MultiversX Tracker is Live!

Keys, Accounts, and Seeds: How Web3 Wallets Work

Etherum Reddit

More / Etherum Reddit 131 Views

Keys, Accounts, and Seeds: How Web3 Wallets Work

It’s easy to take wallets for granted without thinking about the mechanisms underneath that enable self-custody over our assets. Wallets use layers of cryptography to keep assets secure, and each level from seed to account does something fascinating.

https://preview.redd.it/2hxugb980gza1.png?622&format=png&auto=webp&s=976391af8d1f79fd81688bbcada7892562d13c3d

First, Wallets

Wallets are simply ways to access accounts on blockchain networks. Accounts have addresses that funds can be sent to, public keys that prove who they are, and private keys that authorize transactions. Even more private than private keys though, are the seed phrases that create them.

Source: YoungPlatform

Where Seed Phrases Come From

A seed phrase can be represented as 12 words, but that’s not how they start. Instead, they’re created as a series of 128 bits (ones and zeros) generated at random, plus 4 extra ones. These 132 bits divide into 12 words. In essence, each word is just a way to represent 11 ones and zeros. The BIP-39 proposal defines which sequences of bits correspond to which of the 2048 words.

The randomness of the bits that make up the seed is essential to the security of its accounts. Approaches to this “entropy generation,” or randomness, can vary from one wallet provider to another. Once a seed is created though, it goes through some additional cryptographic steps to keep itself secret.

Source: Greg Walker

How Private Keys are Created

Seed phrases give access to all the private keys that they create, whereas private keys only give access to specific accounts. A seed phrase is like a master key that can unlock every deposit box at your personal bank, whereas private keys only unlock one box (i.e. account) each.

Seed phrases create private keys by going through a couple of cryptographic steps. First, our seed phrases are added with some extra random data, called a salt, and passed through a hash function to create a “root key.” Hash functions take any data and represent it in a specific format, in this case 512 bits.

Read more about hash functions in my previous write-up on Merkle Trees.

Our 512 bit root key is then hashed again with a different function. The result is a sequence of another 512 bits that we split down the middle to create two things: the sequence on the left becomes the “master private key,” and the right sequence becomes “chain code.” The master private key can access all accounts that come from the same seed phrase, whereas the chain code serves as additional randomness that is used when new accounts are generated.

https://preview.redd.it/49b7yssl0gza1.png?534&format=png&auto=webp&s=ebd4fbd015928ec3c0752385f0b06cfa29aa8007

Finally, to create a private key that actually belongs to a new account (and not the seed phrase itself), we count up from 0. The first account a wallet creates will have an index number of 0, the next will have 1, and so on. We’ve gone through no less than three functions to create private keys, each serving an essential purpose for security.

How Public Keys are Generated

Public keys are generated with a method known as “elliptic curve cryptography.” This method uses an elliptic curve like the one below with a specific shape and starting point that varies from one blockchain to another. To generate a public key, a private key is represented as a number and multiplied by the starting point for that elliptic curve (and by extension, blockchain).

Source: Nick Sullivan

By virtue of mathematics, the resulting number is also a point on the elliptic curve. That number represents the public key. It’s practically impossible, however, to divide it to find out which starting point was used to get there. When compared to a classic form of encryption known as RSA, a study titled Universal Security noted that “breaking a 228-bit RSA key requires less energy than it takes to boil a teaspoon of water. Comparatively, breaking a 228-bit elliptic curve key requires enough energy to boil all the water on earth.”

How Wallet Addresses are Generated

One more level of abstraction is required to go from public keys to account addresses. While blockchains could have used public keys as the addresses themselves that people share, there’s a significant security reason why the distinction today exists. An address is essentially the public key after it’s gone through some hash functions.

The hash functions hide the public key so that an account can receive funds using the address only. As long as it never broadcasts a transaction, it’s public key remains hidden. This protects the account against potential future ways to break encryption that could allow a private key to be derived from a known public key. As a result, rotating funds to accounts that remain dormant is a prudent, long-term security measure.

https://preview.redd.it/zskfpprr0gza1.png?618&format=png&auto=webp&s=ebf29eeb95bd94fd81b30edf95ed32c342f47009

If you enjoyed this summary, sign up to my free newsletter for many more!

No ads, shills, or affiliations.

Stay kind. Stay curious.

https://ramiwrites.substack.com

submitted by /u/phillistine
[link] [comments]

Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.



Comments