cypherscope.eth

1. You generate Seed Words (12 or 24 words). These are your backup DNA. Never ever enter them online or into any app. 2. Your Bitcoin wallet turns these words into a Master Seed that is 512 bits of 1s and 0s. 12 or 24 words makes no difference (other than more entropy). Either set ultimately produces the same 512-bit Master Seed. But words are much easier to write down and backup than 512 random digits. 3. That 512-bit Master Seed is run through one more secure hash using the standard fixed phrase "Bitcoin seed". Yes... really! The exact phrase "Bitcoin seed" (along with the space) is part of the algorithm that every Bitcoin wallet uses. This creates a new set of 512 bits of 1s and 0s, which are split right down the middle: First half - 256-bit Master Private Key Last half - 256 bit Master Chain Code 4. Chain Code? The chain code lets you generate as many addresses as you want so you can receive or deposit Bitcoin. 5. These two halves together make your: - Master Extended Private Key (xprv), which then generates your... - Extended Public Key (xpub). Math makes this one-way. You can go from private to public, but never the other way around. 6. Your xpub generates unlimited addresses and child public keys to go with them. So every Bitcoin address has its own child public key (and thus its own matching child private key as well). 7. Your Bitcoin wallet ONLY uses your public keys and addresses to display the balance. You don't have to memorize all of this (obviously). But the flow of what creates what is important as you see that the SEED WORDS sit at the tippy-top. They make everything! And thus can re-create everything. ******* TAKEAWAY: The original seed words and all private keys (master and derived child keys) are the hidden 1s-and-0s that control your money. They are your private and secret signature that no one else should ever be able to access. Otherwise they can just sign for your Bitcoin. Your hardware device (Coldcard, Trezor, Ledger, etc.) prevents these private keys from ever leaving it. That's why we call them "signing devices." They hold the secret, magical pen you use to sign transactions. You don't want anyone else to impersonate you. The xpub and public addresses are the only safe parts to put online or into software (privacy aside). If a malicious actor or fake app gets your seed words, it gets everything. If it only sees your public addresses or xpub, it gets nothing.