What Exactly are Seed Phrases from Your Favorite Wallet and is it Secure?

Photo by Julius Drost on Unsplash

Have you ever wondered if it is possible for someone to crack the seed in your wallet? I’m not referring to someone being able to find where you keep it, but to find it mathematically.

Could a hacker, using brute force, decrypt your seed knowing your public address? 

Could someone combine the words in such a way to find a seed from one of the many wallets that exist, there are more and more wallets and that increases the possibility of randomly finding a wallet with funds.

Your fear would increase if you know that the seed is created from the combination of “only” 2048 words, which you can see them in Github, since they are part of the open code for the encryption of the BIP39 protocol (Bitcoin Improvement Proposal), a system created in 2013 by the Satoshi Labs team, and used by most of the wallets.

What is Cryptography?

Cryptography deals with encryption or encoding techniques aimed at altering linguistic representations in order to make them unintelligible to unauthorized recipients. These techniques are used in art, science and technology.

Symmetric cryptography is the most rudimentary way of encrypting and decrypting records, since it uses the same key, and that is why it is not used in the blockchain industry, because it is not possible to share it with third parties to perform transactions, because you would lose control of the encrypted records.

Asymmetric cryptography is used in blockchain. The sense of encryption is unidirectional, i.e. it encrypts one piece of data from another, so it uses 2 keys. One of the keys is private and the other is public, and they are known as addresses in the blockchain. The public address is created from the private one. The public address is the one we must make known if we want to make transactions. The private key should never be shared, because it is the one that makes funds available.

Bitcoin, like Cardano, uses two types of hash algorithms: SHA-256, as the main hash function, and RIPEMD-160, for address creation. The blockchain employs the Merkle tree for records, which allows efficient and secure verification of the integrity and inclusion of large amounts of data. 

The Merkle tree is a pyramidal structure of hashes, in which each hash is the result of applying a computational function on the lower hashes, to relate them until they reach the root node, and thus build the tree, or chain.

Private keys are formed by a 256-bit sequence of numbers and letters. for example, it could look like this:

213DF440BD38832300FB6173D3C332623A69C6DA73F67F55C86E9873D7973AA2

They are complex to memorize or store and that is why the seed was designed.

How do Seed Phrases Work?

When creating the wallet, the cryptographic system randomly generates a private address, with its public address and for this, the combination of seed words, a mnemonic phrase that arises from the encryption protocol.

Therefore, the seed or mnemonic phrase provides the user with a friendly way to interact with their private keys. It consists of a series of words, usually 12, 15 or 24, easy and recognizable to people that, when entered in a specific order, allows to restore the private keys of a crypto wallet.

It is called “seed” precisely because it is the germ by which public addresses and their corresponding private key can be derived deterministically.

The 15-word seed can look like this:

cradle ability retire trust acoustic only actual chase stamp ecology frequent impact olive resource stable

Even some words may be repeated, but that is determined by cryptography, where the order arranged, in the generation of words, is essential and unique.

Can a Seed Phrase be Deciphered?

What many people wonder is, what are the odds that that combination will be the same as another wallet that was generated earlier, or generated later, or worse, that a hacker will crack it.

To understand the mathematics behind combinatorics I will give you a simple example. Suppose the seed is only 2 words (instead of 12, 15 or 24), and the standard base is 3 (instead of 2048). The formula of possible combinations is 32 = 9. Suppose the words are: abandon, fly, reflect, the possibilities are only these 9:

On BitcoinWiki they explain that a seed containing only 12 words, the number of possible combinations to find a unique wallet would be 2048¹² = 2¹³² and the phrase would have 132 bits of security. However, some of the data in a BIP39 phrase is not random, so the actual security of a 12-word BIP39 seed phrase is reduced to 128 bits, or 2¹²⁸ combinations, but most experts consider it sufficiently secure. That number of combinations, in an integer, looks like this:

340,282,366,920,938,000,000,000,000,000,000,000,000

If your seed is 24 words, the number of possible random numbers is 2256 and looks like this:

115,792,089,237,316,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000

By mathematical definition, the more words the seed contains, the more secure it is.

BitCrack is a software specially designed to hack private keys, and the participating members, after many tests, considered the search to be useless.

Let’s calculate how long it takes to decrypt a wallet with a 12-word seed, on a machine with a throughput of 9 million addresses per second, a rather high but possible processing rate. It will be approximately 223 addresses per second. Thus, the brute force will take  2128 / 223  = 2128-23 = 2105 per second, which is equivalent to processing:

40,564,819,207,303,303,300,000,000,000,000,000,000,000,000 combinations per second, representing 1,286,301,978,922,610,000,000,000,000,000 years to process them all.

In a contest, John Cantrell, developer of the Lightning Network Juggernaut messaging protocol, was able to crack a wallet with a 12-word seed, where, as I said, the possible combinations are 2¹²⁸, but of course, there was a trick, the owner of the wallet gave him 8 of the words as “help” and thus reduced the combinations to 2⁴⁰ (~1.1 trillion) possible mnemonics. A great help, which makes clear the strength of the cryptographic protocol.

Is it Possible to use a Seed Phrase in Another Wallet?

Although the process is simple, it is called restoring the wallet, which you can do on any device that supports the wallet application, you must take into consideration some aspects:

  • You must make sure that the two wallets are compatible with each other and that they use the same generation scheme (mainly in the number of words).
  • You should also make sure the compatibility between the currencies supported by each wallet, since for example, you could have problems between a wallet that supports many currencies and another one that only supports Bitcoin.

Conclusion

Answering the question why you started reading my article, yes, your wallet’s seed is secure, and it is almost impossible to be decrypted.

Your main concern should focus on safeguarding your seed: Are Your Digital Assets Secure? Best Practices to Help Mitigate Risk

Finally, I remind you that if you have your cryptocurrencies in a custodial exchange you do not own your funds, because you do not have your keys. Keep your cryptocurrencies in a non-custodial wallet. 

Not your keys, not your cryptos.

2 comments
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts