A Bitcoin seed, sometimes referred to as a recovery seed, seed phrase, or mnemonic phrase, typically comprises 12 or 24 words chosen in a specific sequence to back up a Bitcoin wallet.
In an in-depth video from Bitcoin University, Matthew Kratter addresses a pivotal question regarding the security and uniqueness of Bitcoin wallet seeds. The discussion was prompted by two viewers who asked whether it's possible for someone to accidentally generate the same seed as another user. Kratter begins by reassuring viewers that their curiosity is far from foolish; it's a legitimate concern that underscores the importance of understanding how Bitcoin seeds function.
A Bitcoin seed, sometimes referred to as a recovery seed, seed phrase, or mnemonic phrase, typically comprises 12 or 24 words chosen in a specific sequence to back up a Bitcoin wallet. Kratter emphasizes the importance of privacy for these seeds, warning viewers never to share their seeds online as bots are poised to steal any exposed funds.
The seed words are derived from a predefined English word list containing 2048 words. A true random number generator (TRNG) within a software or hardware wallet generates a random 128-bit number for a 12-word seed or a 256-bit number for a 24-word seed. These numbers are a series of zeros and ones—binary code—that correspond to the words on the BIP39 word list, incorporating an additional checksum for the final word.
An interesting assertion made by Kratter is that the essence of a Bitcoin seed is a large binary number. The TRNG doesn't "know" anything; it simply produces a random sequence that is so improbable to duplicate that it borders on impossible. This random nature is why Bitcoin, as Kratter states, is fundamentally about math and physics, not about accounts or a central authority that tracks seeds.
Addressing the concerns raised by viewers, Kratter calculates the odds of another random number generator producing the same 24-word seed. The probability is astronomically low—on the order of 2^256, or roughly 10^77, which is just shy of the estimated number of atoms in the observable universe. Kratter humorously suggests that the likelihood of such an event occurring is akin to experiencing a series of extremely unlikely personal disasters simultaneously—a much higher probability than duplicating a seed.
For those wondering whether to use a 12-word or 24-word seed, Kratter quotes Adam Back, a figure whose work contributed to Bitcoin's creation, who advocated that 12-word seeds are sufficiently secure. He explains that the 128 bits of entropy in a 12-word seed are equivalent to the security of Bitcoin's signature algorithms, and thus, opting for a 24-word seed doesn't necessarily increase security.
The term "seed" is metaphorical, representing the ability to "grow" an entire tree of Bitcoin addresses and transaction histories from a single seed. This deterministic nature means that inputting the same seed into any BIP39-compatible wallet will always yield the same addresses and keys.
Kratter concludes by cautioning against "seed splitting," a method where individuals divide their seed words between locations. This approach significantly reduces security as it makes the remaining words more prone to brute-force attacks. Instead, he recommends exploring multisig solutions like those offered by Unchained Capital or building a personal multisig vault for added security.
In conclusion, Kratter's video delivers a clear message: the creation and protection of a Bitcoin seed are fundamental to the security of one's digital assets. The intricacies of seed generation ensure that duplication is virtually impossible, reinforcing the robustness of Bitcoin's cryptographic foundations. By understanding these principles and following best practices, users can confidently secure their Bitcoin holdings against the improbable odds of seed replication.