Recovery phrases (also known as mnemonics) provide a way for humans to easily read and write down arbitrary large numbers which would otherwise be very difficult to remember.
They use a predefined dictionary of simple words (available in many different languages) which map uniquely back and forth to a binary code.
Seeds / Entropy
The recovery phrase is normally used to encode a wallet’s “seed” - a secret random number which is 28 decimal digits long, or more!
A seed is also called just entropy 1 , implying that it is a sequence of bytes which has been generated using high-quality randomness methods.
All keys belonging to a wallet are derived somehow from the wallet seed.
The process for encoding recovery phrases is described in BIP-0039 § Generating the mnemonic. Below is a reformulation of this specification.
The allowed size of entropy is 96-256 bits and must be multiple of 32 bits (4 bytes).
A checksum is appended to the initial entropy by taking the first \(|ent| / 32\) bits of the SHA-256 hash of it, where \(|ent|\) designates the entropy size in bits.
Then, the concatenated result is split into groups of 11 bits, each encoding a number from 0 to 2047 serving as an index into a known dictionary (see below).
|Sentence Length||Entropy Size||Checksum Size|
|9 words||96 bits (12 bytes)||3 bits|
|12 words||128 bits (16 bytes)||4 bits|
|15 words||160 bits (20 bytes)||5 bits|
|18 words||192 bits (24 bytes)||6 bits|
|21 words||224 bits (28 bytes)||7 bits|
|24 words||256 bits (32 bytes)||8 bits|
Cardano uses the same dictionaries as defined in BIP-0039.
This is an English recovery phrase, ordered left-to-right, then top-to-bottom.
write maid rib female drama awake release inhale weapon crush mule jump sound erupt stereo
It is 15 words long, so \(15\times11 = 165\) bits of information, which is split into a 160 bit seed and 5 bit checksum.
Using the dictionary, these words resolve to:
2036 1072 1479 679 529 129 1449 925 1986 424 1162 967 1662 615 1708
Seed: 01111100111 11100100110 01111101011 01010100111 01000010001 00010000001 10110101001 01110011101 11111000010 00110101000 10010001010 01111000111 11001111110 01001100111 110101 Checksum: 01100 Seed (base16): fe90c2e3aa7422206d4b9df846a2453c7cfc99f5 Checksum (base16): 0c