Generating a Bitcoin Wallet seed in Elixir

How to derive HD Wallet Seed from a mnemonic in Elixir?

In the previous article:

we learned the process of generating mnemonic words. They represent an entropy with a length of 128 up to 256 bits. This entropy is used to derive a longer ( 512-bit ) seed through the use of the key-stretching function pbkdf2 .

Seed, HD Wallet Seed, Root Seed — a potentially-short value used as a seed to generate the master private key and master chain code for an HD wallet.

In this article, we will learn how to start with only mnemonic to finally generate seed.

From mnemonic to seed

The key-stretching function takes two parameters: the mnemonic and a salt. The purpose of a salt in a key-stretching function is to make it difficult to build a lookup table enabling a brute-force attack. In the BIP-39 standard, the salt has another purpose — it allows an introduction of a passphrase that serves as an additional security factor protecting the seed.

As you can see, the general flow looks as follows:

1. The first parameter to the PBKDF2 key-stretching function is the mnemonic produced in the previous article.

2. The second parameter to the PBKDF2 key-stretching function is a salt. The salt is composed of the string constant mnemonic concatenated with an optional user-supplied passphrase string.

If an optional passphrase is used, the stretching function produces a different seed from the same mnemonic. In fact, given a single mnemonic, every possible passphrase leads to a different seed!

3. PBKDF2 stretches the mnemonic and salt parameters using 2048 rounds of hashing with the HMAC-SHA512 algorithm, producing a 512-bit value as its final seed.

The set of possible wallets is so large ( 2⁵¹² ) that there is no practical possibility of brute-forcing or accidentally guessing the combination of mnemonic and passphrase in use.

Subscribe to get the latest content immediately

https://tinyletter.com/KamilLelonek

Summary

Today, we went from just a mnemonic phrase to the HD wallet seed. The seed allows you to easily back up and restore a wallet without needing any other information as well as to create public addresses without the knowledge of the private key.

If you are interested in the complete code, it’s available right here:

You will find there useful examples and the corresponding test suite.