An Introduction To Bitcoin Seed Phrases
This article demonstrates how to use the Hodlr One Titanium Bitcoin seed phrase backup from Hodlr Swiss.
When taking self-custody of your bitcoin it is important to ensure you have a good system in place to back up your private keys. In the event that you lose access to your Bitcoin wallet, whether it's a desktop wallet, a mobile wallet or a hardware wallet, your backup phrase is what enables recovering your bitcoin.
A widely-accepted method used to make this backup information easier for humans to handle is called BIP39. This method involves converting the numbers used to derive your extended private key into human-readable words, selected from the 2,048 words found on the standardized English word list. Each word on the list corresponds to an index number and no two words on the list begin with the same four-letter sequence. Samourai Wallet, Sparrow Wallet, COLDCARD, Passport and SeedSigner, among many others, are just a few examples of wallets that will present the bitcoin recovery information as a list of words following the BIP39 standard, known as a “seed phrase.”
The way a user handles their seed phrase is very important because anyone who gains access to these words could steal the associated bitcoin. Most commonly, the seed phrase will be either 12 words in length or 24 words in length, although some wallets support lists of varying lengths. Saving the seed phrase in an unencrypted text document or an image file is never recommended. Writing the seed phrase down on a piece of paper is a good start since this ensures that the words cannot be accessed remotely on an insecure computer. However, paper backups can fail in extreme environmental conditions like fires and floods. Many people have sought out clever ways to use metal as a more secure medium to store their seed words. Hodlr Swiss offers a product designed to make backing up your seed phrase easy and secure. The Hodlr One Titanium backup can withstand temperatures as high as 1,668°C, roughly 250° higher than stainless steel and nearly double the average temperature of a house fire.
The Hodlr One Titanium is capable of securing two different standards, BIP39 and SLIP39. SLIP39 is similar to BIP39 in that it uses a list of words to translate the information used to derive the private key, however the two methods are distinctly different in the way they handle this information and it is important to choose only one method for your backup because a list of BIP39 words will produce a different result when computed with the SLIP39 recovery method and vise versa. For the purposes of this demonstration, the BIP39 method was used.
Contents
This product involves converting standardized seed words into a corresponding numbered index. Exercise caution when making such conversions.
Unboxing The Hodlr One Titanium
The Hodlr One Titanium is shipped in a standard parcel-padded envelope. Inside that is the orange pouch which has only nondescript barcode markings on it.
Inside the orange pouch is a vacuum-sealed clear bag which contains everything needed to secure a Bitcoin seed phrase, except a hammer.
Inside the clear bag you will find:
- Security seals
- One, two or three titanium Hodlr One plates depending on which package you bought
- One rubber mat to use when stamping
- One steel center punch
- One pencil
- One marker
- One thank you card
- Detailed instructions
- A BIP39 English word index
- A SLIP39 English word index
- Blank backup sheet
The Hodlr One Titanium plates measure 61 millimeters wide by 2 millimeters thick and they each weigh 26 grams.
Converting A Seed Phrase To Index Numbers
In this demonstration, a COLDCARD was used to generate a standard BIP39 24-word seed phrase. You can use any wallet of your choice that supports the BIP39 standard. Alternatively, the Hodlr One Titanium supports SLIP39 as well, but instructions for this method are not covered in this demonstration. The Hodlr One Titanium three pack is designed to split a 24-word seed phrase into three pieces where if any two of the pieces are recovered, combined they can recreate the Bitcoin private key and recover the bitcoin.
Careful considerations should be made when deciding to split a seed. For example, there are multiple pieces required to recover bitcoin using this method. This could be a security benefit if one piece is discovered by an adversary, because then they will not have enough information to recover the bitcoin. However, this could also be a drawback because if two pieces are lost, then the bitcoin cannot be recovered.
In the Hodlr instructions, each of the three pieces will receive 16 of the 24 words. The first piece gets words one through 16, the second piece gets words one through 8 and 17 through 24, and the third piece gets words nine through 24. This way, if any two pieces are recovered they contain enough information combined to recover the bitcoin. If an adversary found one of three pieces, they would only have 16 out of 24 words, leaving eight words to be guessed out of 2,048 possible word choices. Using the equation log2 (2,048^8), it can be said that the entropy is 88 bits. If the adversary were to make 100 trillion guesses per second, it would take them 98,000 years to calculate every possible combination of the 88 bits. Although it could be considered a compromise if one piece is discovered, 88 bits of entropy is still relatively secure. But if you do discover that one of your pieces has been compromised, it would behoove you to transfer your bitcoin to a new secure wallet as soon as possible.
- Next, figure out which words will be stamped into each of the three pieces by using the included recovery sheet.
- Once you have your 24 words from your wallet, write them down in order on the blank recovery sheet.
- Keep in mind that only 16 of the 24 words will be written down for each of the three pieces. The eight omitted spaces for each piece are crossed out already on the blank recovery sheet.
- After writing down the seed words for each of the three pieces, refer to the included BIP39 index sheet to find the corresponding index number.
- Write each four-digit index number beneath every word on your recovery sheet.
- You will be stamping this index number into the Hodlr One Titanium plates.
It is worth mentioning that the technical specification for BIP39 calls for the word index to range from 0 to 2,047. However, multiple companies use the range of one to 2,048 in their documentation. This confusion is compounded by the fact that the official BIP39 word lists start on one and end on 2,048, although this is a byproduct of the way GitHub serializes lines in a text (.txt) document, users should be aware that they will derive different values (different bitcoin wallets) if they alternate this index by plus or minus one using an mathematical seed tool like this or this. Be conscientious of the fact that you are using an index range from one to 2,048 here and that upon recovery, just stick to the official BIP39 word list index as it is displayed.
Pre-Marking And Stamping The Hodlr One Titanium
Once you have the index numbers written down on the recovery sheet below each corresponding seed word, you can pre-mark the three Hodlr One Titanium plates with the provided marker.
- You want to be sure that you are reading the appropriately-numbered section for each word from left to right and top to bottom. In the image below, take number three for example, the index number is "1894" from the Hodlr instructions for the word "uncover."
- Continue pre-marking the words according to the written recovery sheet.
- For word spaces that are omitted, indicate them as intentionally left blank by stamping the dot beneath the corresponding word number toward the center of the plate.
- In the center of each Hodlr One Titanium plate you will notice two small grids for ID1 and ID2, you can use this to identify multiple plates as belonging to the same seed phrase, like "A1" for example. All three pieces for this seed phrase will share the "A1" identifier.
- Along the edge of the plate you will notice that you can indicate how many words are in your seed phrase, like "24 words" for example.
- There is even a place to indicate if you have GPS coordinates to go along with your backups.
On the reverse side of each plate there is an icon that reads "SOT," and this stands for “share of threshold.” The way this is interpreted is that the outermost circle indicates which number share this plate is. The second circle indicates the total number of shares in the entire backup. And the innermost circle indicates the minimum threshold of shares required to recover the bitcoin. For example, since this is a three-part backup, the outermost circle will be stamped "1," "2" and "3," respectively for each plate. Then the second circle will be stamped "3" on each plate because there are three total pieces. Finally, the innermost circle will be stamped "2" on each plate because two pieces at minimum are required for a recovery.
Be sure to double check your work after pre-marking the plates. If you make a mistake, like the example below, you can fix it by using some acetone and a Q-tip to remove the marker and then indicate the correct circle. Word twenty two is "sea" and the corresponding index number is "1,552," however "1,512" was marked on the plate.
Once you have pre-marked all of your dots on all of your plates, double checked your work and made any necessary corrections, you are ready to start stamping your marks with the included center punch. Safely destroy the paper recovery sheet by burning it. Do not use a different punch than the one that was included with the Holdr One Titanium kit. This center punch is the appropriate size for the available space on the plates.
- Place the plate in the included rubber mat before hammering
- Use a solid surface like a concrete floor
- Use a heavy hammer to get a solid punch
- Make each strike count and avoid attempting to strike the same dot twice
Once stamped, you should have clear, well-defined markings that are now a permanent part of the plate.
Security Seals
The objective of the security seal is to obfuscate the stamped markings on both sides of the plate while providing a way to indicate if the markings have been revealed. This is accomplished with tamper-evident security seals that are applied to both sides of each plate.
Each security seal has a unique serial number on it so that you can make note of exactly which security seal you used to obfuscate your plates.
If anyone attempts to remove the security seals, they will reveal the words "VOID" and "OPEN."
Periodically check your backups and immediately recover and move your funds to a new secure wallet if you discover that one of your plates has been tampered with.
Fire Test And Recovery
Titanium has a melting point of 1,668°C which is roughly 250°C higher than stainless steel and roughly twice as high as the average house fire. Titanium is also highly resistive to corrosion and has been used widely in the aerospace and pressure vessel industries for the last 70 years. These attributes make it a superior medium to secure your Bitcoin seed phrase.
Here is a video of a fire test bringing the three Hodlr One Titanium plates up to melting point to ensure that the information they contained would be recoverable:
The information contained in the Hodlr One Titanium plates was 100% recoverable. There was a flaky, yellow/white material left behind after the fire test which was cleared off using a brass-bristle brush. Then the numbers stamped in each plate were transcribed onto a piece of paper and then converted back to the corresponding words using the one through 2,048 indexed BIP39 English word list.
Conclusion
The Hodlr One Titanium is a robust Bitcoin backup medium that is simple to use and easy to conceal. There are clever ways to stamp many details about your backup, like how many words it has in total, how many shares your entire backup contains, how many of those shares are required for a recovery, and even if there are accompanying GPS coordinates. Anytime there is a conversion involved between seed words and index numbers, use caution. Check out the Hodlr Swiss website to learn more about its products or follow it on Twitter.
This is a guest post by Econoalchemist. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.