Why entropy source in private key generation is important

Did you know that a Bitcoin private key is a 256-bit number? This means there are about 2^256 possible combinations—a number so vast that it surpasses the total number of atoms in the observable universe.
Private keys are the linchpin of cryptocurrency security, serving as the cryptographic equivalent of a master password for your digital assets. Their security relies heavily on randomness or entropy, which is crucial in generating them. Entropy is measured in bits, quantifying a system's degree of randomness or uncertainty.

To give you a sense of the importance of randomness, consider this: poor entropy in generating private keys has led to significant vulnerabilities and even hacks. In 2024, over $239 million was lost due to compromised private keys, underscoring how critical ensuring these keys are generated with high-quality entropy is.

So, if a Bitcoin private key is just a number, how long would it take for a supercomputer to crack it using brute force? Stick around until the end of this article to find out the answer.

What is Entropy?

Entropy is a measure of randomness or unpredictability, and it's crucial for generating secure cryptographic keys. The concept originates from information theory, where entropy quantifies the uncertainty in a system. In simpler terms, the more unpredictable something is, the higher its entropy.

High entropy is essential for private keys in cryptocurrency because it ensures that the keys are nearly impossible to guess or brute-force. This randomness is often derived from various sources, including hardware events, environmental noise, or user interactions like mouse movements and keyboard presses. The operating system pools these unpredictable events to generate a truly random number that forms the basis of a secure private key.

Without sufficient entropy, the generated keys could become predictable, making them vulnerable to attacks. For instance, if the entropy source is flawed, it might produce the same or similar outputs repeatedly, allowing attackers to predict or recreate the private key potentially.

This randomness is so critical that even sophisticated systems like cloud platforms and virtual machines use dedicated hardware to ensure a reliable supply of high-quality entropy for cryptographic operations.

How Does Entropy Work?

In hardware wallets, entropy is critical for generating secure private keys. Here's how it works:

Entropy source

Hardware wallets like the Tangem Wallet have dedicated Hardware Random Number Generators (HRNGs). These devices generate randomness by measuring physical phenomena like electronic noise or thermal variations. This raw entropy is essential for creating unpredictable private keys.
Some hardware wallets allow users to contribute to entropy by manually inputting random data, like dice rolls. Although mixing user-controlled entropy with hardware-generated entropy might make no difference or impact the degree of entropy, it's a fun addition.

Key generation

Once enough entropy is collected, the wallet uses it to generate a private key. This process often involves combining the entropy with cryptographic algorithms like SHA-256 to produce a 256-bit key. Many hardware wallets use the BIP39 standard to generate a mnemonic phrase (a series of 12-24 words) from the entropy. This phrase can be used to recover the private key if needed.

Security of the process

The wallet's firmware ensures that entropy is mixed thoroughly to prevent any predictability. It then securely stores the private key in a tamper-resistant environment within the device. This is why most hardware wallets have a CC-certified secure element. Tangem's firmware has also been thoroughly audited twice by prominent independent security apparatuses: Kudelski Security and Riscure.
In general, hardware wallets isolate the entropy generation and key storage processes from the rest of the device's operations. This separation minimizes the risk of crucial exposure to malware or other external threats.

Backup and recovery

The mnemonic phrase generated from the entropy can be written down and stored safely. This phrase is crucial for recovering the wallet if the device is lost or damaged. The phrase itself contains the entropy used to generate the key, making it a secure backup method.

Hardware wallets rely on high-quality entropy to ensure that the private keys they generate are secure and resistant to attacks, making them one of the safest methods for storing cryptocurrency.

Why is Entropy Important? 

As they contain the same information but in different formats, your entropy must stay as private as your recovery phrase. To reiterate, anyone with access to your entropy can access your entire wallet!

Just like your seed phrase gives someone access to all of your private keys and, therefore, to every account protected by that wallet, so does your entropy! Thus, it is imperative for security to ensure that your entropy is as random as possible and difficult to work out.

You wouldn't want someone to guess your entropy and gain access to your funds, right? Well, that's exactly why this number must be so difficult to guess. It should be so random that guessing the sequence or encountering the same combination twice would be statistically impossible.

If your entropy is easy to guess, hackers will take advantage and may gain access to your funds. Thus, choosing a crypto wallet that considers this is extremely important.

Understanding entropy and seed phrases

The randomness of your seed phrase is crucial for maintaining security. Manually selecting words or using predictable patterns would significantly weaken your wallet's defenses. The entropy-based method employed by Tangem ensures a level of randomness essential for robust protection against various crypto attacks.

While Tangem provides the tools for secure entropy generation, it's important to remember that safeguarding your seed phrase is your responsibility. Never share this information with anyone, not even Tangem representatives. Your seed phrase is the key to your digital assets, and its secrecy is vital to maintaining your wallet's security.

Trust Wallet exploit: Why great entropy matters

When choosing a crypto wallet, you have to prioritize how your wallet generates randomness. The security breach in the Trust Wallet in 2022 was largely attributed to the predictable nature of wallet entropy generation.

SecBit has done a great job researching and explaining this vulnerability in their blog article: Trust Wallet's Fomo3D Summer: Fresh Discovery of Low Entropy Flaw From 2018, but we'll highlight the key takeaways here.

Trust Wallet's iOS platform relied on the trezor-crypto library to generate BIP39 mnemonic words. The library contained sample code that should never have been used in a live environment. The code had a warning saying it shouldn't be used in real situations, only for testing.

  1. The code has two main parts: random32() and random_buffer().
  2. random32():
    - This part creates random numbers, but it does it in a way that's not very secure.
    - It uses the current time to start the process of making random numbers.
    - The problem is, if you know roughly when the number was created, you might be able to guess it.
    - Even worse, if two people create numbers at the exact same second, they'll get the same "random" number.
  3. random_buffer():
    - This part fills up a space with random bytes (units of data).
    - It uses random32() to do this, so it has the same security problems.
  4. The big issue:
    - This code was used to create seed phrases that give access to user's cryptocurrency wallets.
      - Because its randomness isn't truly random, it was much easier for hackers to guess these phrases than they should be.
      - Instead of guessing from millions of possibilities, they needed to guess from a few thousand (based on possible times the phrase was created).
  5. The mistake:
      - Trust Wallet ignored this warning and used the code anyway.
      - This meant that the entropy for the phrases used to create users' wallets was much easier to recreate than it should have been.

The recent security breach in Trust Wallet reminds us of the vital significance of strong entropy generation for protecting cryptocurrency wallets. Trust Wallet resolved the problem by compensating users for their losses.

How Tangem Wallet generates entropy

Tangem Wallet provides robust security for your crypto assets, starting with its entropy generation process. The wallet uses a certified True Random Number Generator, thoroughly tested by independent experts. This ensures the generated numbers are unpredictable, safeguarding your assets against potential attacks.

How long would it take to brute force a Bitcoin's private key?

To answer this question, let's break down the process and consider the scale of the task:

A Bitcoin private key is indeed just a number, but it's enormously large. Specifically, it's a 256-bit number, which means there are 2^256 possible private keys.

Even with the most powerful supercomputers available today, brute-forcing a Bitcoin private key would take an unfathomably long time. We're talking about timescales far longer than the age of the universe.

 

Assuming a supercomputer could check 1 trillion (10^12) keys per second, finding a single private key would still take about 3.67 x 10^57 years on average. The universe is about 13.8 billion years old (1.38 × 10^10 years).

So, the time it takes to brute-force a Bitcoin private key is about 1.33 × 10^47 times the universe's age.

It's amazing what we have accomplished on a relatively young, wet rock called Earth.