Author

Topic: Bitcoin Seed Phrases and Vanity Adresses (Read 338 times)

legendary
Activity: 3472
Merit: 10611
May 06, 2022, 11:15:10 PM
#19
~
That's correct and that's how it works under the hood but I simply used this project which has a function under Tools called "WIF Helper" that can convert WIFs to mnemonic and back very easily.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Nope, not possible to generate a vanity address from a seed phrase. That's because the addresses are created using an algorithm (key derivation function to be specific) which transforms the encoded seed phrase bytes, itself a private key, to several different "child" privaate keys. Which one you get depends on the index you pass to the KDF.
legendary
Activity: 2380
Merit: 5213
Also would it be possible then to import the Seed in lets say trust wallet and start generating new addresses there and then be able to restore those addresses AND the vanity adress later with the seed?
No.
If you enter that mnemonic into a wallet, you can't get your vanity address. It will generate completely different addresses. Of course, it's possible to derive your private key from that mnemonic. But there is no wallet doing that.
Note that you can't derive your seed phrase from your private keys at all.

Anyways, Below is how pooya87 converted the WIF private key to a mnemonic.

WIF private key:

Code:
L3YPzKfwpVYQr4B9DxbUxhFAncxveBnUoJJ2rSyq5KujaHdgUMXy

First we convert the WIF private key to a hex string using Base58Check encoding.

Code:
80bca326ea69831c76b9ac4828b30cfdd7955a0a775cf017bf3106afb73afeb811011838d07c
Now we remove the 80 from the beginning and the suffix "01" and the checksum from the end. The checksum is the last 4 bytes (the last 8 characters in the hexadecimal format)
Note that there is no suffix to be removed if you started with an uncompressed private key (a private key starting with 5).

Code:
bca326ea69831c76b9ac4828b30cfdd7955a0a775cf017bf3106afb73afeb811
Now we have a number in hexadecimal format.

The 256 bit number in binary format:

Code:
101111001010001100100110111010100110100110000011000111000111011010111001101011000100
10000010100010110011000011001111110111010111100101010101101000001010011101110101110011110
00000010111101111110011000100000110101011111011011100111010111111101011100000010001

We should extend the 256 bit number with 8 more bits which is called checksum.
To calculate the checksum, we hash our number (as a hex input) using SHA256 function and then convert the result to a binary number. The first 8 bits is our checksum.
Checksum: 01101011

With adding these 8 bits to our 256 bit number, we have a 264 bit number which is shown below.

Code:
101111001010001100100110111010100110100110000011000111000111011010111001101011000100
10000010100010110011000011001111110111010111100101010101101000001010011101110101110011110
0000001011110111111001100010000011010101111101101110011101011111110101110000001000101101011

For converting this number to a mnemonic, we use BIP39 wordlist.

Each of 11 bits gives us a word.

The first 11 bits: 10111100101 ----------->1509 ---------> Word number 1510 in the list ---------> royal
The second 11 bits: 00011001001 ---------> 201 ---------> Word number 202 in the list ----------> bomb
........
........
........
The last 11 bits: 00101101011 ---------> 363 ---------> Word number 364 in the list ----------> coin


Again, there is no wallet deriving your vanity address from your mnemonic if it has been generated  using this method and you need technical knowledge for generating your address using that mnemonic.
Avoid this method, if you don't know what you are doing.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Thank you for the example, that is exactly what I was trying to do.
Since at this point I only have the key in WIF, can you tell me how did you convert it to bytes and then mnemonic?
The WIF is converted back to hex by decoding using base58 and then truncated to fit 256 bytes. Afterwards, the mnemonic is generated by following the BIP39 standards. This can be done manually but it is hardly recommended because there is no good purpose of doing so.
Also would it be possible then to import the Seed in lets say trust wallet and start generating new addresses there and then be able to restore those addresses AND the vanity adress later with the seed?
No. None of the wallets are designed to function in this manner.

There is no point reusing the entropy from your vanity address to generate a BIP39 mnemonic. Mnemonic should be using their own unique entropy and the relevant standards. It is far better for you to just use the vanity address and the seeds separately instead of mixing them. This just complicates things unnecessarily without any real benefits.
hero member
Activity: 1050
Merit: 642
Magic
That it is not true, since you can have a seed phrase in a secure steel backup and want to use that for your vanity adress too.
I think you didn't get pooya87. He didn't say you can't have a seed phrase on a steel sheet or keeping a private key is easier than keeping a seed phrase. It's surely possible to have a vanity address generated from a seed phrase. pooya87 was referring to complexity of deriving a vanity address from a seed phrase.

If you want to have a vanity address generated from a private key, you generate a private key and then derive the public key and the address. You repeat the process until you generate the address you are looking for.
For generating a vanity address derived from a seed phrase, you add extra steps. You should generate a seed phrase and then derive the seed, the extended private key, the private keys, public keys and addresses.

Ok so I did understand that wrong, but I think now I understand what was meant.



First of all it makes absolutely no sense to use a seed phrase to find a vanity address regardless of the details of the steps you take.

That it is not true, since you can have a seed phrase in a secure steel backup and want to use that for your vanity adress too. If you are not able to use the Seed than you have to back up an entirely new key that is only usable for one single adress.
Well a vanity address is a single address it doesn't matter if you created it alone or used a seed to create it (the rest of your addresses derived from seed are not going to be vanity addresses). @hosseinimr93 is right, you are just adding extra steps and making the process to find the address a lot more expensive.

P.S. if you are looking for a way to write down the private key in another form than WIF you could just convert the key bytes to a mnemonic.
For example:
Code:
WIF:     L3YPzKfwpVYQr4B9DxbUxhFAncxveBnUoJJ2rSyq5KujaHdgUMXy
Bytes:   bca326ea69831c76b9ac4828b30cfdd7955a0a775cf017bf3106afb73afeb811
Mnemonic: royal bomb ritual spread crack deputy trade math chunk observe disorder quality fiber ahead talent own bless wet double garage inhale leg theory coin

Thank you for the example, that is exactly what I was trying to do.
Since at this point I only have the key in WIF, can you tell me how did you convert it to bytes and then mnemonic?
Also would it be possible then to import the Seed in lets say trust wallet and start generating new addresses there and then be able to restore those addresses AND the vanity adress later with the seed?
legendary
Activity: 3472
Merit: 10611
First of all it makes absolutely no sense to use a seed phrase to find a vanity address regardless of the details of the steps you take.

That it is not true, since you can have a seed phrase in a secure steel backup and want to use that for your vanity adress too. If you are not able to use the Seed than you have to back up an entirely new key that is only usable for one single adress.
Well a vanity address is a single address it doesn't matter if you created it alone or used a seed to create it (the rest of your addresses derived from seed are not going to be vanity addresses). @hosseinimr93 is right, you are just adding extra steps and making the process to find the address a lot more expensive.

P.S. if you are looking for a way to write down the private key in another form than WIF you could just convert the key bytes to a mnemonic.
For example:
Code:
WIF:     L3YPzKfwpVYQr4B9DxbUxhFAncxveBnUoJJ2rSyq5KujaHdgUMXy
Bytes:   bca326ea69831c76b9ac4828b30cfdd7955a0a775cf017bf3106afb73afeb811
Mnemonic: royal bomb ritual spread crack deputy trade math chunk observe disorder quality fiber ahead talent own bless wet double garage inhale leg theory coin
legendary
Activity: 2380
Merit: 5213
That it is not true, since you can have a seed phrase in a secure steel backup and want to use that for your vanity adress too.
I think you didn't get pooya87. He didn't say you can't have a seed phrase on a steel sheet or keeping a private key is easier than keeping a seed phrase. It's surely possible to have a vanity address generated from a seed phrase. pooya87 was referring to complexity of deriving a vanity address from a seed phrase.

If you want to have a vanity address generated from a private key, you generate a private key and then derive the public key and the address. You repeat the process until you generate the address you are looking for.
For generating a vanity address derived from a seed phrase, you add extra steps. You should generate a seed phrase and then derive the seed, the extended private key, the private keys, public keys and addresses.
hero member
Activity: 1050
Merit: 642
Magic

First of all it makes absolutely no sense to use a seed phrase to find a vanity address regardless of the details of the steps you take.

That it is not true, since you can have a seed phrase in a secure steel backup and want to use that for your vanity adress too. If you are not able to use the Seed than you have to back up an entirely new key that is only usable for one single adress.
legendary
Activity: 3472
Merit: 10611
if you only want to try vanity gen within the small pool of 2mill addresses associated with a certain seed phase you already picked. you are limiting the length/possible chance of finding a vanity you want
First of all it makes absolutely no sense to use a seed phrase to find a vanity address regardless of the details of the steps you take. It is just too expensive to do that and it introduces more complexity to both the implementation and the final storage.
Secondly you don't have to limit yourself to the 4.29 billion keys per index (it is from 0 to 0xffffffff convering both hardened and non-hardened keys) you can just play with the derivation path and have a much bigger  search space. eg. m/0/0 to m/0xffffffff/0xffffffff to double the space and so on...
legendary
Activity: 4424
Merit: 4794
its because
at base computing. private keys and vanity gen work at binary and numbering systems
they do not start at wif/hex/word library

the wif/hex/wordlibrary are just human readable formats of expression of the binary(number) of a private key, done so AFTER the fact of the random key generation

EG
A. start at number X
B. and add 1,
C. convert to a bitcoin address and check if its the vanity.
         if not, repeat B(add one and check again)
         if suitable vanity address found
D. convert the binary(number) into different formats. either hex, wif or word library

if you only want to try vanity gen within the small pool of 2mill addresses associated with a certain seed phase you already picked. you are limiting the length/possible chance of finding a vanity you want

EG them 21bytes(2mill addresses) might only find you a vanity of 3 letters of(base58) prefered public address you want
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
blackhatcoiner is not correct
I don't understand. Where am I incorrect? You've just described in a detailing how a mnemonic works.

Do you know exactly how to input a seed phrase into vanity gen?
No. And I just did a search, nothing came up. It's trivial to write, but no, I can't find any github repository, which seems weird. One should have made this. If you really need it and you can neither find anything in the internet, pay someone to do it for you. You can find people for this very job in this sub-board.
hero member
Activity: 1050
Merit: 642
Magic
To do that method you use the private key in WIF or Hex?

And it would be possible to import that seed phrase then into lets say electrum to use the vanity adress and other adresses created by the wallet?
legendary
Activity: 4424
Merit: 4794
blackhatcoiner is not correct

a seed phrase is usually 12 words that are broken down into 11bits each
= 132bits
then the 2mil possible addresses are another 'nonce' /salt. of 21bits after that

meaning the bit length is atleast 132+21=153bits for all 2mill addresses associated with the seed words
(technically its 11 words of 11 bytes and the final word is a check word to ensure the math is right
i wont go into all the detail as a certain someone who hates being corrected also hates walls of text explanations that deal with details)
..
so logically..

just standard vanity gen brute force a certain entropy length. and try and get the vanity address you want. and then convert the private key into any format you like

..
after all a private key at its essence is just a number represented in binary.. which then gets translated into human readable formats after the fact.
all seed words are just a translation of number.. translated into certain words listed in a known library of words associated with certain numbers

same with WIF and hex. they are just translations of a base number into a more compressed visual characterisation for the eyes to read better
hero member
Activity: 1050
Merit: 642
Magic
Do you know exactly how to input a seed phrase into vanity gen?
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
1. My understanding is that the Bitcoin adresses are created randomly from the seed phrase and there is an unlimited amount basically possible.
Bitcoin addresses are derived from your randomly generated seed.

2. Is it possible to create a vanity adress from my seed phrase or extract the seed phrase from a vanity adress?
The former is possible. Just take a seed phrase and start brute forcing your prefix in derivation paths until you find such address. An extended key can generate up to 2,147,483,648 children. You could just change the seed if you've tried them all and restart. The latter isn't possible because hash functions are irreversible and what you're saying here is to recover the preimage (the seed) of a hash, which is essentially the address.

Code:
            possible
Hash(seed) ───────────► Address

            impossible
     seed  ◄─────────── f(Address)

Or, perhaps, instead of "impossible" that sounds absolute, let's say that no one has managed to find such function f that does it.
hero member
Activity: 644
Merit: 661
- Jay -
But as far as I know you can derive an infinite number of private keys from the seed phrase. How would the wallet know which private key to calculate to get the right one that controls your funds?
The seed phrase is a version of the master private key which contains all the other private keys and public keys of the individual addresses.

When you recover the seed phrase (master private key), it should recover all the individual private keys which were derived from it
hero member
Activity: 1050
Merit: 642
Magic
1. Bitcoin addresses are not generated randomly, but are derived from the public key, which is derived from the private keys/seed phrase.
Yes, the addresses can be unlimited on HD wallets.
If you recover the seed phrase, it contains the master private keys and would restore the balance on the entire addresses generated from it.



But as far as I know you can derive an infinite number of private keys from the seed phrase. How would the wallet know which private key to calculate to get the right one that controls your funds?
hero member
Activity: 644
Merit: 661
- Jay -
1. Bitcoin addresses are not generated randomly, but are derived from the public key, which is derived from the private keys/seed phrase.
Yes, the addresses can be unlimited on HD wallets.
If you recover the seed phrase, it contains the master private keys and would restore the balance on the entire addresses generated from it.

2. I've not used a vanity address, but it should be generated from a private keys and public key derivation. Are you asking if you can create a vanity address from an already generated seed phrase?

3. If done properly, there should not be a privacy concerns when generating ANY address on an airgapped device.
hero member
Activity: 1050
Merit: 642
Magic
I want to create a cold wallet and store the seed phrases on a metal plate like it is done many times. For that I have some technical questions:

1. My understanding is that the Bitcoin adresses are created randomly from the seed phrase and there is an unlimited amount basically possible. How can after restore the wallet find the exact adress that I use to store my BTC in?

2. Is it possible to create a vanity adress from my seed phrase or extract the seed phrase from a vanity adress? I would think no because it would not be possible for the wallet to find the vanity adress easily.

3. Is there any security concern when creating vanity addresses on a permanently air gapped machine?

Thanks for your help.
Jump to: