Why you're asked to move your mouse randomly while creating a new wallet?

[Sahyadri]

Have you ever wondered why you are asked to move your mouse randomly on the screen while creating a new wallet?
What purpose does it solve?

So your wallet is nothing but a digital database that stores your digital keys.

These digital keys include

• Private Key
• Public Key

The public key is hashed to create a Bitcoin address, which is used to receive bitcoin. While the private key is like a pin needed to spend the bitcoin received. The public key is generated from the private key through Elliptic Curve multiplication (There are a few articles related to this on this forum which you can read to understand it better). But this is irreversible, which means you can not generate a private key from the Public Key.

Then how the private key is generated?
A private key is just a number that is picked at random. It is similar to choosing a number from 1 to 2²⁵⁶.

But who chooses this number?
It is usually done by bitcoin software through the underlying operating system, which uses a random number generator to generate 256 bits of entropy.

Then where does wiggling the mouse come?
Sometimes, the OS uses random number generator along with some other source of entropy like mouse movements to add a human source of randomness , which is why you're asked to wiggle your mouse to generate that added randomness.

[1715065910]

1715065910

[seoincorporation]

The short answer is:

To generate entropy.

There are different ways to do this, you can write with the keyboard or move the mouse, that way with the right entropy we will generate a unique bitcoin address.

Not all the services ask us to do this, but most of the online address generators have it. (Never use one of this because you will risk your Privatekey)

[Charles-Tim]

But this is irreversible, which means you can not generate a private key from the Public Key.

It is one way irreversible not because private key can not be generated from public key, but because the public key or address can not be used to brute force private key. Normally, public key can not be used to generation private key, it will always be private key that will be used in a way the private key used can not be known from the public key or addresses.

A private key is just a number that is picked at random. It is similar to choosing a number from 1 to 2256.

You are right, but this is just like a brain wallet. It is the entropy that normal standard HD wallets are using to generate private keys, the randomness is in the entropy while the private key is later generated from the seed that is generated from the entropy after seed phrase is generated.

It is usually done by bitcoin software through the underlying operating system, which uses a random number generator to generate 256 bits of entropy.

The entropy generated by HD wallet ranges from 128 bits to 256 bits.

|  ENT  | CS | ENT+CS |  MS  |
+---------+----+---------------+--------+
|   128   |  4 |      132     |  12  |
|   160   |  5 |      165     |  15  |
|   192   |  6 |      198     |  18  |
|   224   |  7 |      231     |  21  |
|   256   |  8 |      264     |  24  |

ENT= Entropy
CS= Checksum
MS= Mnemonic sentence in words

I am not saying you are wrong, but I just included how private keys are generated in hd wallet which is the standard wallet for now that is embraced by developers.

[o_e_l_e_o]

A private key is just a number that is picked at random. It is similar to choosing a number from 1 to 2²⁵⁶.

A bitcoin private key cannot be any 256 bit number. The maximum it can be is n-1, with n being the order of the secp256k1 curve, a number very slightly smaller than 256 bits.

It is usually done by bitcoin software through the underlying operating system, which uses a random number generator to generate 256 bits of entropy.

Not usually. As Charles-Tim says, most bitcoin wallets use a random number generator to generate the entropy needed to calculate the seed phrase. Private keys are generated deterministically from the seed phrase.

[hatshepsut93]

Sometimes, the OS uses random number generator along with some other source of entropy like mouse movements to add a human source of randomness , which is why you're asked to wiggle your mouse to generate that added randomness.

The OS never asks user to wiggle their mouse to collect entropy, it does it in background and it uses many other hardware sources. It also always has a software pseudorandom number generator, which is almost always available.

I only saw this request to move the mouse on paper wallet generator sites, one of which is a malicious one, which steals user's coins. I assume this was done because in the past Javascript didn't have good RNG, so developers decided to ask for entropy input manually. But this isn't needed now, because now JS has good crypto functions. Newer wallets like MEW use it and there has never been any problems with it.

[pooya87]

it is an extra entropy not the entropy itself.
usually implementations don't use the OS random number generator alone, instead they mix it with another entropy source which is again usually generated behind the scene without the user knowing. two blocks can be hashed and XORed together or it can be in a HMAC as its key and message to generate the final entropy.
it is done to avoid relying solely on OS random so that in case a vulnerability were found in it, the wallets wouldn't be at risk.