What is Bitcoin Improvement Proposal 39 (BIP-39)?
Bitcoin Improvement proposal or BIP is a design document providing information to the bitcoin community or describing a new feature for bitcoin or its processes or environment.
BIP-39 describes the implementation of a mnemonic code or mnemonic sentence for the generation of deterministic wallets.
It consists of two parts, generating the mnemonic and converting it into a binary seed. This seed can then later be used to generate deterministic wallets using BIP-32 or similar methods.
Generating the Mnemonic
BIP-39 serves as a guide to transport computer-generated randomness with a human-readable transcription which is highly user friendly compared to handling raw binary or hexadecimal representations of wallet seed.
The mnemonic that’s going to be generated must encode entropy in a multiples of 32 bits and should be between 128–256 bits. We refer the initial entropy length as ENT.
Note that higher the length of the bits, higher the level of security will be, but the mnemonic length also increases.
After ENT is generated, a checksum is generated by taking the first “ENT/32” bits of its SHA256 hash.
HASH = SHA256(ENT),
CS = First ENT/32 bits of the HASH
The checksum is then appended to the initial entropy, ENT + CS.
The concatenated bits are then split into groups of 11 bits, each encoding a number from 0–2047, serving as an index into a wordlist. We convert these numbers into words and use joined words as a mnemonic sentence.
Characteristics of the wordlist
The words corresponding to the indices from 0 to 2047 is standardized for interoperability. The characteristics of the wordlists are,
1) The wordlist is created in such a way that it’s enough to type the first four letters to unambiguously identify the word.
2) Word pairs that look similar are avoided to make remembering the sentence much easier.
3) The wordlist is sorted so that the lookup of the code words are more efficient.
The very use of replacing the index number with words is to help the user remember the keys much more easier.
Checkout the standard wordlist to be used as described in BIP-39 here,
Mnemonic to seed
For the conversion of mnemonic to seed, the PBKDF2 function is used.
PBKDF 2 or Password-Based Key Derivation Function 2 is a simple cryptographic key derivation function, which is resistant to dictionary attacks and rainbow table attacks. It is based on iteratively deriving HMAC many times with some padding.
The mnemonic sentence is used as the password and the string “mnemonic” + passphrase is used as the salt for PBKDF2 function.
The passphrase can be entered by the user and if not, then an empty string is used.
The iteration count is set to 20148 and HMACSHA512 is used as the pseudo-random function to derive a key of length 512 bits. This seed is then later used to generate HD wallets that is described in BIP 32 which I will be covering in another article.
