How Does A Seed Phrase Recover All My Cryptocurrency?


You might have heard that your seed phrase is all you need to recover all of your coins.

That's true! But, your seed phrase technically doesn't "store" your coins, rather its used to find them.

But what does that mean? They're just words. How are words used to "find my coins"?

Private Keys, Public Keys, Addresses

Let's start where your coins are actually "stored".

Addresses

Your coins are stored in (or associated with rather) addresses. An address is long series of letters and numbers (also known as a hexadecimal) that your wallet gives you to copy and paste when you want to receive coins.

It might look something like this: 

18L1EWSLwQfrUYDkY2cXG72wL4VVvcueE2

When someone sends coin to an address, those coins are now associated to said address.

But how do you get an address?

Public Key

An address is "created" from a public key, another hexadecimal that "locks" sent coins to said address.

A public key would look like this (for the example address):

020acf59763d9fd0dc8a23d49f94bc8f19c62a0e661b811c9b1b847a4e9ceedd13

But how do I "unlock" those coins to be sent to another address?

Private Key

The coins associated to an address that were locked by a public key is unlocked by a private key.

A private key (another hexadecimal) is a unique signature (like a password) that "unlocks" those coins from that address and allows them to be sent.

A public key is "created" from a private key.

A private key would look like this (for the example public key):

L3g7sAjcUGw6Dp9eJgEbq9zePaXC3DyRuUCruSyvqjGdk9e7bYSN

Imagine you had a personal mail drop box (like the ones you see out in the street where you drop off mail and packages).

You have a key to open the bottom door to get out what someone sent to you.

But, you also have a key for the top slot so someone can't just reach down and grab the items.

private key public key address

The key to open the bottom door is your private key.

The key to open the top slot is your public key.

The mail drop box is the address itself.

In summary, coins sent to an address are locked by a public key (coins are received) and unlocked by the private key (coins are sent).

Every address has exactly one public key and one private key (known as a public/private key pair).

But, your wallet doesn't simply have one address. It has a substantial number of addresses that coins can be sent to. All of those address can be traced back to a single seed phrase, essentially proving the ownership of any and all coins sent to them.

So how does my seed phrase get to my addresses and public/private keys?

Functions

To simply put, your seed phrase is put through a series of different functions in order to generate everything required to recover your wallet (addresses, private/public keys, etc).

But what's a function? A function is a mathematical formula (or series of instructions) that takes in inputs (like your seed phrase) and produces an output.

function can be as simple as: ( X + 1 ).

If you input the number 2 into the function ( X + 1 ) where X is the input, your output is 3:

  • Input (X): 2
  • Function: X + 1 -> 2 + 1
  • Output: 3

Functions, especially ones used for cryptography, can be extremely complex. The reason for their complexity is security.

You do NOT want to be able to figure out the input from the output. Why?

Because some outputs are public and meant to be shared with others (like your address). But, your address (an output) is generated from your public key and private key (inputs). You do not want someone to be able to figure out your private key from your address.

For a simple example, say you have a "secret" number 5 5 6 4. This is your input.

The function is "add up all the numbers": 5 + 5 + 6 + 4

Your output would be 20. 

The thing is, the input could have also been (5 5 5 5) or (0 0 19 1). They would have the same output as 20 but it'd be quite difficult to figure out your actual "secret" number.

Seed phrases (and private keys, public keys, addresses) works in a similar yet extremely more complex fashion. These functions have complicated sounding names but it is not essential to understand their inner workings. Just know a function takes in an input and spits out an output.

Seed Phrase to Seed

seed phrase seed

Your seed phrase acts as the input into a function called Password Based Key Derivation Function 2 (PBKDF2) and outputs your seed.

Yes, your seed and your seed phrase are two different things.

Your seed phrase is a 12-24 word phrase.

Your seed is a hexadecimal (again a series of numbers and letters).

Seed phrases were created because copying down a seed is quite prone to error.

For example this seed phrase:

liberty bread eight solar income poet squirrel enlist wine educate profit define

when put through PBKDF2, results in this seed output(you can see why it'd be difficult to copy down):

 6bacd717a59732346c28a618ba6c2c4a8852f9f254ab838da1478a968f4061a73b9b0a5c6606a6d7ae37d5ea5a3dd118fef3532bf3b007b5d6aa94e5dc799446

Seed to Master Extended Key (m)

seed master extended key

Now that we have a seed, we can now use that as in input for another function called Hash-based Message Authentication Code, Secure Hashing Algorithm, 512-Bits (HMAC-SHA512). This function will output something called an extended key. An extended key is again is in the form of a hexadecimal (combination of letters and numbers).

The seed in our example above would result in the following extended key:

xprv9s21ZrQH143K29vsCGbDCocAE1n1vrMQwn3jFqrFFeyY3wh7nXaxZNSkRgMXUMYBKHnu4BtPg4uDPro9Xbk8zRND54C2XRK4jxS5zBMo3eZ

The purpose of an extended key is to be inputted into another function (along with a number between 0 and 4294967295) to generate more extended keys.

Then those extended keys can generate more extended keys (and so on and so forth).

You can think of these extended keys as the single parent, then children, and grandchildren, etc (assuming we reproduce asexually).

What do you mean when you say "along with a number between between 0 and 4294967295"?

A specific child key can generated by inputting a number between 0 and 4294967295 along with the parent extend key. This number is called an index.

Thus, every parent can generate up to 4294967296 children, and those children can generate up to an additional 4294967296 children (and so on and so forth) creating a huge tree-like structure that branches off into many different routes.

But, they all had to start with the first extended key. It is the root all the keys. Thus, we're going to name the first one, the master extended key and give it a designation, m

master extended key

Derivation Paths

If these keys can have 4294967296 children, and those keys can have 4294967296 children, it can get pretty complicated right? Which child do you pick (which index between 0 and 4294967295 do you input with your parent) to "get down to your coins"?

You'd need some sort of "map" to guide you to which child, then grandchild, etc.

This "map" is called the derivation path and specifies the indexes used to traverse down the tree. It essentially tells your wallet where to "find your coins".

A derivation path has 6 "levels" and each "level" has a special role or meaning depending on the index.

The derivation path has a specific notation where each level is designated by a "/" beginning with m:

m / Purpose' / Coin Type' / Account' / Change / Address

The apostrophe ( ' ) you see is a shortened notation of writing index 2147483648 and 4294967295. In other words, index 0 to 2147483647 is 0 to 2147483647. Index 0' to 2147483647' is 2147483648 to 4294967295.

We'll go through each level and explain what they mean.

Purpose (m / Purpose')

derivation path purpose

Derivation paths tell your wallet how to find your coins (from your master extended key, m) guiding it down the tree through each level.

They are described in Bitcoin Improvement Proposals (BIP). BIPs are documentation for features, ideas, information, changes, improvements, etc. for how Bitcoin works including derivation paths. Each of these BIPs are designated by a number. 

For derivations paths, the most common are described in BIP 44, BIP 49, and BIP 84 and those designation numbers are used as the index for the purpose.

m / 44' /

m / 49' /

m / 89' /

Each of these paths take you down a different route, each with a unique functionality described in their BIPs.

Thus, your master extended key (m) and one of these derivation path index numbers (44', 49', 89') are inputted into a function and generate another child extended key. We now "go down to the next level":

Coin Type (m / Purpose' / Coin Type' )

coin type

The next level is coin type. Quite literally, it is what it sounds. It designates the type of cryptocurrency.

Each type of coin or cryptocurrency is registered to an index number. 

Bitcoin is index 0'. Ethereum is index 60'.

The path so far would look like this:

m / 44' / 0'

So to get to your "bitcoin extended keys", the index number 0' is used along with the child extended key generated by your master extended key (m) and your purpose (e.g. 44').

You now have your "coin type" extended key.

Account (m / Purpose' / Coin Type' / Account' )

account

Like a bank, you can have multiple accounts.

Same thing with wallets! You can choose the account to "store" your coins (Account 0, Account 1, Account 2, etc).

You can specify the account number but utilizing it as the index along with your "coin type" extended key. So if I want to store my coins in account 8, I'd utilize 8 as the index number and the path thus far would look like this:

m / 44' / 0' / 8'

You now have your "coin account" extended key.

Change (m / Purpose' / Coin Type' / Account' / Change )

change

This index number is typically either 0 or 1.

Each number for the change index has a certain purpose.

Change Index 0 is used when you receive coins from others.

Change Index 1 is used when you "receive coins from yourself".

What does that mean? Well, let's start with how transactions work.

Transactions

When you send coins from an address to someone else's address, it sends all of the coins stored in that address.

It's best to describe this with an example. Bob sent 10 coins from an exchange to an address generated by his wallet. There are now 10 coins stored in [Bob Address 1A].

Bob wants to send Alice 3 coins. Alice generates [Alice Address 1A] and gives it to Bob to send.

Bob unlocks the coins stored in [Bob Address 1A] and specifies he wants to send 5 coins to [Alice Address 1A].

A transaction is created that sends all 10 coins from [Bob Address 1A].

3 coins from [Bob Address 1A] to [Alice Address 1A] AND 7 coins from [Bob Address 1A] to [Bob Address 1B]

The remaining 7 coins are the "change".

[Bob Address 1A] now has 0 coins.

[Alice Address 1A] now has 3 coins.

[Bob Address 1B] now has 7 coins.

Bob still has the remaining coins, they are just stored in a different address.

How this relates to the Change Index:

Utilizing change index 0 (along with your "coin account" extended key) will result in private/public key pairs and addresses that will be used when you want to receive coins from others (i.e. you give someone else your address).

Utilizing change index 1 will result in private/public key pairs and addresses that will be used when you send coins others for the change (addresses that will receive the remaining coins when you want to send coins less than what an address holds).

Note: The coins stored in the addresses in both of these change indexes are added up to make up to total sum.

So since we'll be receiving coins, I'd utilize 0 as the index number and the path thus far would look like this:

m / 44' / 0' / 8' / 0

Address (m / Purpose' / Coin Type' / Account' / Change / Address )

address

We're finally here! This last extended key can be inputted into a function along with an address index between 0 and 4294967295 to generate a specific private key.

This specific private key can then generate a specific public key (which can generate a specific address!).

You can generate up to 4294967296 addresses with corresponding public/private key pairs!

All of the coins sent to these addresses are added up to result in the sum of your coins for a specific account of a coin type.

For example the path from the master seed (m) utilizing BIP44 (44') for bitcoin (0') in account (8') used to receive (0) for the first account (0) would be:

m / 44' / 0' / 8' / 0 / 0

This means if you can have up to 4294967296 accounts with each up to 4294967296 addresses (that's a lot!).

Conclusion

Getting from your seed phrase to your coins (addresses, private/public key pairs) is quite the journey with its endless branches that all stem from your seed phrase.

But luckily, your wallet does these calculation behind the scenes and allows you to have virtually infinite accounts, addresses, keys, coins, etc. that you "own" just by knowing a single 12-24 word phrase.

I hope this article helped you understand the true magnitude of a seed phrase.

You might have heard a saying "not your keys, not your coins".

When you don't have a seed phrase that connects to those coins, you don't have the unrestricted ability to send those coins (the private keys). Nor do you have the unrestricted ability to receive coins (the public keys).

When you have your keys, you can do whatever you want with those coins and nobody can stop you. And all those keys can be derived from a single seed phrase.