With Bitcoin, it is easy to backup and recover your coins. In this guide, we explain how you use a seed to store your bitcoin securely. Also, we dig a bit deeper into the technology of so-called hierarchical deterministic wallets and tell how you can create a seed offline and with the help of dice.
One of the most common misunderstandings around Bitcoin is that you need to be a software expert. So many people say and think, that they do not understand this crazy Bitcoin thing, and even Bitcoin enthusiasts say things like, "If you are no expert, it is better just to use a third-party service like Coinbase or Bitcoin.de to protect your funds."
Such a statement may sound thoughtful and responsible, like telling children not to cross the street when no adult is with them. But the reality is, such an approach could not be less accurate and "less Bitcoin" for two reasons.
First; if you trust a third party to protect your funds, you do not need Bitcoin. In fact, it is better you trust your local bank instead of some anonymous server hosting a bitcoin wallet out of nowhere. Second; the amazing cryptography around Bitcoin and a lot of work of developers have made it surprisingly easy to backup your funds without any help. In fact, if there is one single main reason to be thrilled bout Bitcoin, it is this: Anybody can have full control over their money.
Our short guide explains how you backup your funds with a passphrase in practice. Invest five minutes in reading it, investing additional five minutes to do it, and you will sleep well, knowing, that all your coins are relatively safe. If you want to dig deeper, you should continue reading, as we explain how you can create your passphrase offline and with dice, and how the technology around it works.
One String of Words to Restore Them All!
Let us start with the useful part; how can you backup and restore your bitcoin using a seed?
Most wallets you use today have the option to backup your funds with a seed. The backup comprises of a random string of words, mostly 12, sometimes 18 or 24 words. It looks like this:
inspire october ten crop warfare wink game regular alley mimic anchor extra
Such a chain of words does not make any sense, but it could be one of the most valuable combinations of words of all time. It is everything you ever need to know to restore your wallet, no matter how many transactions you made and how many addresses you built.
You can write the seed on paper, copy the paper, store it in a vault, carve it into stone, use mnemotechnic to remember the words, write them in your testament. No matter how you do it, if you saved the phrase, in a way that only you and no one else can access it, you can format your hard disk, burn down your computer, throw your smartphone in the ocean. You will still be able to recover your bitcoin. This string of words is all you need to know.
In fact, if you achieved the mastery of the mnemonic technique to memorize these words, you can travel through the whole world, with nothing in your hands. No gadget, no wallet, no coin, no note, but you will be able to restore as much money as you like with nothing but access to the internet. Nobody can steal it from you; nobody can block it.
Isn‘t this magic? You store money in your brain. Few features represent the freedom Bitcoin enables as much as the seed.
How to Backup and Restore
The guide to doing a backup is very easy. Download a wallet with support for so-called hierarchical deterministic wallets. As nearly every single bitcoin wallet supports it, the list of wallets to use is long. In alphabetical order: Airbitz, Bither, BreadWallet, Coin.Space, Coinomi, CoPay, Electrum, Exodus, GreenAddress, Jaxx, Ledger, MultiBit, Mycelium, Simple Bitcoin Wallet, Trezor. Most of these wallets will demand that you write down your seed before you open the wallet for the first time. In some of them, you‘ll have to search for the option to backup your wallet.
After this, you have done the most important part. You have your magic words. But the most interesting question remains open; how do you recreate your funds? When your hard disk crashes or your smartphone falls under a harvester how can you access your coins with the seed?
How to use the seed to access your funds is the thrilling part of the story, the episode, in which you will watch yourself with a flattening heart, while the wallet loads your backup. The first time you use a string of words to rebuild your coins on another system, maybe thousands of kilometers away from the system you originally stored it this moment will be a magic moment for you and Bitcoin.
The simplest answer to the question, how to access your coin, is, that you should use the same wallet you used to generate the seed. If you made your backup with Electrum, use Electrum; if you made it with Trezor, use Trezor, and so on. You will recover your coins very fluidly. On some wallets, you have to look for the option to recover funds from backup, on other you need to open a new wallet from seed. After some searching you will find it, a field will open, in which you type in your magic words and the funds will be restored. Abracadabra!
The Beauty of Math and the Problem of Different Derivations
But it is not always that easy. What, if you lost your device? What if your Trezor is broken? And what, if the host, who runs the wallet like Mycelium, Jaxx or Exodus, is gone? How can you restore your funds in such a miserable situation?
Admittedly, things can get a bit more complicated. But the beauty of cryptography is, that you still have the keys. Your passphrase is the base, from which your keys are derived, with the absoluteness of mathematics.
Let us get a little bit technical, just for a second: There is a cryptographical procedure, called "hierarchical deterministic wallet," which translates the seed into a master key, from which all other keys are derived in a deterministic order. Like you are not dependent on a certain calculator or software to find the solution for a mathematical formula, your seed works independently from the wallet. It is not trusted, it is math; the backup you made with, let us say, Bither, does work with Exodus.
The only problem is that there are two standards. While the passphrase and the master key are the same, there are two paths to derive the keys and addresses for your wallet from this, called BIP32 and BIP44. You can imagine it like two rivers emerging from a spring. Thus it can happen, that, if you created a seed with a BIP44 wallet, like Bither, and try to recover it with a BIP32 wallet, like Electrum, you will open an empty wallet. So you have to find out, which wallet you need to recover.
The following table shows which wallets support which derivation path; it is not complete and without guarantee, as not every wallet is completely clear which BIP it uses.
On top of this, there are different implementations. For example, some wallets like Ledger print out a 24 word passphrase, while other wallets, like Exodus or coin.space, are only able to read a 12 word passphrase. And no, it is no solution just to use the first 12 words. The seed and the wallet are simply not compatible. Also not every wallet uses and understands the same dictionary of words, and some have no proper implementation of the paths; for example, Exodus is only able to recover the first four addresses created with this Masterkey and on Coin.Space we have not been able to recover addresses created with another wallet. And so on.
If you struggle to recover your funds due to missing standards, you still have the option to go back to the basics. Just visit a BIP39-generator like that from Ian Coleman or a BIP32-Generator. Here you can just type in your seed, and you will get every information you need to recover your funds. First, the application prints out your addresses and private keys. You can just take them and use them to recover your funds with the Bitcoin Client, Electrum or any other wallets that allow importation of private keys. Second, the tools show your "BIP32 extended key" and your Master key which you can use to recover a wallet with for example Electrum.
Long story, short message: Usually it will be easy to recover your funds with your seed and not require any IT wisdom. But even if it is not easy and you struggle with compatibility issues, your seed is everything you need to get your keys. Worst case is that it will be some work. If a wallet does not fail in deriving the keys from the master key, you cannot lose your coins, if you keep the passphrase and no one else does know it.
How Cryptography Enables Magic Words
Now, let us dig a little deeper. What happens? What are the mechanics behind the magical seed? And is the process secure?
To understand, how a passphrase works, you need to know a little bit about how bitcoin are stored. You might already be aware that you receive bitcoin with an address. This address is a derivation of your public keys, which itself is a derivation of the private key. So your wallet starts with generating a private key then it derives a public key from it and then it transforms this public key in an address.
A very simple backup of your coins is just to write down or save your private key in an encrypted file. The private key looks like a random string of characters, like this:
But as it is recommended for better privacy and more security against collisions that you never reuse addresses, most advanced wallets create a new address every time you click on "receive funds." So to backup your funds, you would need to backup your private keys every time you created a new invoice. Obviously, this is pretty inconvenient.
Fortunately, in 2012 the Bitcoin developer Peter Wuille wrote a feature for Bitcoin called "Hierarchical Deterministic Wallets" which is known as BIP32. With this, he developed the math to create a master key from which every other keys are derived from in a determined order. Correctly implemented, if I have the master key A, it will always produce the keys a, b, c, d, and so on, in exactly this order. Further developers like Marek Palatinus from Czech Bitcoin startup Satoshi Labs, developed the tools to derive the master key from a seed of 12 to 24 words (BIP39), and to obtain the keys in a way that it supports different accounts (BIP44), which means that master key A will produce accounts a, b, c and inside let‘s say account a it will produce key 1, 2, 3 and so on, which is a great feature for wallets to protect the user’s privacy against blockchain data mining.
Your seed is the key, the magic door, the abracadabra, to a whole world of keys and addresses. It is like a map that shows you, where you find your bitcoin in an endless ocean of stochastics. You can even derive keys for Litecoin, Monero, Ethereum and so on from the same seed, which is why multi-coin wallets like Jaxx or Exodus can backup many different cryptocurrencies with one seed.
The seed is mighty, and with power comes risk. It is imperative that only you and no one else knows it. And here the problems start.
In theory, a seed is extremely safe, as it is nothing but hard math. But in practice you only need a little bit of paranoia to wonder: How can you be sure that only you know a seed produced on your computer? If a wallet like Electrum, Mycelium, Exodus and so on creates the seed how do you know, for sure, that there is no hidden code which sends the seed to someone else? And how can you know for sure that there is no malware on your system, waiting for a wallet to load a seed in memory, and then stealing it? And, finally, how can you trust your computer to produce enough randomness to create a seed which will be secure? Computers are, as you might know, not good in creating randomness.
Offline and With Dice
You will never get complete security. Never. But you can get it with some degree. For this, you should browse to a BIP39-generator like that from Ian Coleman. Then you save the website to use it offline, cut the internet and start the offline website. Now you can let the program create a seed without a connection to the internet.
For this, you can either use the entropy your computer creates, which usually should be ok, but if you don’t trust it, you can also insert your entropy. All you need to do is a six-sided dice. Better you have a couple of it, as you need to roll it more than 50 times to get a reliable source of entropy. You roll it, type the result in a field, roll it again, add the result, and so on. After collecting entropy with this, the program creates your seed.
When your seed is created, you write it on paper. If you want to store it digitally, please encrypt it with strong passwords and a tool you trust. Then scroll down, write down the BIP39 master key. Scroll down, click on BIP44 derivates, write down some addresses, click on BIP32 derivates, write down some addresses. Which of them you use to receive funds, depends on the wallet you use to recover it, some read the BIP32 derivates, some the BIP44 derivates. Multibit can restore both.
For convenience, you can copy the addresses unencrypted in a file on your computer. But only the addresses, not the seed! Never store the seed unencrypted on any of your devices if you aim to store value in it. After this is done, you can shut down the site, shut down your computer, to empty the memory, restart, go back online, and share your public keys to receive bitcoin. You made a beautiful and secure paper wallet for your bitcoin wealth.