If you have used a crypto wallet, you must be familiar with seed phrase, which are another form of plaintext private keys. They were first proposed by BIP39 (Bitcoin Improvement Proposal No. 39, born in 2013). In the BIP-39 standard, each pair of keys corresponds to a unique set of seed phrase, the purpose of which is to help users remember and copy complex private keys.
In addition to the concept of BIP39 (making seed backup more friendly by defining seed phrase), there are also concepts such as BIP32 (a hierarchical derivation scheme proposed to avoid the trouble of managing a bunch of private keys) and BIP44 (a specification for defining hierarchical paths for BIP32). For example, the familiar MetaMask (Metamask Wallet) uses the BIP44 standard for key derivation, enabling users to use multi-account wallets, and each account has its own pair of independent public keys (that is, the public wallet address you use to receive/transfer money) and private keys, but these accounts (sub-accounts) are all derived from the same set of seed phrase. MetaMask's multi-address involves an HD (hierarchical determinism) function, which we will introduce later. As for the concept of BIP, we will not introduce it too much here. Interested friends can search for relevant information on Google by themselves.
Next, we will only give a brief introduction based on BIP39. The 12 seed phrase(or 24) you generated when creating a wallet are equal to all the assets in the corresponding wallet. If the 12 seed phrase are lost, it means that all the assets in your encrypted wallet will no longer be yours. In other words, whoever owns the seed phrase owns all the assets in the encrypted wallet.
In addition, because most of the current mainstream wallets are compatible with the BIP standard, a set of seed phrase can be imported into almost any crypto wallet for use. For example, the same set of seed phrase can be imported into MetaMask, Rabby Wallet, OKX Web3 wallet, etc. In short, the wallet is just a tool. It does not store your encrypted assets itself. The encrypted assets in your wallet (strictly speaking, your seed phrase) are stored on the chain.
But one thing we need to remind you is that there are many fake wallets on the Internet. Please be careful and do not use unknown or reputable crypto wallets at any time to avoid the wallet developers stealing from you.
Let's go back to the seed phrase issue. The seed phrase for a crypto wallet is extracted from a specific list of 2048 English words (BIP39 word list), which means that any seed phrase generated by a tool or wallet DApp is included in these 2048 words. See the figure below.
Moreover, in order to ensure the uniqueness of the seed phrase, the BIP39 wordlist does not have the same first 4 letters. For example, apple and appl are not included in the 2048 wordlist because they have the same first 4 letters. In other words, if you know the first 4 letters of a word, you can find and know the rest of the corresponding word through the BIP39 wordlist. This is why sometimes when you import seed phrase through some wallet applications, after entering the first 4 letters, the software will automatically enter them for you. As shown in the figure below.
At this point, some new friends may have a question: since the seed phrase is composed of 12 words randomly selected from a fixed 2048 words, then wouldn’t the encrypted wallet be easy to crack? Or if you randomly select 12 words from the list and try to import them, can you enter a wallet that stores encrypted assets?
1. About the problem of entering a wallet by randomly entering 12 words
The order of generating seed phrase is based on a certain algorithm, so you don’t have to worry about someone entering your wallet by just typing in 12 random words. The general process of the algorithm for generating seed phrase is as follows:
2. Question about whether the encrypted wallet can be cracked
If we consider this issue from a probability perspective, it is indeed possible.
But if we consider it from the perspective of practical operation, the probability of this happening is extremely low. Here we can make a calculation list to see it first (as shown in the figure below):
If one word is missing, there are 2048 possibilities to crack it (2048¹)
2 words missing, 4,194,304 possibilities (2048²)
3 words missing, 8,589,934,592 possibilities (2048³)
4 words missing, 17,592,186,044,416 possibilities (2048⁴)
Suppose you want to hack a crypto wallet and you buy the most powerful CPU currently available — the Intel Core i9–14900K, which can handle up to 576 billion calculations per second, as shown in the following figure (I asked ChatGPT directly).
In theory, using this CPU to crack all 12 seed phrase combinations requires 9.45 x 10²⁷ calculations, as shown in the figure below.
So how many years do we need to calculate? We can continue to calculate with the help of ChatGPT, as shown in the figure below.
According to the above calculation results, if you want to use the above CPU computing power to completely crack 2048 seed phrase, it will take 299,700,000,000,000,000,000 years, which seems almost impossible.
But if only a few of the 12 seed phrase are missing, then cracking is possible. The specific time and cost of cracking can be calculated by asking ChatGPT in the above way. In addition, there are actually some tools that can be used to crack or recover seed phrase, such as Seed Saviour (suitable for recovering/cracking the case of missing 1 word) and Btcrecover (suitable for recovering/cracking the case of missing 2 or more words) that I have introduced to you in previous articles. As shown in the figure below.
In general, the main reason for the loss of encrypted wallet assets may not be the problem of being cracked, but mainly due to improper use or backup by the wallet holder, such as storing the seed phrase casually in an Internet-connected mobile phone/computer or online cloud disk, sending the seed phrase casually to others, downloading fake wallet software, authorizing problematic phishing websites, etc.
3. Choose 12 seed phrase or 24 seed phrase?
12 words are the most common seed phrase, but there are also 24 seed phrase. From a technical point of view, 12 words are equivalent to 128 bits, and 24 words are equivalent to 256 bits. At present, the default seed phrase generated by common wallets such as MetaMask (software wallet) and OneKey (hardware wallet) are 12, while the default seed phrase generated by wallets such as Ledger (hardware wallet) and Trezor (hardware wallet) are 24.
There is no difference between wallets generated with 12 seed phrase and 24 seed phrase. The main difference is the security level, that is, 12 seed phrase can provide 128-bit security level, while 24 seed phrase can provide 256-bit security level.
But in fact, the security level of 128 bits is already high enough, and we have already understood it through the above calculations. Therefore, whether to choose 12 seed phrase or 24 seed phrase depends on your own considerations and preferences. For ordinary individuals, there is no need to generate 24-bit seed phrase for this reason, because remembering and managing too many words will be more difficult and troublesome.
4.What are the main categories of wallets?
Usually we hear more about various so-called hot wallets, cold wallets, hardware wallets, paper wallets, etc., but if we classify them according to the characteristics of the wallets themselves, the common wallet types now mainly include EOA wallets, MPC wallets and AA wallets. In fact, this topic has been sorted out in previous articles of Li Huawai, so let's briefly review it here:
1) EOA Wallet
EOA wallet refers to seed phrase wallet. When mentioning seed phrase, some people may also mention the issue of private keys. Simply put, private keys are seed phrase. Private keys are usually composed of a long string of numbers and letters, which is not convenient for us (humans) to remember. Therefore , seed phrase are used to "replace" private keys. We only need to remember or back up 12/24 English words (seed phrase).
Moreover, seed phrase and private keys can be converted to each other using some online conversion tools, as shown in the figure below. However, it should be reminded that for the sake of safety, do not easily use some unknown tools and websites to generate seed phrase or perform conversion operations to avoid the problem of seed phrase being leaked.
2) MPC Wallet
MPC wallet refers to a wallet without a private key. That is, the private key will be sharded, with one copy saved by the platform, one copy saved by the user's device, and one copy backed up in the user's cloud disk (such as iCloud).
The Binance Web3 wallet and OKX Web3 wallet that many people are using now are of this type. Of course, they also support you to import existing seed phrase to create EOA wallets.
3) AA Wallet
AA wallet refers to a smart contract wallet, also called an Account Abstract wallet. This type of wallet does not have a private key and cannot be created independently. It is controlled by code logic and needs to be created (generated) based on an existing wallet. In other words, each keyless wallet or private key wallet can only create one AA smart contract account, while each account under a seed phrase wallet (for example, MetaMask under the same set of seed phrase can generate N different wallet account addresses) can create a corresponding AA smart contract account, such as Wallet A — Account 01, which corresponds to Wallet A — Smart 01.
Smart contract wallets generally have some special functions, such as batch transactions, gas payment, key recovery and other more customized and extended functions. The Binance Web3 wallet and OKX Web3 wallet mentioned above also support the creation of AA wallets.
However, the adoption rate of this wallet model is still relatively low in the current market, and many chains (including corresponding DApps) are not yet supported. Therefore, sometimes when you use the AA wallet to perform a Swap operation, you may see a prompt such as "The private key-free wallet you are currently connected to does not support XXX chain yet."
5. Issues with multi-signature wallets
In addition to the above, when it comes to crypto wallets, you may often hear the concept of multi-signature. Multi-signature mainly refers to authorizing a transaction through multiple different private keys, rather than just a single private key, which is mainly to increase the security of the transaction.
In general, multi-signature involves several issues:
1) Problems with multiple private keys
That is, a multi-signature wallet usually contains multiple private keys, each of which is associated with a specific authorizer.
2) Signature threshold issue
That is, in a multi-signature wallet, a signature threshold can be defined, indicating how many signatures of authorizers are required to execute a transaction. Its working mechanism involves the concept of multiple keys and M-of-N signatures. In an M-of-N setting, only M of the N keys have signed a transaction in order to authorize the transaction. For example, in a 2-of-3 multi-signature wallet, there are three private keys, and at least two private keys (authorizers) are required to execute a transaction.
3) Issues with multi-signature transactions
That is, to execute a transaction, the signature threshold must be met, that is, a sufficient number of authorized signatures must be obtained so that the transaction can be broadcast and confirmed.
However, in terms of specific applications, multi-signature is mainly used by enterprises/institutions. Of course, individuals can also use it. For example, you can save one private key in your mobile phone and another private key in your computer. When trading, you need to use both private keys together to transfer funds.
As for the creation and use of multi-signature wallets, Hualihuawai’s previous articles have already introduced relevant examples, so we will not repeat them here. Those who are interested can look back at the historical articles. As shown in the figure below.
6. Issues with Bitcoin Wallets
I have shared this issue in the group before, and here we briefly review it:
1) From the perspective of coding
The private key of a Bitcoin wallet address (note that it is a private key) can be divided into multiple formats, such as WIF, WIFC, HEX, B64, MINI, BIP38, etc., that is, a set of private keys can be generated based on different encoding methods (private keys of different formats can also be encoded and converted to each other). Here we take WIF and WIFC as examples:
WIF is the abbreviation of Wallet Import Format, which is a way to encode private keys. This method can be divided into two forms: compressed and uncompressed. The compressed one is WIF compressed (abbreviated as WIFC), and the uncompressed one is WIF uncompressed (abbreviated as WIF).
Their differences are only from a technical perspective, for example:
WIF encoding means adding a prefix of 0x80 to the front of the private key, performing two sha256 operations on the newly generated value, using the first four bits of the calculation result as verification bits, and then performing a base58 encoding. The final result is a private key address starting with 5.
The calculation of WIFC is similar to that of WIF, but there are some differences. Not only is a 0x80 prefix added, but a compression flag suffix, 0x01, is also required at the end. The remaining result is no different from the previous one. Then sha256 is performed twice, and the first four bytes are taken as verification bits. The final result is a private key address starting with K or L.
Then corresponding to the compressed and uncompressed private keys above, the Bitcoin address will be divided into Bitcoin Address Uncompressed (Bitcoin uncompressed address) and Bitcoin Address Compressed (Bitcoin compressed address).
In other words, one Bitcoin corresponds to two addresses (Compressed/Uncompressed addresses), but both addresses are "legal" and have no difference in use. The Compressed address is actually the most common and used address (the Bitcoin wallet address starting with 1), and most wallet tools currently generate this address by default.
In short, no matter what tool is used to generate the wallet address, the generated wallet address and private key must have a one-to-one correspondence. Just record these two things. In daily use, you don’t need to worry about compression or technical issues. Just remember this: once your private key is leaked, all your assets may be lost.
2) In terms of address format
Generally speaking, Bitcoin wallet addresses are divided into four main formats:
Ordinary address (i.e. P2PKH address, Pay-to-Public-Key-Hash): It is the earliest Bitcoin address format. This address starts with "1" and consists of 26 to 35 characters, including numbers and uppercase letters.
Native Segwit Address (also called P2WPKH address): This is a new address format that starts with "bc1q" or "tb1" and consists of 41 to 62 characters, including numbers and lowercase letters.
Compatible Segregated Witness Address (Nested Segwit Address, also called P2SH-P2WPKH Address): This is a new address format that mixes traditional ordinary addresses and native segregated witness addresses. It starts with "3" and consists of 26 to 35 characters, including numbers and uppercase and lowercase letters.
Taproot Address : Taproot is an important upgrade to the Bitcoin protocol (activated in November 2021) that aims to improve Bitcoin's privacy, security, and scalability. Taproot addresses usually start with "bc1p".
In simple terms, the above four addresses can all be derived from the same set of seed phrase. At present, SegWit/Taproot addresses are relatively more commonly used, and are also the default address format of many mainstream wallets (some wallets may only support 1-2 of the 4 addresses), because bc1 addresses include more advantages, such as higher capacity and lower transaction fees. Although Bitcoin has different addresses, transfers can be made between addresses because they all use the same basic encryption technology and underlying protocols for transactions. The only difference between different addresses is that there will be differences in gas fees, and using SegWit addresses will be relatively cheaper. As for the difference between SegWit and Taproot, the former is mainly to simplify transaction data, and the latter is mainly to improve privacy and efficiency.
8. Issues with HD wallets
HD wallet is a Hierarchical Deterministic wallet. You may have seen this concept in some wallet applications. Simply put, we can regard HD as a wallet structure that uses a hierarchical structure to manage and generate key pairs. Based on this framework, users can easily create almost unlimited addresses (sub-addresses) through the same set of seed phrase without having to back up the private key of each address.
The advantage of this wallet model is that we only need one set of seed phrase to generate any number of new wallet addresses. You can use different addresses for different purposes, such as some addresses for airdrops, some for transfers, some for testing, etc., which can provide better anonymity and privacy. But the disadvantage is also obvious. Once your seed phrase are lost or leaked, the assets under all corresponding addresses will also be lost.
So, whether you want convenience or safety, it is up to you to decide.
This is the end of our sharing of this issue. This is also the 490th article updated by Hualihuawai. For additional information such as data citations and image sources involved in the main text, please refer to the article backup of the corresponding date in the Notion version of Hualihuawai.
Disclaimer: The above content is only a personal point of view and analysis, and is only used for learning records and communication, and does not constitute any investment advice. The encryption field is a high-risk market. In addition to various forms of hacker attacks, fraud and pig-killing schemes, many projects also have the risk of returning to zero at any time. Please look at it rationally, establish a correct investment concept, improve risk prevention awareness, and do not touch it if you don’t understand it.
