Usually, when you create a crypto wallet, a seed phrase is generated. You'll need to remember it or write it down so that you can restore access to your assets at a later time. With Tangem Wallet, there is no seed phrase. How does this work, and why do we think seed phrases aren't very secure?
First of all, you need to know what a seed phrase is. The simplest possible explanation is as follows: a mnemonic phrase encodes a user's private and public keys. This random set of words will always generate the same set of keys thanks to computational magic.
First, let's look at how crypto wallets work. The vast majority of them are hierarchical deterministic (HD) wallets.
A crypto wallet is a "tree" of private and public keys, which allows you to access your cryptocurrency on different blockchains and manage it. This tree grows through entropy or a random number generated by a random number generator. The root system is the seed, the trunk is the pair of extended keys (private and public), and the branches are a huge set of key pairs and addresses of coins on blockchains.
Each child key can generate its own keys, which can then generate their own keys, resulting in a hierarchy of sorts. This is why wallets are described as hierarchical.
They are also "deterministic," which is to say they produce a single result that can be determined in advance because the same key tree will always be generated from the exact mnemonic phrase in the same way.
Private and public keys for HD wallets with a seed phrase
The mnemonic phrase, or code, is a set of words generated from a random number, which in turn is generated by a random number generator. This code, and not the private key itself, is used as a backup in most cases. The mnemonic phrase, usually called a seed phrase, acts as a backup copy of the key.
How it works
So you're creating a crypto wallet: what happens, and how is the mnemonic phrase created?
1. First of all, the random number generator creates entropy.
Entropy is a very large random number which has never been generated by anybody and will never be generated by anybody again.
2. The entropy created is encrypted as a string of words from a unique dictionary with the help of mathematical algorithms. The mnemonic is the result.
3. The mnemonic phrase is converted to a seed. Don't confuse the two: the seed is a modified version of the mnemonic phrase. A hash function is used to convert one into the other.
A hash function is a mathematical algorithm that compresses a data set of any size into a fixed size data array. The incoming data is called a message, and the outgoing data is called a hash sum or simply a hash. One of the key features of a hash function is that it is unidirectional, which means that it is impossible to recover the original data from its result (the hash). It’s also important to understand that if the incoming data doesn’t change, the hash sum will always be the same.
4. A master key (extended master key) is calculated from the seed. This is the first key you get when converting a seed phrase. This transformation is also carried out using a hash function.
5. An extended private key (Xprv) is calculated from the master key.
6. The extended private key then generates an extended public key (Xpub).
You have created a master key pair, which can then be used to create a vast number of child keychains for different blockchains. You can now use your wallet to store, send, receive, and exchange coins and tokens, and much more.
If something happens to your crypto wallet, you need the mnemonic phrase to restore the entire key hierarchy and regain full access to all your coins and tokens. You should, therefore, write it down on a piece of paper and store it in a safe place.
What's the downside?
The mnemonic phrase allows you to quickly restore all your cryptocurrency in case you lose your wallet, it's stolen, or it breaks. It can also be used to steal all of your crypto assets if it falls into the hands of bad actors.
Think about it for a moment – crypto wallet developers are creating innovative devices, competing to be the most secure, and trying to protect them as well as possible, both in terms of programming and physical build. Highly complex mathematical algorithms generate your cryptocurrency keys, and the data is encrypted multiple times with the help of cryptography to provide the highest possible level of security for your assets.
But the key to your cryptocurrency is written on a piece of paper. One or two dozen words are lying on an unprotected piece of paper, which is the master key to all your assets. All you'd need to do to compromise the key is take a photo or rewrite the words (or even remember them), and you wouldn't even realize it. Moreover, a piece of paper could easily be lost or damaged.
You could encrypt the phrase, split it into sections that can be stored in different places, or rent a deposit box at a bank where you can keep your seed phrase. But how many people do this, especially regarding newbies in the crypto space?
An objective and reasonable conclusion can be drawn from all of this: an unprotected seed phrase is a significant flaw for existing crypto products and a serious hole in the security of modern cryptocurrency wallets.
Private and public keys for Tangem Wallet without a seed phrase: How it works
A Tangem Wallet is a hierarchical deterministic wallet just like its counterparts, except for the fact that it excludes their key vulnerability: storing the master key to all its crypto assets in the unencrypted, unprotected format of the user's mnemonic phrase written on a piece of paper.
The same algorithm is used as with other wallets when generating the master key, the pair of extended keys (public and private), and the remaining keychains and addresses, but without creating the mnemonic phrase. The seed is generated directly from entropy.
The card chip generates the key, and this is where it's stored. Nobody can access it, regardless of whether they steal the card, work for Tangem, or even own the card. A mnemonic phrase doesn't provide the backup, but the other cards in the Tangem Wallet set (one or two cards, depending on your chosen set). When syncing cards using a smartphone to create a backup, an encrypted channel is established to transfer the keys from one card to another.
After completing the backup of keys, you will have two or three identical copies of the wallet. The cards have the same keys and password protection. We recommend storing them in several safe places rather than keeping all of them in one location. If something happens to one of the cards, you can use the second one. If you lose the second one, you are in a dangerous position as you don't have a backup, so you should buy a new Tangem Wallet set and transfer your crypto assets to it.
Wondering how to use your wallet without a seed phrase? It's simple:
- when you want to buy cryptocurrency, set up the required transaction in the mobile application, scan the card with your smartphone, and enter the password;
- your smartphone will transfer the data to the chip using NFC;
- the chip checks the password, signs the transaction with the private key, and returns the digital signature to the application;
- the application sends the signed transaction to the blockchain.
But what if…
…Tangem folds, the servers are shut down, or the application disappears from Google Play and the App Store? The answer is simple: nothing. You will be able to continue using Tangem Wallet with no issues. To learn more, read our article "How the Tangem Wallet will work without Tangem".