Blog posts, Thought leadership | 07/22/2019

Back to Basics – Part 2: An Infinite Number of Keys

Hardware Security

In a previous article, we explained that the only critical piece of information needed to access digital assets is the private key associated with your account.

While hardware wallets are the most secure way to store your private keys, your coins are not technically in your hardware wallet. Only the private key is stored in the hardware wallet. But how exactly does it all work?

One key to generate them all

One of the most useful properties of cryptography is the ability to mathematically derive keys from other keys. In the previous article we showed how the public key was derived from the private key.

Private keys are equally derived from another key. The key these are derived from is called the Master Seed. Through the Master Seed, it is possible to generate an infinite number of private keys. 

This Master Seed itself consists of a list of  256 bits (like flipping a coin 256 times). To make it humanly readable it can be represented with a list of 24 words as is the case for our hardware wallets. These are obtained when you first use your Ledger device. We call those 24 words the Recovery phrase.

This Recovery phrase (24 words) has to be carefully written down (correct order, no misspellings) and protected after you initialize your hardware wallet. That’s the purpose of the Recovery sheet.

Example of a Recovery phrase Master Seed :

Similarly to the concept of private and public keys seen in our first article, you cannot retrieve the master seed using the private keys.

The Master Seed can be reused as many times as necessary to regenerate the private keys derived from it, and each time the result will be the same. This is why when you uninstall and reinstall a Ledger application, it provides you access to the same cryptocurrency wallets.

A standard was developed to detail how to generate private keys from a Master Seed.

In short, there is no need to handle hundreds or thousands of private keys.

You only need one piece of information: The Master Seed. This Master Seed is represented through a list of humanly readable words, the Recovery phrase.

Remember:
Sharing your private key with anyone will provide them access to the cryptocurrencies associated with it.
Similarly, providing your 24 words to anyone will provide them access to
all the derived private keys, and consequently all the cryptocurrencies associated with those. Do not share your 24 words.

Using a single list of 24 words increases the ease of use for the user, since there is now only one piece of information to protect. However, it greatly increases the risk of losing everything if this information is lost or leaked.

The Recovery Phrase

The Recovery phrase is displayed to the user as a list of 24 words and, as previously explained, is the root for all the secrets (private keys) of your hardware wallet

This unique list of words is generated by your hardware wallet and should never be shared with anyone. 

From this list of words, it is possible to derive Bitcoin addresses and private keys, Ethereum addresses and private keys, as well as any other coins. Therefore, protecting your recovery sheets is of the utmost importance. Please review our best practices to safeguard it.

Your Ledger Hardware wallet helps you both securely generate and safeguard your 24 words by preventing anyone from accessing it.

The 24 words are in the hardware wallet, but where are my private keys?

The 24 words – or its binary equivalent: the Master Seed – are locked inside the Ledger hardware wallet, and will never leave the device. Ledger has built all its devices around specialized chips called Secure Elements.

  • Where should I store my 24 words?
    Keep your Recovery sheet physically secure to make sure it can’t be lost or destroyed by accident. Never ever share your 24-word recovery phrase, in any form, with anyone. Never ever enter or store your recovery phrase on a computer or smartphone – including photos of it.
  • What if I lose my device?
    Don’t worry, you can enter your recovery phrase on a new device to recover full access to your crypto assets.
  • Can I clone my 24 words to another Ledger hardware wallet?
    By entering your 24 words on another Ledger device, you’ll be in possession of two hardware wallets you can use independently which provide access to the same assets
  • What if  I lose my 24 words
    The 24-word recovery phrase is the only backup of the private keys providing access to your crypto assets.  Always store copies of the recovery phrase in secure locations, out of sight.

    If you have lost your 24 words but still have access to your device with your PIN, you can temporarily move your cryptocurrencies to another wallet, reset your device and obtain a new set of 24 words. After this, you can send them to your new addresses.

Eventually you’ll want to use your private keys to make a transaction.

As we explained above, all private keys are derived from the 24 words using dedicated cryptographic principles.

The action of deriving the keys is performed by the applications running on your Ledger devices and will be described in the next article.

< Back to Basics part 1

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]