Learn Ethereum in 2024. #15. Wallets.

In the blockchain field, beginners often confuse accounts with wallets. As we’ve discussed, an account consists of a pair of keys and is associated with an address on Ethereum. Wallets, on the other hand, are software or libraries with various functionalities, including the ability to create, manage, and utilize accounts. They can sign messages and transactions, among other features.

Before we proceed, let’s briefly discuss the distinction between wallets and exchanges. When acquiring cryptocurrencies, many people initially utilize exchanges like Crypto.com or Binance. While exchanges can function as wallets, they are typically custodial in nature. This means that users do not possess the private keys associated with their accounts. Consequently, they lack full control over their funds, as they cannot independently manage their accounts. In this article, when we refer to wallets, we are specifically discussing non-custodial wallets — software or libraries where users own and control their private keys, rather than relying on a third party.

In the Ethereum ecosystem, one of the most widely used wallets is Metamask, available in both mobile and Chrome extension versions. Throughout this course, we’ll delve into Metamask as it will be our primary tool for connecting with Dapps. Another wallet we’ll explore is Clef, developed in Go by the team behind the Ethereum Geth client. Clef was designed to complement Geth, aiming to work seamlessly together. Unlike Metamask, Clef operates as a command-line wallet and isn’t suitable for direct integration with Dapps.

It’s important to understand that wallets are essentially software applications. Any software equipped to manage cryptographic keys and perform transaction signing effectively operates as a wallet. JavaScript libraries like web3.js, ethers.js, and Viem offer these essential functionalities, enabling developers to create custom wallet solutions.

Categories of Wallets

Wallets can be categorized into Hot wallets and Cold wallets. Hot wallets are those connected to the internet or with online capabilities. Metamask serves as an example of a hot wallet. Being online allows it to send transactions directly to an Ethereum node, making it convenient for users. However, this connectivity also poses security risks. Hot wallets are more vulnerable to attacks aimed at accessing the private keys they store.

Cold wallets, on the other hand, operate without any internet connection. Prominent examples of cold wallet manufacturers include Trezor and Ledger. Typically, these wallets are hardware devices that connect to computers via USB or a similar interface. Since they don’t have online connectivity, cold wallets cannot initiate transactions, but they possess the capability to sign transactions.

Cold wallets typically function in the following manner:

1. Some software or device generates a transaction and sends the unsigned transaction to the cold wallet.
2. The cold wallet then signs the transaction and sends back the signed transaction to the originating device.
3. This device, connected to the internet, can then transmit the transaction to an Ethereum node.

Note that the private key is never exposed to the network: communication between the device that initiated the transaction and the cold wallet that signed it occurs locally.

Seed and BIP39

The private key, a 32-byte random number, translates to 64 alphanumeric digits. It’s practically impossible to memorize and prone to typing errors. To address this, a technique called seed or recovery phrase is commonly employed to generate private keys. This method is used by nearly all Ethereum wallets.

Since private keys are random numbers, any method of generating random numbers can be used to generate a private key. Bitcoin users proposed a method to translate random numbers into a recovery phrase in its Bitcoin Improvement Proposal 39 (BIP39), which was later adopted by several protocols. This method works as follows:

1. First, a random number, typically 16 bytes (128 bits) in length, is generated.
2. From these 128 bits, a 4-bit checksum is generated and added to the original 128 bits, resulting in a total of 132 bits.
3. These 132 bits are then divided into 12 groups of 11 bits each.
4. Here’s the key concept: 11 bits can represent 2048 different numbers. A dictionary is created with 2048 ordered words, with each word corresponding to a specific number. As a result, from the original 16 bytes, a set of 12 corresponding words is generated. This set of words is the recovery phrase.
5. From the 12 words, a key generator function called PBKDF2 (Password-Based Key Derivation Function 2) is utilized to produce a 512-bit seed key. In this process, adding a passphrase to the seed generation enhances security further. If no passphrase is explicitly provided, it defaults to an empty string. With the seed, it is possible to derive an arbitrary number of private and public keys and, consequently, accounts.

The process can be initiated with a random number larger than 16 bytes, resulting in the generation of more than 12 words. For heightened security, one could start with a 32-byte number to generate 24 words instead.

HD Wallets, BIP32 and BIP44

It is common to use several accounts in the same wallet. One way to do this is to generate multiple independent private keys, but this is not practical, as we would have to back up all these keys. A practical solution is to create multiple private keys from a seed, usually generated using the method seen in the previous section, BIP39.

Wallets that implement this procedure are known as hierarchical deterministic wallets, or HD wallets for short. They are termed “deterministic” because the private keys are generated deterministically from the seed, and “hierarchical” because the generated keys, whether private or public, exhibit a tree-level hierarchy.

BIP32

From a root, a path is defined, resembling a tree-like structure. Each node along this path can generate either a private key or (just) a public key. This approach of deriving multiple keys from a single seed is outlined in Bitcoin Improvement Proposal 32, or BIP32 for short. An example path might appear as follows:

m/0'/1/2

In this example, “m” represents the root of the path, and each “/” signifies a branching point. For instance, the paths “m/0'/1” and “m/0'/2” indicate a path originating from “0'”, which in turn has two children: “0'/1” and “0'/2”. You might have observed the ‘ symbol attached to the value 0, signifying a special derivation method that requires further explanation.

A path example

Numbers with ‘ signify hardened derivations, while numbers without ‘ indicate non-hardened derivations. Hardened derivations offer greater security, but non-hardened derivations have certain advantages. For instance, they allow the generation of a set of public keys without exposing the corresponding private key. This can be advantageous in e-commerce settings where it’s necessary to provide a public key seed to a department without granting access to the corresponding private key.

BIP44

To establish a standard for use across various wallets, a new BIP was introduced, known as BIP44. This proposal outlines a predefined path for Bitcoin wallets, which has since been adopted by Ethereum and numerous other networks, particularly those compatible with the Ethereum Virtual Machine. For networks adhering to BIP44, the following standardized path is utilized:

m/44'/coin_type’/account’/change/address_index

The coin_type parameter specifies the network to be utilized, with Ethereum being represented by the number 60. Account denotes an arbitrary number, useful for establishing higher-level hierarchies such as departmental divisions within a company. The change parameter accepts values of either 0 or 1, where 0 signifies that the wallet’s primary function is to receive funds — a common configuration. Lastly, address_index typically represents a sequential number, starting from zero and increasing by one for each new private key generated.

Most wallets, such as Metamask, typically generate the initial private key from the path m/44'/60'/0'/0/0, followed by the second key from m/44'/60'/0'/0/1, and so forth. From the seed, an arbitrary number of accounts can be created.

Wallet password

Wallets require the use of a password, which is solely used to locally encrypt keys. It’s crucial to understand that this password has no relation to the recovery phrase or any private key; it’s simply a security measure to ensure that the information stored by the wallet is not recorded in plain text.

In case the files stored by the wallet are compromised, accessing the private keys is only feasible with the wallet password. Losing this password means being unable to access the wallet, but it’s possible to reset it and recover the private keys using the recovery phrase.