Usually, when you create a crypto wallet a seed phrase is generated. You’ll need to remember it or write it down so that you can restore access to your assets at a later time. With Tangem Wallet, there is no seed phrase. How does this work, and why do we think seed phrases aren’t very secure?
First of all, you need to know what a seed phrase is. The simplest possible explanation is as follows: it’s a mnemonic phrase that encodes a user’s private and public keys. Thanks to computational magic, this random set of words will always generate the same set of keys.
First of all, it’s worth looking at how crypto wallets themselves work. The vast majority of them are hierarchical deterministic (HD) wallets.
A crypto wallet is a "tree" of private and public keys, which allows you to access your cryptocurrency on different blockchains and manage it. This tree grows through entropy, or a random number generated by a random number generator. The root system is the seed, the trunk is the pair of extended keys (private and public), and the branches are a huge set of key pairs and addresses of coins on blockchains.
Each child key can generate its own keys, which can then generate their own keys and so on, resulting in a hierarchy of sorts. This is why wallets are described as hierarchical.
They are also "deterministic", which is to say they produce a single result that can be determined in advance, because the same key tree will always be generated from the same mnemonic phrase in the same way.
Private and public keys for HD wallets with a seed phrase
The mnemonic phrase, or code, is a set of words generated from a random number, which in turn is generated by a random number generator. It is this code, and not the private key itself, which is used as a backup in most cases. The mnemonic phrase, which is usually called a seed phrase, acts as a backup copy of the key.
How it works
So you’re creating a crypto wallet: what happens and how is the mnemonic phrase created?
1. First of all, the random number generator creates entropy.
Entropy is a very large random number which has never been generated by anybody and will never be generated by anybody again.
2. The entropy that has been created is encrypted as a string of words from a special dictionary with the help of mathematical algorithms. The mnemonic is the result.
3. The mnemonic phrase is converted to a seed. Don’t confuse the two: the seed is actually a modified version of the mnemonic phrase. A hash function is used to convert one into the other.
A hash function is a mathematical algorithm that compresses a data set of any size into a fixed size data array. The incoming data is called a message, and the outgoing data is called a hash sum or simply a hash. One of the key features of a hash function is that it is unidirectional, which means that it is impossible to recover the original data from its result (the hash). It’s also important to understand that if the incoming data doesn’t change, the hash sum will always be the same.
4. A master key (extended master key) is calculated from the seed. This is the first key you get when converting a seed phrase. This transformation is also carried out using a hash function.
5. An extended private key (Xprv) is calculated from the master key.
6. The extended private key then generates an extended public key (Xpub).
You have created a master key pair, which can then be used to create a huge number of child keychains for different blockchains. You can now use your wallet to store, send, receive and exchange coins and tokens, and much more.
If something happens to your crypto wallet, you will need the mnemonic phrase to restore the entire key hierarchy and regain full access to all your coins and tokens. You should therefore write it down on a piece of paper and store it in a safe place.
What’s the downside?
The mnemonic phrase allows you to easily restore all your cryptocurrency in case you lose your wallet, it’s stolen or it breaks. It can also be used to steal all of your crypto assets if it falls into the hands of bad actors.
Think about it for a moment – crypto wallet developers are creating innovative devices, competing to be the most secure, and trying to make them as well protected as possible, both in terms of programming and physical build. Your cryptocurrency keys are generated by highly complex mathematical algorithms, and the data is encrypted multiple times with the help of cryptography to provide the highest possible level of security for your assets.
But the key to your cryptocurrency is written on a piece of paper. One or two dozen words are just lying there on an unprotected piece of paper, and this is the master key to all your assets. All you’d need to do to compromise the key is take a photo or rewrite the words (or even simply remember them), and you wouldn’t even realize it. What’s more, a piece of paper could easily be lost or damaged.
You could of course encrypt the phrase, split it up into sections that can be stored in different places, or rent a deposit box at a bank where you can store your seed phrase. But how many people do this, especially when it comes to newbies in the crypto space?
An objective and reasonable conclusion can be drawn from all of this: an unprotected seed phrase is a significant flaw for existing crypto products and a serious hole in the security of modern cryptocurrency wallets.
Private and public keys for Tangem Wallet without a seed phrase: How it works
A Tangem Wallet is a hierarchical deterministic wallet just like its counterparts, except for the fact that it excludes their key vulnerability: storing the master key to all its crypto assets in the unencrypted, unprotected format of the user’s mnemonic phrase written on a piece of paper.
The same algorithm is used as with other wallets when generating the master key, the pair of extended keys (public and private) and the remaining keychains and addresses, but without creating the mnemonic phrase. The seed is generated directly from entropy.
The key is generated by the card chip and this is where it’s stored. Nobody is able to access it, regardless of whether they steal the card, work for Tangem, or even own the card. The backup isn’t provided by a mnemonic phrase, but the other cards in the Tangem Wallet set (one or two cards depending on the set you choose). When syncing cards using a smartphone to create a backup, an encrypted channel is established in order to transfer the keys from one card to the other.
After completing the backup of keys, you will have two or three identical copies of the wallet. The cards have the same keys and password protection. We recommend that you store them in several safe places, rather than keeping all of them in one location. If something happens to one of the cards, you can take the second one and use it. If you lose the second one, you are in a dangerous position as you don’t have a backup, in which case you should buy a new Tangem Wallet set and transfer your crypto assets to it.
Wondering how to use your wallet without a seed phrase? It’s simple:
- when you want to buy cryptocurrency, set up the required transaction in the mobile application, scan the card with your smartphone and enter the password;
- your smartphone will transfer the data to the chip using NFC;
- the chip checks the password, signs the transaction with the private key and returns the digital signature to the application;
- the application sends the signed transaction to the blockchain.
But what if…
…Tangem folds, the servers are shut down, or the application disappears from Google Play and the App Store? The answer is simple: nothing. You will be able to continue using Tangem Wallet with no issues. To find out more, read our article on "How the Tangem Wallet will work without Tangem".