entropy by adding an additional word (or number) that can’t be randomly generated.
Pro Tip: Best practice is to store your passphrase separately from your backup recovery seed when you self-custody your bitcoin. Even if you have your recovery seed accessible, if you lose (or forget) your passphrase, you will lose your coins!
Accessing your hidden/secret wallets to make a transaction is as easy as accessing your standard wallet then entering your passphrase in where prompted.
If you enter the wrong passphrase, your wallet is NOT able to tell you that it’s incorrect because technically there are no wrong passphrases. If you enter the wrong passphrase, a NEW hidden/secret wallet will be created for use. You will need to reset and try again if your passphrase entry does not access the wallet you expected.
The only way to know if you entered the correct passphrase is by the contents of the wallet funds.
You may be wondering, how can I reset or change my passphrase? You can’t reset or change your passphrase. Each passphrase you enter accesses a different wallet. If you want to use a different passphrase, then generate a new passphrase wallet and send bitcoin to this wallet.
For example, if you use Trezor watch this video showing how to create hidden wallets and use 3rd party apps like MetaMask or hardware devices like ColdCard with a passphrase.
On some devices, like Ledger, you can create a second PIN for your hardware wallet that uses a PIN to unlock a specific passphrase protected secret wallet. Entering the second PIN accesses the hidden accounts.
On a Ledger wallet device, you have two options for the second PIN passphrase:
When we created the master keys in the previous example, we were provided with a recovery seed, private key, public key, public address and an extended key (XPRIV).
12 word recovery seed: banana code hard debate vague ecology mistake sick present prepare nasty manage
Private Key (WIF*): L2qM2hSYeC9TW9LhUwtzQMHhaKzeyoNULmuzDQkaiynVaDyByDtR
*WIF – “wallet import format” is the standard alphanumeric private key format.
Public Key (hex): 02054f43aa816fe14d4d38a3c01af02844b0366aad8e7a6865780c57062269e05b
Public Address: 1EGxUj4NEuXyWoKfGPGhhCHbWAv6LrL5xP
Extended Key:
xprv9s21ZrQH143K3FUHuKDbffdt4TYNYigit28odBvz9HZ2QZdu6rybiqDVxpUYoyudsv9tebfY2iJmZke6LDR3EeaVVTQBH3ZgbTBmsTM8wyH
Adding a Passphrase “btc” to the backup recovery seed generated a new private key, public key, public address and an extended key (XPRIV).
Extended Key with Passphrase: xprv9s21ZrQH143K3QaGxe5JD5rgtHdQmvLZMxM6LBGwgDYEX7jDLXxkjPyV2bsM6RNe8eE8uqicqWRmRoqTF7GkJzmoss64Ua1M92SkVRE8bML
It’s like having a completely different wallet with an infinite number of addresses and backed up with the same recovery seed. Adding a 25th word passphrase creates an entirely NEW wallet with an infinite number of addresses and backed up with the same recovery seed + passphrase.
This is the beauty of deterministic wallets which use cryptography to easily derive secure keys to transact with. Prior to HD wallets, every time you created a new address you were given a new recovery seed to backup to recover the wallet.
New key pairs can be derived for each transaction which helps to keep your transactions more private compared to using the same key pair every time you send or receive Bitcoin.
The organizational structure of HD Wallets increases privacy, compared to non deterministic, because if ‘branch A’ is used to receive Bitcoin, ‘branch B’ is used to receive Bitcoin a change outputs within the same wallet.
Another major privacy benefit for HD Wallets is being able to generate and use different public keys in transactions received while eliminating the need to provide the corresponding private key.
The Bitcoin blockchain is a public network.
Re-using an address allows anyone with a blockchain explorer to view your transaction history and balance.
Many HD Wallet hardware devices are programmed to generate a new address for every transaction.
The addresses (key pairs) are maintained within your wallet under the same account while being publicly disassociated from each other on the network thanks to the extended public key (XPUB).
Pro Tip: multiple passphrases can also be used to categorize different wallets depending on the transaction type for each. For example: Passphrase A for your Dollar Cost Averaging (cap gains tax reporting). Passphrase B for sending/receiving with friends or family. Passphrase C for merchant transactions. EVERY passphrase needs to be backed up separate from each other and your recovery seed!!
You should have a plan for backing up and safely storing your recovery seed to prevent unauthorized access to your wallet(s).
Being in your own bank means that you are free to manage a personal strategy for Crypto Operational Security.
Hardware wallets store your keys offline and even protect your keys and crypto if you plug your cold wallet into a computer infected with malware.
Most cold storage devices require you to enter a 4-8 numeric Pin (Pin Code) during setup.
If you want to make a transaction, you must physically enter the correct Pin on the hardware device to access your accounts.
Pro Tip: Some wallet manufacturers have a ‘kill switch’ that wipes your device after a fixed number of incorrect PINs have been entered. If your device is wiped, you can still recover or restore your crypto wallet(s) with your 12-24 word backup recovery seed.
You must have a safe, discrete and reliable backup strategy to secure your 1) Recovery Seed, 2) Optional Passphrase(s), 3) physical Hardware Device (cold wallet), and 4) Pin/PinCode.
A distributed backup strategy is pretty easy to implement and ensures that your wallet and passphrase backups are stored at different physical locations.
You can deploy OpSec tactics like a honeypot trap to further reduce your risk of losing crypto due to a random collision event, unauthorized discovery of your physical backup(s), or a malicious 3rd party phishing/malware hack.
*Note: Most wallet providers require you to first create a wallet before adding a passphrase to it. Adding a passphrase to an existing wallet or new wallet actually creates a new hidden (secret) wallet. Always refer to your wallet provider’s FAQ/help to confirm.
The hacker or bad actor (and anyone else) who compromised your account can view the transaction, including the new bitcoin address on a blockchain explorer but they will be back to square one in attempting to crack your new seed + optional passphrase unless you fail to properly secure your digital and physical environment.
If your new wallet is compromised, it’s safe to assume that you’ve either been physically breached or there is malware installed on your computer. Time to audit and wipe.
This scenario is not very likely to happen. A honeypot trap is relatively simple to set up but introduces a vulnerability of losing or failing to secure your seed and passphrase backups.
Do whatever makes you most comfortable and helps you to sleep at night.
Imagine you’re walking out of an airport and get rushed into a car and driven off to an isolated location.
There’s a great big man holding a wrench and your hardware wallet. He’s going to steal your crypto. You have two choices 1) enter your PIN or 2) prepare to get hit with the wrench until you cave in and give him the PIN code anyways.
You tell him that you lost your coins in a boating accident but he can have whatever is left.
This next step is important. When he hands the device back, enter the PIN for the main wallet you created after reading the next section and completing the setup for your duress wallet.
Pro Tip: test the recovery process and confirm addresses before moving on to the next step and adding Bitcoin to the duress wallet.
The downside to washing your Bitcoin with an Exchange transfer is that all the attacker needs to do is force you to log in to an exchange where they can see the addresses you sent or received to/from. They may have already hacked your email and know that you hold crypto on Binance and Coinbase. Non-KYC exchanges, mixers or P2P transfers are alternatives but be sure to check the laws affecting your jurisdiction.
Even the best laid plans are still susceptible to unknowingly making poor choices for your personal Bitcoin security. The most vulnerable crypto storage scenarios include:
Hidden wallets with passphrases on cold storage devices offer reliable protection against attack as long as you keep them secret and maintain a backup recovery plan.
Note: Stratus does NOT provide investment, legal or tax advice. All information in this article is for educational purposes and should not be interpreted as investment, legal or tax advice. The opinions expressed are those of the author for informational purposes and neither Stratus nor the author are liable for any errors, inaccuracies or omissions. Digital assets, such as cryptocurrencies or decentralized finance, present unique risks for investors. For investment, legal, tax, or other financial guidance you should consult your own advisor.
The post How to Create Secret Bitcoin Wallets with Passphrases first appeared on Stratus Crypto.