How to Create Secret Bitcoin Wallets with Passphrases
Modern HD Wallets enable the wallet owner to create an infinite number of secret wallets backed up with one single recovery seed plus the 25th word passphrase.
Hierarchical Deterministic wallets, also called HD Wallets, were introduced as part of the Bitcoin Improvement Proposal #32 (BIP 32).
Key Terms HD Wallet Passphrases:
- BIP: Short for Bitcoin Improvement Proposal which is the method to propose, discuss and implement Bitcoin Blockchain features, upgrades and/or information.
- BIP-32 – the 32nd Proposal which introduced HD Wallets
- BIP-39 – the 39th Proposal which implemented mnemonic phrases from a ‘word list’ that can be converted to binary seeds to create deterministic wallets.
- BIP-44 – the 44th Proposal which improves on BIP-32 to allow “handling of multiple coins, multiple accounts, external and internal chains per account and millions of addresses per chain” using prefixes (xpub/xpriv) for extended keys.
- Wallet: software that generates a public and private key pair to allow users to transact and store cryptocurrency.
- Seed Phrase: A string of 12 or 24 words derived from your private key that can be used to restore, recover and access your crypto wallet. (aka – ‘seed’ ‘master seed’ ‘phrase’ ‘mnemonic seed’, ‘recovery seed’, ‘backup seed’, ‘recovery phrase’ or ‘secret code’)
- Passphrase: Optional ‘25th word’ a user can add to their 24 word mnemonic seed phrase to unlock hidden wallets. (aka – ‘wallet seed extension’)
- PIN: Enter your PIN or PIN code on a hardware wallet to restrict access to your device. Some wallet providers, like Ledger, offer an option to create a second PIN.
- Wallet Password – software wallets, or hot wallets, may require a password separate from your PIN, Passphrase, or Recovery Seed. The password is used to access the software wallet and in some cases it’s used to encrypt files stored on your computer.
- Extended Keys (XPRIV & XPUB) – HD Wallets use a master key pair called the Extended Private Key (xpriv) and the Extended Public Key (xpub). These extended keys are used to derive subordinate child keys which are used to create an infinite number of public addresses from one single master key pair or extended keys.
Pro Tip – Your 12 or 24 word recovery seed phrase can be used to access, recover, and restore your wallet on ANY third-party software wallet (ie – Electrum or Sparrow) or hardware device (ie – ColdCard, BlockStream Jade, or Ledger) regardless of what service you used to create it.
The wallet may contain multiple addresses with each address having a corresponding public key cryptographically derived from an extended private key.
These different addresses are often referred to as ‘accounts’ within the wallet.
If you use the Ledger hardware wallet, the software program defaults to creating a unique Bitcoin address for every transaction to enhance your privacy on the network.
Your public key is like your bank account number and your private key is like your bank account password. Each unique key pair derives a public address which the ‘receiver’ shares with the ‘sender’ to initiate a transaction.
Can I use one single recovery seed for different blockchains?
Yes, your HD wallet generates one single recovery seed phrase which thanks to the BIP-32 cryptographically derives (via derivation path) and stores the public key and private key pair for each different cryptocurrency ‘wallet chain’ and the various sub-accounts.
Your seed phrase is used for backing up and recovering your wallet, most commonly with a hardware device (cold wallet). The seed phrase represents the master key pair which includes the extended private key (XPRIV) and extended public key (XPUB).
XPRIV generates new private keys while XPUB is used to display the balances of each public key in your wallet for each different crypto account.
In essence, your seed phrase secures the extended private key which is used to generate a pseudononympus identity for every public address (key pair) you create inside the wallet used to send or receive Bitcoin (or other crypto).
You DO NOT need to generate a unique backup recovery seed for the different crypto blockchains (Bitcoin, Ethereum) or their (sub)accounts (addresses) stored on the HD Wallet thanks to the BIP32 deterministic method of deriving key sets… Click To TweetPrivate keys are used to derive a public key but public keys CANNOT be used to derive a private key.
In a Bitcoin transaction, a ScriptPubKey ‘locks’ bitcoin to the receiver’s address which is a hash (shortened version) of the receiver’s public key.
For example, Pay-to-Public-Key-Hash (P2PKH) is the most common ‘locking script’ compared with an alternative, Pay-to-Public Key (P2PK). P2PK locks bitcoin to a public key and P2PKH locks bitcoin to a hash, or shortened version, of the public key.
The permissionless nature of most blockchains (Bitcoin, Ethereum) enables the end user to safely and autonomously migrate all crypto accounts in their wallet to different wallet providers using the same original 12 – 24 word backup recovery seed.
Pro Tip: If you are using a recovery seed to migrate from one wallet provider to another (ie Ledger to ColdCard), make sure you confirm that the new wallet provider supports all of your cryptocurrency accounts (Ethereum, Bitcoin, Filecoin etc).
How to create a BIP 32 Deterministic Key
BIP32 HD wallets allow keys to be organized in a hierarchical, multi-level tree structure to send and receive from an unlimited number of different wallets and accounts (sub-accounts) under a single HD Wallet.
The (1) Seed Phrase represents the (2) Master Key – Extended Private Key with an extra 256 bits of entropy/randomness to create (3) Child Keys and even (4) Grandchild Keys.
HD Wallets (Type 2) were introduced via the Bitcoin Improvement Proposal #32 (BIP32) in 2012 to improve privacy & usability as an alternative to Bitcoin Core ‘Qt’ Wallets which required physical private key backups or hard drive storage on your computer (filename: wallet.dat) for every address key pair you manage.
With HD Wallets, you can always generate the same set of keys from the extended master private key without ever revealing the corresponding private keys.
The only limitation imposed is related to the available storage (~1.5MB) available on a specific hardware wallet and varies depending on the manufacturer.
You can try it for yourself using this Deterministic Key Generator tool.
Step 1: Follow the instructions to enter your entropy, which is a mathematical word for randomness.
For example, you could roll a 6 sided dice 53 times and enter the result in order after each roll.
You could also flip a coin 53 times, entering ‘1’ for heads and ‘2’ for tails to create your own randomness (entropy).
Step 2: (optional) enter an ‘optional password’ commonly referred to as a password or passphrase.
Step 3: Select whether you want a 12 or 24 word BIP39 phrase (seed phrase/recover seed) and click ‘Generate New Phrase’.
Voila! After some complicated behind the scenes hashing, salting, and checksum operations you just created a new Bitcoin address with the corresponding public and private key pair.
The backup phrase provided was generated from the BIP39 word list which corresponds to a numeric number converted from the output of the key generator which uses entropy.
Step 4: (optional) Scroll down the page, select ‘External account (master)’ from the Derivation Path dropdown. Examples below:
- Path m/0 = The first (0) child private key derived from the master private key (m)
- Path m/0/0 = The first grandchild private key derived from the first child (m/0)
- Path m/1/0 = The first grandchild private key derived from the second child (m/1)
The Account (k) field is where you can enter a number to represent an additional key pair.
We can enter the number 3 to generate the (public/private) key pair for the third Bitcoin address in our HD wallet. This is the logic that cold wallet device manufacturers like Trezor and Ledger use to generate new, pseudonymous addresses that are not publicly connected but stored within the same wallet. Here’s a link to their documentation.
The example below displays the public and private keys generated based on the account number I enter.
Note: Notice how the ‘BIP 32’ Extended Key, at the top of the image, DOES NOT change.
With HD Wallets, the public and private key pairs are generated from an extended master private key which can be unlocked/restored with a 12 – 24 recovery seed phrase that you must backup and keep secure.
Pro Tip: Generating a paper wallet, like the example above, is not our recommendation because using an online key generator introduces risk (keylogger, bad actor, malware). You could opt to use a more advanced, secure, and self-contained (air-gapped) option following these instructions (alternative) or allow your wallet provider to generate the private key (and recovery seed).
What’s the chance of generating the same private key as someone else?
A private key is just a number that can be randomly generated like we just showed in the example above.
Technically, someone could accidentally generate the same BIP39 recovery seed when they are setting up a new wallet. This is called key collision.
The chances of generating the same private key as someone else is 2^256 which is approximately 10^77 🤯
Nerd alert – 2^256 (1.15 quattuordecillion) = 1.157920892373162e+77 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
For example, let’s assume that Bitcoin goes through a mass adoption and at some point in the future there are 10 TRILLION addresses (currently ~500 Billion w/ only 30 Million holding Bitcoin). So, 30 Million to 10 Trillion is a HUGE leap, but let’s keep at it. If those 10T addresses were evenly distributed, there would still be gaps of 10^64 between each. Remember we started with 10^77 as the total number of possible addresses.
Your private key is statistically impossible for someone or some quantum computer to guess in the next 10^23 millennia because the number of combinations is comparable to the quantity of atoms in the universe.
So, you’re saying there’s a chance.
Bitcoin Wallet Passphrases
Buttcoiners and FUD-spreaders are happy to talk about hacking, stealing, scamming or even accidental ‘key collision’ resulting in an unauthorized party having access to your coins because they have your recovery seed.
Technically someone could generate the same private key on the first guess. Unlikely, but possible.
Or maybe you fell victim to a phishing attack or clicked a bad link.
Pro Tip: Never. Never ever. Never ever type in your seed phrase on ANYTHING other than a cold storage device. Your hardware wallet’s sole purpose is to be the ONLY thing that can safely accept your recovery seed. If you have any questions, ask us at team@stratus.io and remember that we will not ask for your seed.
Passphrases are optional and add additional data to the master seed before the extended private key is generated.
Adding a passphrase to your randomly generated private key is the easiest way to protect your wallet from key collision with the drawback of having one additional word or number to backup and keep secure.
With a 13th or 25th word BIP-39 passphrase, If someone acquired your seed through hacking or happenstance, they would need both your backup recovery seed + your passphrase to access your passphrase-secured accounts.
By default, every wallet uses a ‘blank’ passphrase. Adding a passphrase replaces the default ‘blank’ placeholder with a ‘string’ (case sensitive letters/words/numbers) that replaces the default ‘blank’ passphrase field.
A passphrase offers the greatest value by adding an additional layer of security if your seed phrase is discovered or accidentally revealed to someone.
Pro Tip: A ‘passphrase’ and ‘BIP-39 Passphrase‘ are used interchangeably. A passphrase option is available on BIP-39 compatible wallets which use the list to generate your 12/24 word recover seed. However, your passphrase is NOT limited to one of 2,048 words the BIP-39 list and we strongly encouraged you to use, backup and secure a unique alphanumeric passphrase.
How do I set up and recover a passphrase wallet?
Depending on the requirements of the wallet provider, a passphrase is CaSe sensitive and can be any combination of numbers, letters, and symbols. Common words could be brute forced, so consider adding randomness using 12 upper/lowercase letters and numbers. Some providers may present an option to select a word from the predefined list of 2,048 BIP-39 word list.
You’ll need to decide if simplicity (memorable passphrase) is more important than advanced security (random words/numbers).
Passphrases DO NOT get stored on your device. Your wallet will combine the recovery seed + passphrase to create a new, unique passphrase-secured private/hidden wallet. For exmample:
- Wallet A = recovery seed + {default empty passphrase}
- Wallet B = recovery seed + passphrase1
- Wallet C = recovery seed + passphrase2
- Wallet D = recovery seed + passphrase3
If someone generated the same private key by rolling dice or flipping a coin, your passphrase enhances your entropy by adding an additional word (or number) that can’t be randomly generated.
Pro Tip: Best practice is to store your passphrase separately from your backup recovery seed when you self-custody your bitcoin. Even if you have your recovery seed accessible, if you lose (or forget) your passphrase, you will lose your coins!
Accessing your hidden/secret wallets to make a transaction is as easy as accessing your standard wallet then entering your passphrase in where prompted.
If you enter the wrong passphrase, your wallet is NOT able to tell you that it’s incorrect because technically there are no wrong passphrases. If you enter the wrong passphrase, a NEW hidden/secret wallet will be created for use. You will need to reset and try again if your passphrase entry does not access the wallet you expected.
The only way to know if you entered the correct passphrase is by the contents of the wallet funds.
You may be wondering, how can I reset or change my passphrase? You can’t reset or change your passphrase. Each passphrase you enter accesses a different wallet. If you want to use a different passphrase, then generate a new passphrase wallet and send bitcoin to this wallet.
For example, if you use Trezor watch this video showing how to create hidden wallets and use 3rd party apps like MetaMask or hardware devices like ColdCard with a passphrase.
Can I use a second PIN as a passphrase?
On some devices, like Ledger, you can create a second PIN for your hardware wallet that uses a PIN to unlock a specific passphrase protected secret wallet. Entering the second PIN accesses the hidden accounts.
On a Ledger wallet device, you have two options for the second PIN passphrase:
- Attach to Pin: Your device has a standard non-passphrase wallet accessible by your primary PIN. If you turn your device off, then back on and enter the secondary PIN, your device will allow you to manage your hidden wallets.
- With Attach to Pin you selected from the device menu, confirm your secondary PIN then confirm a passphrase. You still have a passphrase, but don’t have to enter it because the PIN serves as a proxy for the passphrase.
- You can only create one (1) secondary PIN if you select the Attach to Pin. Creating a separate passphrase attached to a PIN overrides the first PIN code + passphrase combination. You can still access the overwritten secret wallet by recovering the wallet with a seed and the original passphrase.
- Set as Temporary: A temporary passphrase generates new accounts on your device for the remainder of the session. When you turn your wallet off then back on, navigate to the passphrase menu and click ‘set secret passphrase.’ If you want to access a passphrase wallet, enter the passphrase then your primary PIN to validate.
- Note: This does not assign a PIN to the passphrase like the ‘attach to PIN’ option.
Generating a Private Key with Passphrase Example:
When we created the master keys in the previous example, we were provided with a recovery seed, private key, public key, public address and an extended key (XPRIV).
12 word recovery seed: banana code hard debate vague ecology mistake sick present prepare nasty manage
Private Key (WIF*): L2qM2hSYeC9TW9LhUwtzQMHhaKzeyoNULmuzDQkaiynVaDyByDtR
*WIF – “wallet import format” is the standard alphanumeric private key format.
Public Key (hex): 02054f43aa816fe14d4d38a3c01af02844b0366aad8e7a6865780c57062269e05b
Public Address: 1EGxUj4NEuXyWoKfGPGhhCHbWAv6LrL5xP
Extended Key:
xprv9s21ZrQH143K3FUHuKDbffdt4TYNYigit28odBvz9HZ2QZdu6rybiqDVxpUYoyudsv9tebfY2iJmZke6LDR3EeaVVTQBH3ZgbTBmsTM8wyH
Adding a Passphrase “btc” to the backup recovery seed generated a new private key, public key, public address and an extended key (XPRIV).
Extended Key with Passphrase: xprv9s21ZrQH143K3QaGxe5JD5rgtHdQmvLZMxM6LBGwgDYEX7jDLXxkjPyV2bsM6RNe8eE8uqicqWRmRoqTF7GkJzmoss64Ua1M92SkVRE8bML
It’s like having a completely different wallet with an infinite number of addresses and backed up with the same recovery seed. Adding a 25th word passphrase creates an entirely NEW wallet with an infinite number of addresses and backed up with the same recovery seed + passphrase.
This is the beauty of deterministic wallets which use cryptography to easily derive secure keys to transact with. Prior to HD wallets, every time you created a new address you were given a new recovery seed to backup to recover the wallet.
HD Wallet Privacy
New key pairs can be derived for each transaction which helps to keep your transactions more private compared to using the same key pair every time you send or receive Bitcoin.
The organizational structure of HD Wallets increases privacy, compared to non deterministic, because if ‘branch A’ is used to receive Bitcoin, ‘branch B’ is used to receive Bitcoin a change outputs within the same wallet.
Another major privacy benefit for HD Wallets is being able to generate and use different public keys in transactions received while eliminating the need to provide the corresponding private key.
The Bitcoin blockchain is a public network.
Re-using an address allows anyone with a blockchain explorer to view your transaction history and balance.
Many HD Wallet hardware devices are programmed to generate a new address for every transaction.
The addresses (key pairs) are maintained within your wallet under the same account while being publicly disassociated from each other on the network thanks to the extended public key (XPUB).
Pro Tip: multiple passphrases can also be used to categorize different wallets depending on the transaction type for each. For example: Passphrase A for your Dollar Cost Averaging (cap gains tax reporting). Passphrase B for sending/receiving with friends or family. Passphrase C for merchant transactions. EVERY passphrase needs to be backed up separate from each other and your recovery seed!!
HD Wallet Security
You should have a plan for backing up and safely storing your recovery seed to prevent unauthorized access to your wallet(s).
Being in your own bank means that you are free to manage a personal strategy for Crypto Operational Security.
Hardware wallets store your keys offline and even protect your keys and crypto if you plug your cold wallet into a computer infected with malware.
Most cold storage devices require you to enter a 4-8 numeric Pin (Pin Code) during setup.
If you want to make a transaction, you must physically enter the correct Pin on the hardware device to access your accounts.
Pro Tip: Some wallet manufacturers have a ‘kill switch’ that wipes your device after a fixed number of incorrect PINs have been entered. If your device is wiped, you can still recover or restore your crypto wallet(s) with your 12-24 word backup recovery seed.
You must have a safe, discrete and reliable backup strategy to secure your 1) Recovery Seed, 2) Optional Passphrase(s), 3) physical Hardware Device (cold wallet), and 4) Pin/PinCode.
A distributed backup strategy is pretty easy to implement and ensures that your wallet and passphrase backups are stored at different physical locations.
You can deploy OpSec tactics like a honeypot trap to further reduce your risk of losing crypto due to a random collision event, unauthorized discovery of your physical backup(s), or a malicious 3rd party phishing/malware hack.
Setting up a Crypto Honeypot Trap Example:
- On your device, create a new wallet or select an existing wallet. (‘Wallet A’)
- Next, find the setting to add/create a passphrase.
- Enter a new passphrase or select from the provided list of BIP39 words (if applicable). Immediately write down your recovery seed and passphrase which will need to be backed up (separately) ASAP!
- A new wallet ‘Wallet B’ is created and accessible on your device using the passphrase. Copy the public address and write this down. Reset your wallet then restore the wallet from the backup seed + passphrase. Compare the public address to ensure they match. Repeat this process when creating new passphrase protected wallets.
- You can create additional passphrase protected wallets (Wallet C, Wallet D). An Extended Public Key (XPUB) is generated for each wallet allowing normal transactions.
- Transfer your bitcoin from Wallet A to Wallet B leaving a small amount in Wallet A. Pro Tip: Taking this up a notch, you can ‘remove’ Wallet B (passphrase) from your wallet provider’s UI (ie – Ledger Live) if you’re concerned about the unlikely hack-at-home.
- Next, set up a watch-only wallet, like Blue Wallet. Provide your public address, xPUB (start w/ 1), yPUB (starts w/ 3) or zPUB (starts w/ bc1).
- Create an alert in the watch-only wallet for Wallet A (honeypot). If any Bitcoin moves out of Wallet A, you know that your recovery seed has been compromised though you may still have time to transfer Bitcoin before the bad actor uses brute-force to identify your hidden wallet(s) (Wallet B/C/D).
- Generate a new set of master keys and a fresh recovery seed by creating a new wallet (software or new device) and copy the public address.
- Create a transaction in Wallet B to send your bitcoin balance to the public address of the new wallet which is secured by the new recovery seed and optional passphrase. This is called ‘sweeping’ (aka – key rotation). The network transactions fees are a small price to pay for peace of mind and an enhanced security protocol.
- Repeat steps 1-8 and review your backup strategy identifying if the breach was a) physical discovery of your seed, PIN, and/or passphrase, b) random collision, c) whether you suspect you’re being targeted with malware or other internet vulnerability and/or d) on a regular (semi/annual) basis.
*Note: Most wallet providers require you to first create a wallet before adding a passphrase to it. Adding a passphrase to an existing wallet or new wallet actually creates a new hidden (secret) wallet. Always refer to your wallet provider’s FAQ/help to confirm.
The hacker or bad actor (and anyone else) who compromised your account can view the transaction, including the new bitcoin address on a blockchain explorer but they will be back to square one in attempting to crack your new seed + optional passphrase unless you fail to properly secure your digital and physical environment.
If your new wallet is compromised, it’s safe to assume that you’ve either been physically breached or there is malware installed on your computer. Time to audit and wipe.
This scenario is not very likely to happen. A honeypot trap is relatively simple to set up but introduces a vulnerability of losing or failing to secure your seed and passphrase backups.
Do whatever makes you most comfortable and helps you to sleep at night.
How to Create a Bitcoin Duress Wallet:
Imagine you’re walking out of an airport and get rushed into a car and driven off to an isolated location.
There’s a great big man holding a wrench and your hardware wallet. He’s going to steal your crypto. You have two choices 1) enter your PIN or 2) prepare to get hit with the wrench until you cave in and give him the PIN code anyways.
You tell him that you lost your coins in a boating accident but he can have whatever is left.
This next step is important. When he hands the device back, enter the PIN for the main wallet you created after reading the next section and completing the setup for your duress wallet.
- Reset your device or use a secondary device to create a new wallet (Wallet B) and write down the recovery seed so you can back it up. Generate a receiving address in Wallet B and copy/paste to use later.
- Next, follow the ‘Wallet B’s’ instructions to create a new wallet with a passphrase (back this up) which creates a new passphrase protected wallet we’ll call Wallet B-Passphrase. This new wallet is recoverable with the same recovery seed as Wallet B + passphrase.
- Generate a receiving address for this passphrase wallet and copy/paste to use later.
Pro Tip: test the recovery process and confirm addresses before moving on to the next step and adding Bitcoin to the duress wallet.
- Now is a great time to review and implement this UTXO management, consolidation and key rotation strategy.
- Depending on your personal preference and current wallet setup here are a few options to consider to setup your duress wallet similar to creating a honeytrap:
- Option 1) If you’ve completed your UTXO audit and identified the unassociated addresses in Wallet A, you can plan out several smaller transactions at varying times to send to Wallet B’s Address #1. This is the only scenario I’d recommend re-using an address. After the transactions have been confirmed, you can consolidate the UTXOs. Alternatively, create multiple addresses in Wallet B and consolidate those UTXOs.
- Option 1) If you have some crypto on an exchange, this is a great opportunity to transfer a small but meaningful amount to your new ‘main’ non-passphrase address. Consider transferring the majority of your Bitcoin to Wallet B’s passphrase address as long as you have a solid backup process in place.
- Option 2) If all of your Bitcoin is in cold storage, transfer some crypto back to an exchange, wait 24 hours then transfer to your new ‘main’ non-passphrase address. You won’t necessarily be participating in a transaction with the same traceable UTXOs.
- Option 3) If your Bitcoin is associated with a wallet that has been publicly associated with your identity or has been used incorrectly by commingling Bitcoin, it’s time to hit the reset button and transfer back to an exchange.
The downside to washing your Bitcoin with an Exchange transfer is that all the attacker needs to do is force you to log in to an exchange where they can see the addresses you sent or received to/from. They may have already hacked your email and know that you hold crypto on Binance and Coinbase. Non-KYC exchanges, mixers or P2P transfers are alternatives but be sure to check the laws affecting your jurisdiction.
- Make note of which wallet is the decoy. Your primary wallet should not have the majority of your crypto. Wallet B could be the decoy/duress wallet with the majority of your Bitcoin stored elsewhere like a passphrase wallet.
- Transfer a small, but meaningful enough amount of crypto in multiple transactions from various wallets to make it look like there’s real activity. (Keep the remaining crypto in other ideally unconnected passphrase wallets)
- When forced to hand over the goods, remember to use the correct passphrase for the ‘duress/decoy’ wallet which creates plausible deniability of your real holdings.
Even the best laid plans are still susceptible to unknowingly making poor choices for your personal Bitcoin security. The most vulnerable crypto storage scenarios include:
- You’re forced to open up your exchange or other mobile wallet app on your iphone and transfer your Bitcoin to the assailant.
- Your computer is compromised with malware that infiltrates your browser based wallet.
- A Bitcoin dusting attack to dox your identity.
- Accidentally blind signing a smart contract and getting your wallet drained.
- Losing your Bitcoin backup recovery seed because you outsmarted yourself.
Hidden wallets with passphrases on cold storage devices offer reliable protection against attack as long as you keep them secret and maintain a backup recovery plan.
Note: Stratus does NOT provide investment, legal or tax advice. All information in this article is for educational purposes and should not be interpreted as investment, legal or tax advice. The opinions expressed are those of the author for informational purposes and neither Stratus nor the author are liable for any errors, inaccuracies or omissions. Digital assets, such as cryptocurrencies or decentralized finance, present unique risks for investors. For investment, legal, tax, or other financial guidance you should consult your own advisor.