Home/Blockchain/Seed Phrases & Wallet Recovery/How Bip39 Works

๐Ÿ“š BIP-39: The Standard Behind Seed Phrases

Learn how 12-24 words generate infinite wallet addresses

Your Progress

0 / 5 completed
1
2
3
4
5
โ†
Previous
Introduction

๐Ÿ”ฌ How BIP39 Works

BIP39 (Bitcoin Improvement Proposal 39) is the technical standard that turns random numbers into memorable words. Let's break down the process step-by-step.

๐ŸŽฎ Interactive: 5-Step Conversion Process

Click through each step to see how entropy becomes a seed phrase

1
Generate Entropy
Create random data (128 or 256 bits)

Your wallet generates random bits using a cryptographically secure random number generator (CSPRNG). This is the source of true randomness.

Example:
10110010 11001110 10101111 01010011...

๐Ÿ”ข Entropy Calculator

Adjust the entropy size to see how it affects the number of words in your seed phrase.

128
128160192224256
Entropy Bits
128
Checksum Bits
4
Total Words
12

๐Ÿ“š The BIP39 Wordlist

BIP39 uses a carefully curated list of 2,048 words. Each word was chosen to be:

โœ… Unique First 4 Letters
"abandon" vs "ability" - you only need to write the first 4 letters to identify each word uniquely
โœ… No Similar Words
No "woman" and "women" to avoid confusion. No similar-sounding words that could be mistaken
โœ… 3-8 Letters Long
Short enough to write quickly, long enough to be recognizable. Examples: "cat", "umbrella"
โœ… Common Words
Everyday vocabulary, not obscure. "road", "again", "practice" - words you already know
Sample words from the list:
abandon, ability, able, about, above, absent, absorb, abstract, absurd, abuse, access, accident, account, accuse, achieve...

๐Ÿ” Checksum: Error Detection

The checksum is a built-in error detector. Here's how it works:

Step 1: Hash the Entropy
Take SHA-256 hash of your original entropy bits:
SHA-256(10110010...) โ†’ a3f7d9e2c1b4... (256 bits)
Step 2: Extract Checksum
Take first ENT/32 bits of the hash:
For 128-bit entropy: 128/32 = 4 checksum bits
For 256-bit entropy: 256/32 = 8 checksum bits
Step 3: Append to Entropy
Concatenate checksum bits to original entropy:
128 bits (entropy) + 4 bits (checksum) = 132 bits total
132 bits รท 11 = 12 words
๐ŸŽฏ Why This Matters
If you mistype even ONE word when recovering your wallet, the checksum won't match. The wallet immediately knows something's wrong and rejects it. No guessing, no partial recoveries - it either works or it doesn't.

๐ŸŒŠ From Mnemonic to Master Seed

The final step is converting your mnemonic phrase into a 512-bit seed that can generate all private keys:

PBKDF2 Key Derivation
โ€ขInput: Your mnemonic phrase + optional passphrase
โ€ขSalt: The string "mnemonic" + your passphrase
โ€ขIterations: 2,048 rounds of HMAC-SHA512 (slow by design)
โ€ขOutput: 512-bit seed (64 bytes)
PBKDF2-HMAC-SHA512( mnemonic="witch collapse practice..." , salt="mnemonic" + passphrase , iterations=2048 ) โ†’ 512-bit seed
๐Ÿ’ก Optional Passphrase (25th Word)
You can add a custom passphrase as an extra layer of security. Same mnemonic + different passphrase = completely different wallet! This is like a secret 13th/25th word that you memorize instead of writing down.