A seed phrase is a sequence of 12 to 24 simple words that serves to generate and backup your Bitcoin wallet’s private keys.

Private keys are required to prove ownership when authorizing a bitcoin transaction.

You can think of private keys as like the master keys that unlock your bitcoin whenever you need to spend. As a result, creating, managing, and securing private keys is of utmost importance.

So where do private keys come from? … From a seed phrase.

Most modern Bitcoin wallets (aka Hierarchical Deterministic or “HD” wallets) create private keys from a standard process involving a seed phrase. The process begins by generating randomness (aka “entropy”) to create a 128-bit to 256-bit number (128 to 256 ones and zeros). For human-readability and ease-of-use, that random number is converted into a corresponding sequence of 12 or 24 words called a “seed phrase,” which is used to create private keys. You can think of a seed phrase as a human-friendly way to represent a very big random number.

The process of going from seed phrase to private keys is deterministic, which means the same set of private keys can always be reproduced from a given seed phrase. Seed phrases, therefore, serve two main roles:

• Private key source: When setting up a self-custodial wallet, a seed phrase is created and used as the unique source for generating your private keys.
• Private key recovery: If your Bitcoin wallet is ever lost, damaged, or destroyed, your seed phrase can be used to re-create all your private keys, giving you back control of your bitcoin.

If you use a custodial Bitcoin wallet, like Strike, then the custodian will be in charge of managing the seed phrase and private keys on your behalf. Taking self-custody of your bitcoin is the process whereby you send your bitcoin to an address where you control the private keys yourself, including the seed phrase from which they’re created.

Even though bitcoin is a digital asset that exists as records on a distributed ledger called a blockchain, you can hold your seed phrase in your possession or even memorize it in your head. Since the only way to spend bitcoin is with the correct private key, having exclusive control of your seed phrase (and by extension your private keys) is how you can own bitcoin without relying on any trusted 3rd party.

It goes without saying that the most important thing to know about seed phrases is that they must be kept secret and secure. If someone takes your seed phrase, they can recreate your private keys and take your bitcoin.

Where do the seed phrase words come from?

Seed phrase words come from a standardized word list defined by Bitcoin Improvement Proposal #39 (aka BIP39). This proposal was introduced in 2013 to simplify and improve the process of backing up and recovering Bitcoin wallets.

The word list contains 2,048 simple words, however, only the first 4 letters of each word are actually relevant since no two words in the list share the same first 4 letters. The list is ordered alphabetically, so that each word corresponds to a specific number in the list, with “Abandon” being the first word and “Zoo” being the last.

To make a 24-word seed phrase, your wallet will follow these steps:

• Start with randomness: Your wallet will use a random number-generating algorithm to produce a 256-bit number – a unique sequence of 256 ones and zeros.
• Add a checksum: An 8-bit checksum is added at the end of this number by hashing the number, then taking the first 8-bits of the deterministic hash and appending it to the end to create a 264-bit number. This checksum serves as an internal security check within the number itself to prevent error or manipulation.
• Split into 11-bit segments: The 264-bit number is then split into 24 separate 11-bit segments. In binary, 11-bits can represent numbers from 0 to 2,047 (2,048 total combinations).
• Match to word list: Each 11-bit segment corresponds to a specific word in the BIP39 word list. For example, the number 00000000000 matches to the 1st word (“Abandon”), 00000000001 matches to the second word (“Ability”), and so on until 11111111111 matches to the 2,047th word (“Zoo”).
• Finalize the phrase: The 264-bit number (256-bit randomness + 8-bit checksum) now has a corresponding seed phrase and can be used as a unique source to generate private keys.

Depending on the wallet or configuration, seed phrases can also be 12 or 18-words long, providing differing balances between simplicity and security. 12 and 18-word phrases follow the same procedure, except that they have 128-bit or 192-bit randomness with 4-bit or 6-bit checksums, respectively.

When setting up a self-custodial wallet, you’ll be prompted to write down your seed phrase. It’s crucial to record the words accurately and in the correct order. To protect from water or fire damage, consider storing your seed phrase on a steel plate. Also, keep in mind that your seed phrase is the backup for your bitcoin, so taking utmost care is warranted.

How does a seed phrase work?

Once your wallet has gone from randomness to seed phrase, it can then be used to produce subsequent private keys, public keys, and Bitcoin addresses. Here’s the basics of how it works:

• Generate seed phrase: Your wallet generates your seed phrase using the aforementioned process, which you promptly write down and store securely.
• Create a seed: The seed phrase is hashed to produce a seed – a unique sequence of numbers and letters.
• Create the master key: From your seed, your wallet creates a master key (aka “master private key”), which serves as the main input to create private keys.
• Derive private keys: From the master key, countless unique private keys can be created, which can be used to authorized transactions.
• Create public keys: For each private key, a matching public key can be generated, which can be shared publicly without exposing the corresponding private key.
• Create Bitcoin addresses: Each public key can then be used to create a Bitcoin address, which can be easily shared to others to receive bitcoin transactions.
• Signing transactions: After receiving bitcoin to one of your addresses, you can spend that bitcoin by authorizing a transaction using a digital signature, which can only be created using the matching private key.

The process of going from a seed phrase to a set of Bitcoin addresses is deterministic, meaning the same seed will always generate the exact same set of private keys, public keys, and addresses.

What this means is that 12 to 24 words held in your possession can secure your entire bitcoin wealth. It’s a way to hold money independent of any bank or custodian and be entirely financially autonomous. Seed phrases offer several advantages:

• Simplicity: A single phrase can backup and recover countless private keys.
• Human-readability: It’s easier to remember 12 to 24 words than a long sequence of random letters or numbers, which are how seeds and private keys are represented.
• Cross-compatibility: The BIP39 standard is widely adopted, so you can use your seed phrase to recover all your private keys in a new self-custodial wallet app.
• Mobility: When you write down (or even memorize) your seed phrase you can actually carry your entire bitcoin wealth with you, offering unprecedented mobility and autonomy.

How secure are seed phrases?

Randomly generated seed phrases are extremely secure due to the vast number of possible combinations.

In binary, each bit can be either 1 or 0. For a 24-word seed phrase, which comes from 256-bits of randomness, there are 2²⁵⁶ possible combinations. This means seed phrases represent unique numbers within an unimaginably vast range of possibilities:

• 12-word seed phrase: A 128-bit number with 2¹²⁸ possible combinations, or a number between 0 and 3.400 X 1038 (aka ~340 undecillion)
• 18-word seed phrase: A 192-bit number with 2¹⁹² possible combinations, or a number between 0 and 6.277 X 1057 (aka 6.277 quattuordecillion)
• 24-word seed phrase: A 256-bit number with 2²⁵⁶ possible combinations, or a number between 0 and 1.157 X 1079 (aka 1.157 quattuorvigintillion)

To put this into perspective, a random 256-bit number is a number between 0 and 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936. For context, there are more possible combinations than there are atoms in 100 billion galaxies (atoms mind you, not stars). Even with all the computation power in the world, successfully finding someone’s random seed phrase through “brute force” guessing is for all intents and purposes impossible.

It’s not a needle in a haystack, it’s an atom in a universe. This asymmetry between the ease of generating a seed phrase and the sheer impossibility of guessing it is a security feature of Bitcoin.

Seed phrase security is less about any human or computer guessing your phrase, and more about someone stealing it. When you take self-custody of your bitcoin, you must take utmost care to safeguard your seed phrase from theft, loss, or damage. You can read more about best practices for how to secure your private keys and seed phrase here.