Score:0

How does hardware wallet recovery work?

ye flag

I'm investigating hardware cryptocurrency wallets and am trying to understand how recovery works from a technical point of view. These wallets typically provide a 24-word "recovery seed" from which the wallet can be recovered. What I'd like to understand is how the private keys for various cryptocurrencies can be recovered from this one seed, especially considering the the private keys are generated subsequent to the recovery seed.

DannyNiu avatar
vu flag
a.k.a. How does key generation work + how does one seed a PRNG.
roy das avatar
ba flag
I have few questions/confusions someone please answer me. i am attaching my post link here https://crypto.stackexchange.com/q/106435/109253
Score:4
tr flag

High-level answer

There are many cryptographic algorithms (hashes, message authentication codes, ciphers, pseudo-random number generators...) that basically allow you to deterministically transform some arbitrary data into uniformly random data (formally, they are pseudorandom functions). So basically the 24-word seed is decoded as a byte string, which is then transformed into uniformly random data, which is then interpreted as a number, which is the private key (which is what you need to authorize transactions).

In other words, if you have the mnemonic, you can derive the private(s) key(s) used to authorize transactions.

Low-level answer

The 24-word mnemonic is converted to a 64-byte seed using PBKDF2 (a key-derivation function, originally used to derive keys from passwords). For Bitcoin this is described in BIP-39.

Note in particular that PBKDF2 does not care how the mnemonic was generated, it just receives a string of bytes. For this reason, there is nothing stopping other cryptocurrencies from deriving keys from the same mnemonic (as long as they don't use the exact same procedure, to avoid generating the exact same keys).

This seed is then used to generate a master key, from which a tree of key pairs can be generated (so that the same mnemonic can generate a large numbers of addresses / public keys). The master key is generated by feeding the seed into HMAC-SHA512 (a message authentication function, though in this case not used for authentication, just to derive random data) and obtaining two 32-byte sequences. The first one is interpreted as a number (the master private key) and the second is is the "master chain code". Finally, there is procedure to derive a child private key from a parent private key, the parent chain code and an index, also using HMAC-SHA512 in a similar way. This is described in BIP-32.

Maarten Bodewes avatar
in flag
Heh, you got me interested in your story, posting intricate things about bitcoin without participating at bitcoin site itself. However your cryptoland.net site (link in your profile) seems down.
tr flag
@MaartenBodewes I've just recently started working with cryptocurrencies (Zcash to be precise). I fixed the link in my profile, thanks for letting me know! (That domain is no longer mine, someone made a good offer for it )
Martin Braun avatar
us flag
@Conrado I have the same question like OP, but I still don't understand how a client can generate new private keys without ever changing the secret pass-phrase to recover it. For instance, Exodus claims your private keys will never leave your computer, but despite creating many private keys in monthly usage, the pass-phrase will remain the same. How can this work?
tr flag
@MartinBraun Broadly speaking, it simply derives each private key from the seed concatenated with an integer which is incremented each time an address is generated. To recover the wallet, it just needs to increment the integer, concatenating with the seed and deriving the key in each iteration. It stops when it finds a bunch of addresses that haven't received transactions. This process is described in [BIP-44](https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki#account-discovery)
Martin Braun avatar
us flag
@Conrado Good to know, thanks I appreciate it.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.