No, not Johnny Mnemonic ;]
Aunt Wiki says: “A mnemonic (/nəˈmɒnᵻk/, the first "m" is silent) device, or memory device, is any learning technique that aids information retention in the human memory”
Every user of HD wallet gets on start 12-24 “magical” words, which need be stored in safe place. Probably every one user also thinks: what it is?, for what it is need for?, how it really works?
This post is my way to explain you how mnemonic works, how it is build and its role in HD wallet.
But we need know some stuff about HD wallet firstly ;]
HD is a shortcut from “hierarchical deterministic”. Two hard words that mean that internal structure of wallet is hierarchical (like folders, sub-folders and files on drive) and it is deterministic – you can recover it into very same form multiple times. Generation rules of wallets and addresses in HD standard are described in BIP32 (all links at bottom of post), and BIPs 43,44. How to use mnemonic in process of generation wallet master key we can found in BIP39. HD master key is 512 bits long and it is used to calculate all wallets and addresses in wallets (yes, HD wallet standard allow us to have many wallets and addresses in wallets of many currencies).
So, what it mnemonic is?
It is way to write down seed* which is used to generate wallet master key.
*seed is just big random number, which is used to deterministic (can be repeated many times witch same result) calculation of another needed variables. Like a staring point.
According to standard described in BIP39 seed need to be fixed length: 128, 160, 192, 224 or 256 bits. Length of seed describes how much entropy (randomness) you provide to generate it. Length of seed in bits is, of course, reflected in number of words we need to save, it will be respectively 12, 15, 18, 21 or 24 words.
If you have calculator in head, you can see that something do not match. 128 divided by 12 is 10.(6) but we count in bits, so it should be round number. And actually it is, because of checksum.
Mnemonic uses words list described in BIP39. There are 2048 unique words in that list, so we can write down word number on list in 11 bits (2^11=2048). So: 12 words give us 132 bits of data. We need “only” 128, thus we have a redundant 4 bits. Those last bits are checksum, used by wallet to check, that mnemonic is correctly constructed and entered (checksum is made from first bits of SHA256 hash of seed, as BIP describes).
Then, how mnemonic is made?
We randomize/generate number long enough, we add checksum, then divide that sum in 11 bit packs, and we take words from word list by every pack. Voila! All ready.
But we have two more steps to do, one before and one after.
Firstly: how we can get that first seed number?
Everything rely on it, because if we use “weak entropy” (so events or numbers that can be guessed or calculated) then safety of our wallet is little, or even someone can generate exact same number (i.e. if we use Bible line, some poem etc.).
Hardware wallets (like Trezor) are using internal device entropy and entropy from PC that is initiating it.
Webpage https://bitaddress.org is using mouse movements and text entered.
Linux user can take proper number of bits form /dev/random.
But one and only true randomness we can get from events in real world: coin toss, dice roll, good shuffled playing cards.
So now is time for surreptitious advertising: some time ago I wrote an application, that generate mnemonic from two shuffled decks of cards (under influence of an app that uses cards to generate address/es). It can be downloaded from my github :)
Well, now we have super-random seed, and we make a mnemonic from it. What next?
We know already, that HD master key is 512 bit long and we have as little as 128 (in most cases, form 12 words). BIP39 describes transition as easy process: we take all words (as next, not as number they represents) and do SHA512 “only” 2048 times. Result of last hash is 512 bit HD master key that is used in cryptovoodo to generate wallets, keys, addresses…
Well, everything is cool, right?
What about compatibility? Do every HD wallet uses seed in same way?
Answer is: sadly, but NO.
Lucky for us, most of wallets, when we want to enter mnemonic, is asking us to pick standard we use in our way from mnemonic to addresses. Only because of that, we are not condemned to use only one wallet.
Good guy BIP saves the day ;]
I hope, that in this article I made a successful attempt to describe how mnemonic works in wallets, in simply way.
If I miss anything, please comment.
P.s. If you find my English bad, deal witch it, I never learned it XD
Original in Polish, my native language: https://steemit.com/bitcoin/@rav3npl/rafal-prostuje-bitcoin-mnemonik (yes, you can up-vote it too!)