Mnemonic Generation (BIP39) Simply Explained

Aniket
Aniket
Jun 23 · 3 min read

Every time one setup a crypto wallet, he/she is provided 12 (in some case 24) mnemonic phrases and asked to keep it secure. These mnemonics are further used to recover accounts and related crypto balance.

MetaMask Account Recovery using Seed Phrase

One set of mnemonic can be used to create multiple addresses. This method of generating account was introduced in BIP32 & BIP39 long time ago. Here, we will talk about the BIP39 mnemonic generation process with a simple example.

BIP39

This BIP describes the implementation of a mnemonic code or mnemonic sentence — a group of easy to remember words — for the generation of deterministic wallets.

It consists of two parts: generating the mnemonic, and converting it into a binary seed. This seed can be later used to generate deterministic wallets using BIP-0032 or similar methods. Lets understand first part of it.

Mnemonic Generation

Mnemonic generation is a multi-step process. We will go step by step with an example:

  1. Generate Entropy: It starts with entropy generation. With more entropy security is improved but the sentence length increases. It is allowed to be 128–256 bits to generate 12–24 phrases. We will take example of 128 bits which will generated 12 phrases. In our example, below is the entropy generated , in hex & binary:

In hex: 063679ca1b28b5cfda9c186b367e271e

Complete 128 bits are as:

0    6    3    6    7    9    c    a    1    b    2    8    b    
0000 0110 0011 0110 0111 1001 1100 1010 0001 1011 0010 1000 1011

5 c f d a 9 c 1 8 6 b 3 6
0101 1100 1111 1101 1010 1001 1100 0001 1000 0110 1011 0011 0110
7 e 2 7 1 e
0111 1110 0010 0111 0001 1110

2. Generate Checksum: Second step is about generating checksum.

checksum = first (length of entropy in bits/32) bits of SHA256 of     entropy

In our case, it is 128/32 = 4 bits. Lets assume, it is 0110 (6 in decimal) in our case. Append this checksum in the end of initial entropy. So, after concatenation, it will be:

000001100011011001111001110010100001101100101000101101011100111111011010100111000001100001101011001101100111111000100111000111100110

3. Split: Now we need to split it into groups of 11 bits. Right now total bits are 128 + 4 = 132

After split, it will look like:

00000110001 10110011110 01110010100 00110110010 10001011010 11100111111 01101010011 10000011000 01101011001 10110011111 10001001110 00111100110

4. Convert to decimal: Now we need to convert these bits into its decimal representation as:

00000110001 10110011110 01110010100 00110110010 10001011010
49 1438 916 434 1114
11100111111 01101010011 10000011000 01101011001 10110011111
1855 851 1048 857 1439
10001001110 00111100110
1102 486

These decimal representation varies from 0–2047. These work as an index to mnemonic word list. This word list can be found here.

5. Find out Words: Now words will be chosen from the wordlist. In our case, with English language, they will be as:

49          1438        916         434         1114        1855 
alert record income curve mercy tree
851 1048 857 1439 1102 486
heavy loan hen recycle mean devote

So, this way final generated mnemonic phrases will be:

alert record income curve mercy tree heavy loan hen recycle mean devote

No. of mnemonic words generated depends on the size of initial entropy. It follows as:

Bits of Entropy     Number of words
128 12
160 15
192 18
224 21
256 24

Further to create a binary seed from the generated mnemonics, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string “mnemonic” + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes). This seed can be further used for HD wallet purpose.

Thanks for reading!!!

Coinmonks

Coinmonks is a technology-focused publication embracing decentralize technologies. We are Non-profit and education is our core value. Learn, Build and thrive. Our other project— https://coinmonks.com, https://cryptofi.co, https://coincodecap.com

Aniket

Written by

Aniket

Blockchain Engineer

Coinmonks

Coinmonks

Coinmonks is a technology-focused publication embracing decentralize technologies. We are Non-profit and education is our core value. Learn, Build and thrive. Our other project— https://coinmonks.com, https://cryptofi.co, https://coincodecap.com