Back to Basics – Part 2: An Infinite Number of Keys

07/22/2019 | Blog posts

In a previous article, we explained that the only critical piece of information needed to access digital assets is the private key associated with your account.

While hardware wallets are the most secure way to store your private keys, your coins are not technically in your hardware wallet. Only the private key is stored in the hardware wallet. But how exactly does it all work?

One key to generate them all

One of the most useful properties of cryptography is the ability to mathematically derive keys from other keys. In the previous article we showed how the public key was derived from the private key.

Private keys are equally derived from another key. The key these are derived from is called the Master Seed. Through the Master Seed, it is possible to generate an infinite number of private keys. 

This Master Seed itself consists of a list of  256 bits (like flipping a coin 256 times). To make it humanly readable it can be represented with a list of 24 words as is the case for our hardware wallets. These are obtained when you first use your Ledger device. We call those 24 words the Recovery phrase.

This Recovery phrase (24 words) has to be carefully written down (correct order, no misspellings) and protected after you initialize your hardware wallet. That’s the purpose of the Recovery sheet.

Example of a Recovery phrase Master Seed :

Similarly to the concept of private and public keys seen in our first article, you cannot retrieve the master seed using the private keys.

The Master Seed can be reused as many times as necessary to regenerate the private keys derived from it, and each time the result will be the same. This is why when you uninstall and reinstall a Ledger application, it provides you access to the same cryptocurrency wallets.

A standard was developed to detail how to generate private keys from a Master Seed.

In short, there is no need to handle hundreds or thousands of private keys.

You only need one piece of information: The Master Seed. This Master Seed is represented through a list of humanly readable words, the Recovery phrase.

Sharing your private key with anyone will provide them access to the cryptocurrencies associated with it.
Similarly, providing your 24 words to anyone will provide them access to
all the derived private keys, and consequently all the cryptocurrencies associated with those. Do not share your 24 words.

Using a single list of 24 words increases the ease of use for the user, since there is now only one piece of information to protect. However, it greatly increases the risk of losing everything if this information is lost or leaked.

The Recovery Phrase

The Recovery phrase is displayed to the user as a list of 24 words and, as previously explained, is the root for all the secrets (private keys) of your hardware wallet

This unique list of words is generated by your hardware wallet and should never be shared with anyone. 

From this list of words, it is possible to derive Bitcoin addresses and private keys, Ethereum addresses and private keys, as well as any other coins. Therefore, protecting your recovery sheets is of the utmost importance. Please review our best practices to safeguard it.

Your Ledger Hardware wallet helps you both securely generate and safeguard your 24 words by preventing anyone from accessing it.

The 24 words are in the hardware wallet, but where are my private keys?

The 24 words – or its binary equivalent: the Master Seed – are locked inside the Ledger hardware wallet, and will never leave the device. Ledger has built all its devices around specialized chips called Secure Elements.

Eventually you’ll want to use your private keys to make a transaction.

As we explained above, all private keys are derived from the 24 words using dedicated cryptographic principles.

The action of deriving the keys is performed by the applications running on your Ledger devices and will be described in the next article.

< Back to Basics part 1