Have you ever wondered why crypto wallets are asking you to write down 12 words? This is just a strange thing to ask someone to do. And naturally, most people want to take a screen capture (photo) of the 12 words. The better software prevents you from doing this. There’s a reason for not taking a photo of the words. These modern phones are really good at replicating your photos around the world and backing them up. iPhones put them on iCloud, and if you’ve installed Google Photos, then they also make a copy.
Why is it bad to make a copy of the 12 words? Well, first we have to understand what the 12 words are for. The 12 words come from a standardized list of 2048 words. For technical reasons, each word represents 11 bits (on/off switches) of entropy. Oh crap, now I have to explain entropy. Entropy is randomness. Flipping a coin is one bit of entropy. Flipping a coin 11 times is 11 bits of entropy. If you flip a coin 11 times and write down the result — like heads — tails — tails — tails — heads, etc. Then you will end up with one combination — out of 2048 combinations. If you don’t believe me, you can try it yourself. Or think of it this way… With one flip of a coin, you have two combinations, with two flips, you have four combinations (tails/tails, tails/heads, heads/tails, and heads/heads). Now try 3 flips, and set tails to 0, and heads to 1, and look at this list of options.
000 — tails — tails — tails001 = tails — tails — heads010 = tails — heads — tails011 = tails — heads — heads100 = heads — tails — tails101 = heads — tails — heads110 = heads — heads — tails111 = heads — heads — heads
You have 8 combinations. If you keep extending this out — 4 flips = 16 combinations, 5 flips — 32 combinations. Just multiply by two for each additional flip. At 11 flips, you have 2048 combinations.
Now back to our words. We have a list of 2048 words. So for each 11 coin flips, we can pick one word from our list. Then 11 more coin flips, and another word from our list. The computer doesn’t actually flip a coin to create the randomness, but it does something very similar to randomly get your words.
When all is said and done, we have 12 words that encode 128 bits of entropy. For those keeping track at home, you might notice that 11 bits times 12 words is actually 132, but we use those last four for a checksum. We just use 128 bits.
128 bits gives us 2 raised to the 128th power combinations or roughly 340,282,366,920,900,000,000,000,000,000,000,000,000 combinations.
This is your seed. The seed can be used to create as many private keys as you’d ever need. Crypto addresses like this Ravencoin address: RHzer7kadDKyw7m2g5z6yGiVhpnP1QGVZa, can easily be created from a private key.
As long as you have your 12 words, then the master private key can be easily reconstructed by looking up the 11 bits associated with each word and assembling the seed bits back together. It is very important that the words stay in the same order.
We take the seed and run it through 2048 iterations of a hash algorithm — specifically HMAC-SHA512. That generates a master private key from which we can derive many keys. This doesn’t add entropy, but it does add additional computation to make it more expensive to try lots of combinations in an attempt to get lucky. This method of going from randomness to words (also called mnemonics), is documented as BIP39.
Ok, what can we do with a “master private key”? We can make any number of crypto private keys from it. This is great because some really smart people documented a standardized way of generating more keys. This standard is documented as BIP32, and it allows you to derive as many other keys as you’ll ever need from a single master key.
If we can make as many crypto private keys as we want, can we use the same 12 words for any number of coins? The answer is a resounding YES. And, there’s even a documented way of doing that. You might be detecting the pattern here. I won’t bore you with the details, here but it is well documented as BIP44.
As more and more wallets support the same standard, then it will be easier and easier to recover crypto-currencies and crypto-assets.
You might be asking, “How can funds be recovered from 12-words?” Well, the coins or tokens balances are stored on their respective blockchains, so all that is needed is a list of addresses. The wallets will take your 12 words, and generate private keys, and from the private keys, will generate crypto addresses. Then the wallet will scan through the blockchain looking for balances for each address. If it finds a balance, then it generates the next address and checks for a balance. It repeats this process until there isn’t a balance in an address, and then it will check about 20 more addresses, and if it doesn’t find a balance in any of those addresses, then it stops looking.
Since anyone with your 12 words, can enter it into any compatible wallet and snag your funds, you don’t want a photo of your words floating around the interwebs.
So the cost of being your own bank is writing down 12 words and keeping them safe and secure. So now when your favorite mobile wallet implores you to write down 12 words, you know why.