Mnemonic Phrase

A mnemonic phrase is a series of words used to back up and restore a cryptocurrency wallet.

A mnemonic phrase is a series of words to back up and restore a cryptocurrency wallet. The wallet’s software usually generates this phrase, consisting of between 12 and 24 words. It can be used to access the wallet and restore it in case of theft, loss, or device failure.

Mnemonic Phrase Overview

Mnemonic phrases can be helpful for mobile app developers and companies building apps with cryptocurrency transactions or wallet functionality. Here’s why mnemonic phrases are essential:

  • Security: Mnemonic phrases are a secure method of accessing cryptocurrency wallets. Developers can protect funds even if a user’s device gets lost, stolen, or compromised by requiring them to create a mnemonic. Security is essential in enterprise settings involving large amounts of cryptocurrency.
  • Backup and Recovery: Mnemonic phrases are used as backups for cryptocurrency wallets. If a user cannot access their wallet due to a malfunction or loss of the device, they can enter their mnemonic phrases into a new wallet to regain access. A backup and recovery method is essential for enterprises to prevent financial loss and ensure uninterrupted access.
  • User experience: Implementing Mnemonic phrases improves the user’s experience by providing an accessible and standard method for wallet backups and recovery. Developers can seamlessly integrate the creation and verification of mnemonic phrases into their mobile applications, making it easier for their users to manage their cryptocurrency holdings.
  • Compliance and Risk Management: Companies operating in regulated sectors like finance and e-commerce must adhere strictly to compliance and risk management standards. By incorporating mnemonics into their mobile applications, developers can demonstrate commitment to security best practices and mitigate the risk of financial loss or data breaches.
  • Cross-Platform Compatibility: Mnemonic phrases can be used across platforms and wallet software, allowing flexibility and interoperability. Cross-platform compatibility will enable enterprises to provide customers with a consistent, reliable experience across different devices and operating systems.

Overall, mnemonic phrases are essential for enhancing security, usability, and compliance in mobile apps developed by enterprises, especially those that involve cryptocurrency transactions or wallet functionality. By prioritizing mnemonic phrase implementation, developers can build trust and ensure the security of their digital assets within an increasingly digital and interconnected business landscape.

Mnemonic Phrase Techniques

Developers typically use several techniques when integrating mnemonics into a mobile application for a large company to ensure security, compliance, and usability. Here are some of the methods they may use:

  • Secure Generating: Developers must use cryptographically secured methods to generate mnemonic sentences within the app. Secure generation ensures the phrases are randomly generated and cannot be predicted or manipulated by malicious actors. Libraries like BIP39 are helpful for securely generating mnemonic phrases.
  • Encryption: Mnemonic phrases must be encrypted at rest and during transit to prevent unauthorized access. Developers can use AES encryption and other robust encryption techniques to secure mnemonic phrases stored locally on a user’s device and during transmission over a network.
  • Backup and Recovery Procedures: Implementing robust recovery and backup procedures is essential for memorizing phrases. Developers should help users create a mnemonic and stress the importance of storing it securely. The app should also provide clear instructions on recovering a wallet in case of a device failure or loss.
  • Multi-factor Authentication (MFA):  Adding multi-factor authentication to mnemonic phrases adds a layer of security. Developers can require that users authenticate with a combination of factors, such as passwords, biometrics, and mnemonic phrases. MFA will further secure access to cryptocurrency wallets.
  • Secure storage: Mnemonic phrases must be stored securely on a user’s device to prevent unauthorized access. Developers can use secure storage mechanisms offered by operating systems, such as iOS Keychain and Android Keystore, to protect mnemonic phrase data with device-level security.
  • User education: It is essential to educate users about mnemonics and the best management practices. Developers should include clear instructions, prompts, and reminders in the app to encourage users to securely back up mnemonic phrases and not share them with anyone.
  • Audit Trails and Logging: Implementing audit trails and logging mechanisms will help track and monitor activities related to mnemonic phrases within the app. Developers can log actions like mnemonic phrase generation, backup, and recovery attempts to detect and investigate suspicious and unauthorized activities.
  • Compliance With Regulatory Standards: Enterprises in regulated industries must comply with regulatory standards such as GDPR and financial regulations. Developers should design mnemonic phrases following the standards, including features such as data encryption, consent management, and user privacy controls.

These techniques allow mobile app developers to integrate mnemonic phrases into enterprise apps while maintaining security, usability, and regulatory compliance, building user trust, and protecting sensitive data and assets.

Mnemonic Phrases: A Technical Explanation

A mnemonic sentence is an easily readable representation of cryptographic seeds used to create a deterministic wallet. It is usually composed of a list of words. This mnemonic phrase is a convenient method for users to backup and restore their cryptocurrency wallets.

Here’s a detailed technical explanation of how mnemonics work:

  • Entropy Generating: This process begins with the generation of entropy. This entropy is a random binary sequence and can be generated using cryptographically secured pseudo-random numbers generators (CSPRNGs) to ensure unpredictability. The length of the generated entropy is what determines the security level of the mnemonic and the wallet. Entropy lengths that are commonly used are 128, 162, 192, 224, or 256 bits.
  • Checksum Calculation: Checksums are computed using the generated entropy to improve error detection. This checksum is then added to the end entropy to create a more extended sequence of bits. The checksum ensures the integrity of a mnemonic phrase by detecting errors during transcription or storage.
  • Wordlist selection: the extended bit sequence is divided into groups of eleven bits each. These groups are mapped onto words from a predefined BIP39 wordlist containing 2048 unique terms. Each group of 11 bits corresponds with one word from the BIP39 wordlist. This results in a sequence containing words that form the mnemonic.
  • Mnemonic-Phrase Representation: A mnemonic phrase will be presented to the user as a list. This human-readable format is easier to understand and use than raw binary data. The mnemonic phrase is crucial for wallet backups and recovery, so users must write it down and store it securely.
  • Wallet Derivation: A user can use a wallet program to create or restore a wallet on another device by entering the mnemonic phrase. The software reverses the process, converting the mnemonic into binary data. It does this by looking up the word indexes in the wordlist.
  • Key Derivation: The wallet software uses a key derivation (KDF) like PBKDF2 and HMAC-SHA512 from the reconstructed entropy to derive a private master key. This master private key forms the basis of a hierarchical-deterministic (HD) wallet.
  • Address Generation: A master private key creates a hierarchy of child keys, each corresponding with a specific cryptocurrency address. This hierarchical structure enables the creation of multiple cryptocurrency addresses from a single phrase. It also provides enhanced privacy and security.
  • Security and Usage: Users can now send and receive cryptocurrency payments using their restored wallet. Users must store their mnemonic phrases securely, as anyone with access to them can access funds in the wallet. Mnemonic phrases are the keys to a cryptocurrency wallet, so they should never be shared in plaintext or stored.

Mnemonic phrases are a simple and secure way to back up and restore cryptocurrency wallets. Mnemonic phrases allow deterministic wallet creation from a memorable series of words through cryptographic operations, wordlist mapping, and entropy production. This process ensures the security of cryptocurrency wallets and their usability for users.

Mnemonic Phrases on iOS and Android Devices

There are several differences between Android and iOS in terms of operating systems, programming languages, and development frameworks. Here’s a detailed technical comparison:

Storage Mechanisms

  • Android: Android developers use the Android Keystore to store cryptographic keys and mnemonic phrases. The Android Keystore is a hardware-backed security feature that protects sensitive data from unauthorized access.
  • iOS: iOS Keychain provides a similar mechanism for secure storage. The Keychain is a secure enclave that stores cryptographic keys, sensitive data, and other information using the hardware-backed security features of iOS devices.

Programming languages

  • Android: Android app development relies primarily on Java or Kotlin. Developers can use libraries like Bouncy Castle and Google’s Security Library for Java (Spongy Castle) to implement mnemonic phrase generation, encryption, or key derivation.
  • iOS: iOS app development typically uses Swift or Objective C. Developers can use Apple’s CommonCrypto Framework or third-party libraries such as CryptoSwift for cryptographic operations, including mnemonic phrases.

User interface

  • Android: User interface design is implemented using XML Layouts and Java/Kotlin Code in Android apps. Developers can use Android’s Material Design components to create a consistent, intuitive user experience regarding mnemonic phrase management and input.
  • iOS: iOS app user interfaces are created using Interface Builder to design visual layouts and Swift/Objective C code to implement the functionality. Developers can use Apple’s Human Interface Guidelines to create mnemonic phrase user interfaces that adhere to iOS design principles.

Permission model

  • Android: Android uses a permissions-based model, where apps require explicit user consent to access sensitive resources like storage and hardware features. Developers must request permission to access the Android Keystore, which securely stores mnemonic phrases.
  • iOS: iOS uses a permissions-based model where apps must ask for permission from the user to access sensitive hardware components and data. Developers need to request access to iOS Keychain to store mnemonic phrases safely.

Backup and Recovery

  • Android: Android apps can implement backup and recovery methods using Android’s built-in backup functionality or allowing users to export and import mnemonic phrases securely.
  • iOS: iOS apps can use iCloud Backup to automatically back up app data, including mnemonics stored in Keychain. Developers can also offer manual backup and recovery options within their app.

While the core concepts for mnemonic phrase management and generation are consistent between Android and iOS, there are differences due to variations in programming languages, storage mechanisms, user interface designs, permission models, backup/recovery methods, and user interface design. Developers should consider these differences when designing mnemonic phrases for Android and iOS cryptocurrency wallet apps.

Related Content

Receive Zimperium proprietary research notes and vulnerability bulletins in your inbox

Get started with Zimperium today