Mnemonic Generation (BIP39) Simply Explained

Jun 23 · 3 min read

Every time one setup a crypto wallet, he/she is provided 12 (in some case 24) mnemonic phrases and asked to keep it secure. These mnemonics are further used to recover accounts and related crypto balance.

One set of mnemonic can be used to create multiple addresses. This method of generating account was introduced in BIP32 & BIP39 long time ago. Here, we will talk about the BIP39 mnemonic generation process with a simple example.

BIP39

This BIP describes the implementation of a mnemonic code or mnemonic sentence — a group of easy to remember words — for the generation of deterministic wallets.

It consists of two parts: generating the mnemonic, and converting it into a binary seed. This seed can be later used to generate deterministic wallets using BIP-0032 or similar methods. Lets understand first part of it.

Mnemonic Generation

Mnemonic generation is a multi-step process. We will go step by step with an example:

1. Generate Entropy: It starts with entropy generation. With more entropy security is improved but the sentence length increases. It is allowed to be 128–256 bits to generate 12–24 phrases. We will take example of 128 bits which will generated 12 phrases. In our example, below is the entropy generated , in hex & binary:

In hex: 063679ca1b28b5cfda9c186b367e271e

Complete 128 bits are as:

`0    6    3    6    7    9    c    a    1    b    2    8    b    0000 0110 0011 0110 0111 1001 1100 1010 0001 1011 0010 1000 1011   5    c     f     d    a    9    c    1    8     6    b    3    6    0101 1100  1111  1101 1010 1001 1100 0001 1000 0110 1011 0011 01107     e    2    7    1   e0111 1110 0010 0111 0001 1110`

2. Generate Checksum: Second step is about generating checksum.

`checksum = first (length of entropy in bits/32) bits of SHA256 of     entropy`

In our case, it is 128/32 = 4 bits. Lets assume, it is 0110 (6 in decimal) in our case. Append this checksum in the end of initial entropy. So, after concatenation, it will be:

`000001100011011001111001110010100001101100101000101101011100111111011010100111000001100001101011001101100111111000100111000111100110`

3. Split: Now we need to split it into groups of 11 bits. Right now total bits are 128 + 4 = 132

After split, it will look like:

`00000110001 10110011110 01110010100 00110110010 10001011010 11100111111 01101010011 10000011000 01101011001 10110011111 10001001110 00111100110`

4. Convert to decimal: Now we need to convert these bits into its decimal representation as:

`00000110001 10110011110 01110010100 00110110010 1000101101049          1438        916         434         111411100111111 01101010011 10000011000 01101011001 101100111111855        851         1048        857          143910001001110 001111001101102       486`

These decimal representation varies from 0–2047. These work as an index to mnemonic word list. This word list can be found here.

5. Find out Words: Now words will be chosen from the wordlist. In our case, with English language, they will be as:

`49          1438        916         434         1114        1855 alert        record      income      curve       mercy       tree851         1048        857          1439       1102       486heavy        loan        hen         recycle     mean       devote`

So, this way final generated mnemonic phrases will be:

alert record income curve mercy tree heavy loan hen recycle mean devote

No. of mnemonic words generated depends on the size of initial entropy. It follows as:

`Bits of Entropy     Number of words128                  12160                  15192                  18224                  21256                  24`

Further to create a binary seed from the generated mnemonics, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string “mnemonic” + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes). This seed can be further used for HD wallet purpose.

Written by