Course 04 · Lesson 05

Understanding Private Keys and Seed Phrases

~9 min readLesson 05/7Free

Seed phrases and private keys are simultaneously the most important concept in crypto self-custody and the most frequently misunderstood. Many people who use hardware wallets do not fully understand the relationship between their seed phrase, their private keys, and their wallet addresses - or what happens in each scenario where one of these is lost. This lesson explains the complete relationship precisely - not because the mathematics needs to be memorised, but because understanding the structure clarifies exactly what you need to protect, what you can share safely, and what the consequences of different loss scenarios are.

How Keys and Seeds Are Related

Modern wallets use a hierarchical structure where a single seed phrase generates every private key in the wallet. This is known as an HD Wallet (Hierarchical Deterministic). The relationship is deterministic - the same seed phrase always generates the same keys, in the same order, on any compatible wallet software. This is the foundation of wallet recovery: if you have your seed phrase and a compatible wallet application, you can always regenerate all of your private keys and access all of your crypto.

THE RELATIONSHIP STRUCTURE

Seed phrase (12 or 24 words)
  ↓ mathematical derivation
Master private key
  ↓ derivation paths (m/44'/0'/0'/0/0 etc)
Private keys → Public keys → Wallet Addresses

One seed → many private keys → many addresses. Secure the seed phrase = secure all of them. Lose the seed phrase = lose access to all.

The Mathematics of Private Keys

A private key is a randomly generated 256-bit number - a number between 1 and 2^256. The number of possible private keys is approximately 10^77 - larger than the number of atoms in the observable universe. This enormous keyspace is what makes it computationally impossible for anyone to guess your private key.

The seed phrase is a human-readable encoding of this initial Entropy. A 12-word BIP-39 seed phrase represents 128 bits of entropy. A 24-word phrase represents 256 bits. Each word is selected from a standardised list of exactly 2,048 words - so each word encodes 11 bits of information. The last word in any seed phrase is a checksum - derived mathematically from the others - allowing any wallet to verify that a seed phrase was written down correctly.

From Seed to Key to Address

The mathematical path from seed phrase to address follows several defined steps - all invisible to the user but important to understand conceptually. The transition relies on a precise Derivation Path (e.g., m/44'/0'/0'/0/0) which allows the HD wallet to systematically create unique keys for different crypto assets.

SEED TO ADDRESS - THE PATH

Step 1: Seed phrase → Binary entropy. Words converted back to binary.
Step 2: Entropy → Master seed. Standardised hashing (PBKDF2) generates a 512-bit seed.
Step 3: Master seed → Master keys. Master private key and master chain code created.
Step 4: Master keys → Child keys. Derivation paths generate individual keys.
Step 5: Private key → Public key. Elliptic curve cryptography generates public key. One-way process.
Step 6: Public key → Address. Hashing operations convert public key to the shareable address.

To add a layer of physical safety, some users create a Passphrase Extension (commonly called the 25th word), which creates an entirely separate set of keys and addresses from the same seed phrase, hiding the primary funds.

What Happens If You Lose Them

LOSS SCENARIOS AND OUTCOMES

Scenario 1: Lost hardware wallet, have seed phrase. Buy a new device. Restore using seed phrase. No crypto lost.
Scenario 2: Forgotten PIN, have seed phrase. Reset device using seed phrase. No crypto lost.
Scenario 3: Lost seed phrase, have hardware wallet. CRITICAL RISK. While the device works and you know the PIN you have full access. Immediate action: transfer everything to a newly generated wallet.
Scenario 4: Lost both seed phrase and device. PERMANENT AND TOTAL LOSS.
Scenario 5: Seed phrase compromised (someone saw it). EMERGENCY. Immediately transfer all funds to a secure wallet.

The Golden Rules

THE GOLDEN RULES OF KEY SECURITY

RULE 1: Never photograph your seed phrase. Cloud services are hacked. A digital photo is a permanent vulnerability.
RULE 2: Never type your seed phrase into any device. Any website or app asking for your seed phrase is a scam.
RULE 3: Never store it digitally. No notes app, email draft, or cloud storage. Physical only. Always.
RULE 4: The hardware wallet never shows your seed phrase after setup. If asked to type it, the device is compromised.
RULE 5: Multiple backups in separate locations. Provides resilience against physical disasters.

KEY TAKEAWAYS
One seed phrase generates all private keys in a wallet - secure the seed, secure everything.
Private keys are 256-bit numbers with a keyspace so large brute-force guessing is computationally impossible.
Loss scenarios: lost wallet but have seed = recoverable. Lost seed phrase with working device = critical risk. Lost both = permanent total loss.
Never photograph, type, or digitally store your seed phrase - physical only.
Any website or application asking for your seed phrase after initial setup is a scam - no exceptions.
Tax Basics for Crypto Holders →

What to Read Next

1. Tax Basics for Crypto Holders
Lesson 06 - Course 04
Read →
2. Security Habits That Protect Your Assets
Lesson 07 - Course 04
Read →
3. Wallets, Keys, and Addresses
Lesson 05 - Course 02
Read →