How is a private key generated from the seed phrase?

[zorenskye1212]

Hello!

I am not new when it comes to Cryptocurrencies and stuffs but I don't have enough knowledge about Cryptography. May I ask if how a private key is generated with a seed phrase?

Someone told me I can use SHA256 to hash and get the output which is 64 characters(256 bits) and that is the private key. But I tried it on one of my unused wallets and used its mnemonic, and then used the SHA256 method but the hash generated is not the same with the original private key of the wallet. So how is a private key really generated from a mnemonic phrase?

P.S. I used a 12 word seed phrase.

[mocacinno]

It's far more complex than sha256(seed phrase). As a matter of fact, i'll just point you to ledger's documentation, they did a good job at trying to explain what's happening in relatively simple terms (i couldn't do a better job in explaining).

Here's an interesting read for you, that should explain your question:
https://ledger.readthedocs.io/en/latest/background/master_seed.html
https://ledger.readthedocs.io/en/latest/background/hd_keys.html

And if you're ready to start playing: https://iancoleman.io/bip39/ (open source, so you can actually download the sourcecode and read what's happening)

[nc50lc]

Someone told me I can use SHA256 to hash and get the output which is 64 characters(256 bits) and that is the private key. But I tried it on one of my unused wallets and used its mnemonic, and then used the SHA256 method but the hash generated is not the same with the original private key of the wallet.

What he (that someone) described is a "brainwallet" - it's basically using the output of SHA-256 hashing algorithm that has the same length as a private key.
Off-topic note: It's a 'dirty' way of creating private keys and shouldn't be used at all.

[BrewMaster]

if you want details of the algorithms used to go from a mnemonic (seed phrase) to a private key then you have to read the respective documentation. these things are always found on https://en.bitcoin.it/wiki which is the bitcoin wiki or on github among the improvement proposals (BIPs).
the two BIPs you need to read are:
https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
in that order.
in short you are doing a lot of HMACSHA512 to reach a 512 bit result which is then split in half to get the private key.
2048 HMAC in PBKDF2 then at least 4 HMAC to convert that entropy to the child key.

[o_e_l_e_o]

Here's an interesting read for you, that should explain your question:
https://ledger.readthedocs.io/en/latest/background/master_seed.html
https://ledger.readthedocs.io/en/latest/background/hd_keys.html

If you want to go in to a bit more detail, then I would read this section from Mastering Bitcoin: https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#from-mnemonic-to-seed

In summary, to go from your seed phrase to a 512 bit seed number, you have to use your seed phrase and the word "mnemonic" concatenated with any optional passphrase as parameters for 2048 rounds of PBKDF2 HMAC-SHA512. You then take your 512 bit seed number, hash it using HMAC-SHA512, and the left 256 bits becomes your master private key, while the right 256 bits becomes your master chain code which is needed to derive child keys from your master keys. To work down to individual private keys, then you need to progress along the individual derivation path, combining either parent private or public keys (depending on whether the child key is hardened or not) with the parent chain code and index and hashing with HMAC-SHA512.

So no, it's a bit more complicated than just hashing the seed phrase.

[Saint-loup]

Hello!

I am not new when it comes to Cryptocurrencies and stuffs but I don't have enough knowledge about Cryptography. May I ask if how a private key is generated with a seed phrase?

Someone told me I can use SHA256 to hash and get the output which is 64 characters(256 bits) and that is the private key. But I tried it on one of my unused wallets and used its mnemonic, and then used the SHA256 method but the hash generated is not the same with the original private key of the wallet. So how is a private key really generated from a mnemonic phrase?

P.S. I used a 12 word seed phrase.

It's right but it's only the very first step of the process

First, an initial entropy of ENT bits is generated. A checksum is generated by taking the first ENT / 32 bits of its SHA256 hash.
This checksum is appended to the end of the initial entropy.
Next, these concatenated bits are split into groups of 11 bits, each encoding a number from 0-2047, serving as an index into a wordlist.
Finally, we convert these numbers into words and use the joined words as a mnemonic sentence.

https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

For a mnemonic sentence of 12 words you have 128bits of entropy(ENT)
128/32=4
That is to say only the 4 first bits of the SHA256 hash are important because you will need them for the checksum of your seed.

aaaaaaaaaaaa

[o_e_l_e_o]

-snip-

You are confusing the process of going from entropy to a seed phrase (which is what you are talking about), and the process of going from a seed phrase to a private key (what OP is talking about).

As you've quoted, you take the SHA256 hash of your entropy to generate a checksum, which is appended to the entropy before the resulting number is used to generate a seed phrase. However, once you have the seed phrase as in OP's case, you don't use SHA256 in the generation of private keys, but rather HMAC-SHA512. Using SHA256 on a seed phrase is essentially creating a brain wallet, as nc50lc has said above.

[Saint-loup]

-snip-

You are confusing the process of going from entropy to a seed phrase (which is what you are talking about), and the process of going from a seed phrase to a private key (what OP is talking about).

As you've quoted, you take the SHA256 hash of your entropy to generate a checksum, which is appended to the entropy before the resulting number is used to generate a seed phrase. However, once you have the seed phrase as in OP's case, you don't use SHA256 in the generation of private keys, but rather HMAC-SHA512. Using SHA256 on a seed phrase is essentially creating a brain wallet, as nc50lc has said above.

Yes this is the very first step of the process and as you can see you have to pass through it to compute your seed from your entropy source. I think this is the origin of the mistake of zorenskye1212, he confused the process of getting his seed from an entropy source and the process of getting an address from his seed.

For example, on the iancoleman page you can use a card deck or a dice as an entropy source.



https://iancoleman.io/bip39/

[odolvlobo]

...
https://d3unf4s5rp9dfh.cloudfront.net/sd2_images/services/blockchain/True_Random_Number_Generator.png
https://d3unf4s5rp9dfh.cloudfront.net/sd2_images/services/blockchain/HD_Path_and_Tree.png

Your images imply that the master keys are derived from the entropy used to generate the seed phrase; however, the phrase itself is used as input to the PBKDF2.

[pooya87]

...
https://d3unf4s5rp9dfh.cloudfront.net/sd2_images/services/blockchain/True_Random_Number_Generator.png
https://d3unf4s5rp9dfh.cloudfront.net/sd2_images/services/blockchain/HD_Path_and_Tree.png

Your images imply that the master keys are derived from the entropy used to generate the seed phrase; however, the phrase itself is used as input to the PBKDF2.

they are just out of context here since they are explaining two different BIPs on separate contexes. the first one is explaining how to get the mnemonic from a 128-bit entropy using BIP39 while on a completely separate topic the second picture is explaining how to get a child key from a 128-bit entropy using BIP32.
if it were going from mnemonic to child key, the second picture should have used the 512-bit entropy as its start.