Wallets are essential tools that enable users to manage their blockchain accounts, securely store their assets, and sign transactions to make changes to the blockchain state.

In this post, we’ll cover what a wallet is, how wallets are made, and how they use elliptic curve cryptography to generate and secure private-public key pairs, derive seed phrases, and facilitate secure blockchain interactions.

What is a wallet?

A wallet is an application that lets you view and interact with your blockchain account(s); these accounts enable you to submit transactions to perform actions such as sending tokens or interacting with smart contracts.

Each account on the blockchain is made up of a cryptographic key pair; a set of 2-keys that are linked to each other. In the context of blockchains, this kind of account is typically called an Externally Owned Account (EOA), and consists of a public key and a private key:

• Public key: The address of your wallet. It can be shared with anybody, and other people (or smart contracts) can use it to send you cryptocurrency.
• Private key: The “signing key” that you use to sign messages or transactions. Anybody who has access to the private key has full control over the funds in the wallet.

This key pair has a powerful feature, called a trapdoor function; meaning it’s:

• Easy to figure out the public key if you have the private key (A→B).
• Impossible to figure out the private key if you have the public key (B→A).

What are wallets used for?

Wallets are used to sign messages or transactions using the wallet’s private key to be sent to a blockchain.

Wallets provide a way to know what messages or transactions a wallet has agreed to; since the public key of the transaction sender can be recovered from the transaction signature. This is essential to prevent fake/malicious transactions from being accepted on the blockchain.

For example, Jarrod could submit a transaction claiming that Abril sent him 5 ETH even if she never agreed to this transaction. However, since the blockchain verifies the signature of each transaction, it will quickly reject the transaction as the recovered address from the signature does not match the “sender” of the transaction (i.e. Abril).

Blockchains like Ethereum use ECDSA (Elliptic Curve Digital Signature Algorithm) to check if the public key recovered from the transaction signature matches the public key of the person who sent the transaction to the network.

How are wallets created?

To create a wallet, you need to create a public-private key pair. However, the values of this key pair need to follow a few rules for it to work on a blockchain.

1. A private key is made up of 64 hexadecimal characters (characters 0→F).
2. The public key is derived from the private key using elliptic curve cryptography (ECC).
3. The public key is chopped up, hashed, and formatted to become a 42-character address.

This 3-step process is the core flow of how accounts are generated on the blockchain.

Next, we’ll dive into how a public key is derived using an elliptic curve and a private key. But before that, we’ll answer a few other questions you might have about wallets, such as:

• How do I ensure my private key is randomly generated?
• What if I get the same private key as someone else?
• How do seed phrases fit into this process?
• How are multiple key pairs generated from a single seed phrase?

What is a seed phrase?

While it is possible to generate a random 64-hex value like we just demonstrated, usually, private keys are generated using specific standards that originated from Bitcoin. These standards enable users to remember a seed phrase, which is a 12-24-word phrase that can be used to create any number of new accounts associated with it.

This allows users to remember a single set of words to access all of their accounts; each with an individual public-private key pair. Any number of new private keys can be derived from a single seed phrase using a specific key derivation function (KDF).

So, let’s first cover how seed phrases are generated via random entropy and how private keys can be derived from a seed phrase, before finally revisiting how public keys are derived from private keys.

How Seed Phrases Work

When you first install a wallet application, typically, it will ask you to write down and safely store a seed phrase somewhere; usually a 12 or 24-word combination. You can see an example list of possible English words here, which you’ll notice is 2048 words in length (we’ll revisit that number shortly).

What is BIP-39?

This idea of storing mnemonic seed phrases was introduced in 2013 with a BIP (Bitcoin Improvement Proposal); BIP-39. This proposal provides a standardized way of generating random entropy and translating it into a series of easy-to-remember words.

How is a seed phrase generated?

First, we need to make sure our seed phrase is randomly generated, after all, we don’t want someone else accidentally getting into our wallet and access to our funds.

To do this, a random number is generated using CSPRNG (Cryptographically secure pseudorandom number generator), which you can do in your browser:

This random number is called entropy. This entropy is used to create the set of words that form a seed phrase. In our case, 128 bits maps to 12 words, but it is also possible to use other lengths, such as:

• 15 words: 160 bits
• 18 words: 192 bits
• 21 words: 224 bits
• 24 words: 256 bits

So, how do we use these bits to create a seed phrase? What’s the relationship between bits and words? First, a checksum for the entropy is created and appended to the 128 bits; this is a 4-bit hash of the entropy created to ensure its integrity.

So, now we have 128 bits of entropy + 4 bits of the checksum, to make a total of 132 bits. Next, the 132 bits are converted into binary; specifically, they are split up into chunks of 11 bits.

We now have a set of 12 binary numbers, each of which is 11 bits in length. Hint: we have 12 numbers, and our seed phrase is going to be 12 words!

Recall that we have 2048 words in our list and that 2048 was chosen because 2048 is 2^11, since there are 2048 different possible binary numbers you can make with 11 bits.

Now we just need to convert these binary numbers into words from our word list. This is performed by using the binary number as an index to look up a word in the word list. i.e. If the binary number is 10, we use the 9th word in the list (since we start at index 0), for example:

• 000000111, (7 in binary) is the 8th item on the list, which is abstract! 😉
• 11111111111, (2047 in binary) is the last item on the list (2048th), which is “zoo”.

Repeat this 12 times, one for each 11-bit number to form a seed phrase containing 12 words.

By generating a random entropy value, splitting it up into chunks of binary, and using those binary values as an index to look up words in a word list, we end up at a random seed phrase.

Can somebody guess my seed phrase?

Your immediate reaction to this might be: “If it’s only 2048 possible words, can’t someone guess my seed phrase?” Well, technically yes, but it’s really… really, unlikely. How unlikely you ask?

Imagine we forget about the random 128-bit generation step, and just manually select 12 words from the list. Each time we select a word, we’re selecting one option in a pool of 2048 words.

So, we can say that for someone else to also guess this same sequence of words, they need to correctly guess the same word as us with a 1/2048 chance, 12 times in a row. Right now, you’re probably thinking, “ok that doesn’t sound that hard…”, right?” But, let’s play this out:

• First Word: 2048 choices
• Second Word: 2048 choices
• And so on, up to 12: 2048 choices

This is 2048 x 2048 x 2048 … 12 times. Or, 2048^12. Which is… an absurdly large number. Roughly, 5 septillion, or 5 quadrillion billions. That’s unfathomable for us to comprehend, but let’s try…

Imagine you started guessing right now, using an insanely powerful computer that can guess 1 trillion seed phrases per second. It would take this machine 159 trillion years to guess one seed phrase. Or, (depending on what you believe), roughly 11,000 times longer than the current age of the universe.

Are 24-word seed phrases better than 12?

Some wallets opt for 128 bits (12 words), but more modern wallets ask you to remember 24 words for your seed phrase! Which is again, ridiculously big.

How private keys are derived from seed phrases

Now we have a 12-word seed phrase, how does it get used to create private keys for accounts? To do this, we need to convert our seed phrase into a binary seed that can be used to generate wallets. This process involves the following steps:

1. Optionally, the user provides an additional password.
2. An algorithm called PBKDF2 (Password-Based Key Derivation Function) takes in: The seed phrase. A combination of the string “mnemonic” and the optional password.

This process (called the key derivation function), outputs a 64-byte hash value, called the binary seed, using another algorithm called HMAC-SHA512 as the pseudo-random function.

The outputted 64-byte hash value can be used to generate accounts using logic that originated from other Bitcoin standards; namely BIP-32 and optionally, an extension of BIP-32, BIP-44.

What is BIP-32?

BIP-32 introduces hierarchical deterministic (HD) wallets; where many wallets can be derived from a single seed, and more wallets can be derived from those wallets, creating a “tree” of wallets.

What is BIP-44?

BIP-44 provides a standardized way to create a hierarchy for wallet structures from a single binary seed by implementing a specific derivation path following the structure: m / purpose’ / coin_type’ / account’ / change / address_index:

• purpose: Identifies the BIP standard used; for BIP-44, it is 44’.
• coin_type: Specifies the cryptocurrency; e.g., 0’ for Bitcoin, 60’ for Ethereum.
• account: Distinguishes between different user accounts.
• change: Indicates address type: 0 for receiving, 1 for change.
• address_index: Provides a unique index for each address under the same account and change type.

Not all wallets use BIP-44, but it is a common way to standardize how accounts are derived from a binary seed.

How are private keys created from the binary seed?

As we mentioned earlier, private keys are 64 hex characters, which is 32 bytes. And, we just generated a 64-byte binary seed through the PBKDF2 process - so how do we use this 64-byte hash value to create private keys?

First, the hash is split into two halves, each 32 bytes in size:

1. The first half is the master private key. This is a direct 1-1 mapping of the binary seed (generated using your seed phrase) and your wallet. It can be used in the process to create child private keys.
2. The second half is the chain code. This is used to ensure: If a child key is compromised, that master key remains secure. Child keys can be consistently constructed and are each unique.

Now we understand what private keys look like, how they’re randomly generated, and how multiple keys can be derived from a single seed phrase. Next, let’s explore how public keys are derived from private keys.

How Public-Private Keys Work

Using elliptic curve cryptography (ECC), we can figure out the public key for a given private key. There are different kinds of elliptic curves, but the one used by both Bitcoin and Ethereum is called secp256k1.

The specification for this elliptic curve includes a base point, G, that is used as the starting point for us to create other points on the curve. From this starting point, we “move around” the curve a certain number of times (determined by our private key), in a specific way. The point on the curve at which we end up when we stop this process will be our public key.

The way we “move around” the curve is called scalar multiplication. When working with elliptic curves, a scalar refers to a number used to scale a point on the curve. We take base point G and apply the scalar number to it to reach a new point on the curve by “stretching out” that point.

The scalar number we apply to the base point is our private key; put simply, we take our starting point G, and scalarly multiply it by our private key to reach our public key.

In reality, since the curve is defined over the prime field ℤp, it looks more like a bunch of scattered dots… but still has the same properties of the elliptic curve.

At the end of this scalar multiplication process (bouncing around <private key> number of times), we’ll end up at a new point on the curve, which is our public key. You can imagine this process looks something like this:

What are public keys used for on the blockchain?

Public keys, as the name suggests, can be shared publicly with anyone. They’re useful for:

• Seeing who submitted a transaction on the blockchain
• Receiving funds such as ETH from other wallets
• Can be used to verify if a private key signed a message or not.

Wrapping Up

Wallets are an essential component of blockchains that use elliptic curve cryptography to allow users to submit transactions and sign messages from their accounts.

However, some blockchains like Abstract also support new kinds of wallets, called smart contract accounts, that provide more features and enable stronger security, recovery mechanisms, and more.

Disclaimer：

1. This article is reprinted from [https://abs.xyz/blog], Forward the Original Title‘What is a Wallet?’, All copyrights belong to the original author [ Jarrod Watts ]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.

2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.

3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.