当前位置: 首页 > 工具软件 > go-bip39 > 使用案例 >

java bip-39_bip39


BIP: 39 (助记词)Layer: Applications

Title: Mnemonic codeforgenerating deterministic keys

Author: Marek PalatinusPavol RusnakAaron VoisineSean BoweComments-Summary: Unanimously Discourage forimplementation

Comments-URI: https://github.com/bitcoin/bips/wiki/Comments:BIP-0039

Status: Proposed

Type: Standards Track



This BIP describes the implementation of a mnemonic code or mnemonic sentence -- a group of easy to remember words -- for the generation of deterministic wallets.

下面就是描述助记码或词(即为了生成hd wallet而生成的一组容易记住的词)的生成

It consists of two parts: generating the mnemonic, and converting it into a binary seed. This seed can be later used to generate deterministic wallets using BIP-0032 or similar methods.

包括两部分:一是生成助记词并将其转成二进制的seed,这个能够作为bip32中的seed来生成hd wallet


A mnemonic code or sentence is superior for human interaction compared to the handling of raw binary or hexadecimal representations of a wallet seed. The sentence could be written on paper or spoken over the telephone.


This guide is meant to be a way to transport computer-generated randomness with a human readable transcription. It's not a way to process user-created sentences (also known as brainwallets) into a wallet seed.


Generating the mnemonic

The mnemonic must encode entropy in a multiple of 32 bits. With more entropy security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The allowed size of ENT is 128-256 bits.


ENT / 32

First, an initial entropy of ENT bits is generated. A checksum is generated by taking the first bits of its SHA256 hash. This checksum is appended to the end of the initial entropy. Next, these concatenated bits are split into groups of 11 bits, each encoding a number from 0-2047, serving as an index into a wordlist. Finally, we convert these numbers into words and use the joined words as a mnemonic sentence.


(2)通过对初始熵entropy取SHA256散列来获得CS位(CS= 熵长度/32=4,取得到的SHA256散列的前CS位)校验和,然后将校验和附加到初始熵的末尾。



The following table describes the relation between the initial entropy length (ENT), the checksum length (CS) and the length of the generated mnemonic sentence (MS) in words.


CS = ENT / 32MS= (ENT + CS) / 11

| ENT | CS | ENT+CS | MS |


| 128 | 4 | 132 | 12 |

| 160 | 5 | 165 | 15 |

| 192 | 6 | 198 | 18 |

| 224 | 7 | 231 | 21 |

| 256 | 8 | 264 | 24 |


An ideal wordlist has the following characteristics:


a) smart selection of words聪明的词汇选择

- the wordlist is created in such way that it's enough to type the first four

letters to unambiguously identify the word


b) similar words avoided避免相似的词

- word pairs like "build" and "built", "woman" and "women", or "quick" and "quickly"not only make remembering the sentence difficult, but are also more error

prone and more difficult to guess-像“build”和“build”、“woman”和“women”、或“quick”和“quick”这样的词对不仅使记忆句子变得困难,而且更容易出错,更难以猜测

c) sorted wordlists分类词库

- the wordlist is sorted which allows formore efficient lookup of the code words

(i.e. implementations can use binary search instead of linear search)- this also allows trie (a prefix tree) to be used, e.g. forbetter compression-wordlist是有序的,这允许更有效的查找代码字


The wordlist can contain native characters, but they must be encoded in UTF-8 using Normalization Form Compatibility Decomposition (NFKD).


From mnemonic to seed从助记词转成seed

A user may decide to protect their mnemonic with a passphrase. If a passphrase is not present, an empty string "" is used instead.



To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).

(1)为了从助记符创建二进制种子,我们使用PBKDF2函数(密钥拉伸(Key stretching)函数),使用助记词(UTF-8 NFKD)作为密码,使用字符串“助记词”+密码(UTF-8 NFKD)作为salt。迭代计数设置为2048(即重复运算2048次),使用hma - sha512作为伪随机函数。派生键的长度是512位(= 64字节,即最后的seed的长度)。

pbkdf2(mnemonicBuffer, saltBuffer, 2048, 64, 'sha512')

This seed can be later used to generate deterministic wallets using BIP-0032 or similar methods.

这个seed之后将被bip32或相似的方法使用来生成hd wallet

The conversion of the mnemonic sentence to a binary seed is completely independent from generating the sentence. This results in rather simple code; there are no constraints on sentence structure and clients are free to implement their own wordlists or even whole sentence generators, allowing for flexibility in wordlists for typo detection or other purposes.


Although using a mnemonic not generated by the algorithm described in "Generating the mnemonic" section is possible, this is not advised and software must compute a checksum for the mnemonic sentence using a wordlist and issue a warning if it is invalid.


The described method also provides plausible deniability, because every passphrase generates a valid seed (and thus a deterministic wallet) but only the correct one will make the desired wallet available.

所描述的方法还提供了可信的可否认性,因为每个密码都生成一个有效的种子(从而产生一个hd wallet),但是只有正确的一个才能使所需的钱包可用。




var Buffer = require('safe-buffer').Buffervar createHash = require('create-hash')var pbkdf2 = require('pbkdf2').pbkdf2Syncvar randomBytes = require('randombytes')//use unorm until String.prototype.normalize gets better browser support

var unorm = require('unorm')var CHINESE_SIMPLIFIED_WORDLIST = require('./wordlists/chinese_simplified.json')var CHINESE_TRADITIONAL_WORDLIST = require('./wordlists/chinese_traditional.json')var ENGLISH_WORDLIST = require('./wordlists/english.json')var FRENCH_WORDLIST = require('./wordlists/french.json')var ITALIAN_WORDLIST = require('./wordlists/italian.json')var JAPANESE_WORDLIST = require('./wordlists/japanese.json')var KOREAN_WORDLIST = require('./wordlists/korean.json')var SPANISH_WORDLIST = require('./wordlists/spanish.json')var DEFAULT_WORDLIST =ENGLISH_WORDLISTvar INVALID_MNEMONIC = 'Invalid mnemonic'

var INVALID_ENTROPY = 'Invalid entropy'

var INVALID_CHECKSUM = 'Invalid mnemonic checksum'function lpad (str, padString, length) {while (str.length < length) str = padString +strreturnstr


function binaryToByte (bin) {return parseInt(bin, 2)


function bytesToBinary (bytes) {returnbytes.map(function (x) {return lpad(x.toString(2), '0', 8)



function deriveChecksumBits (entropyBuffer) {var ENT = entropyBuffer.length * 8

var CS = ENT / 32

var hash = createHash('sha256').update(entropyBuffer).digest()return bytesToBinary([].slice.call(hash)).slice(0, CS)


function salt (password) {return 'mnemonic' + (password || '')


function mnemonicToSeed (mnemonic, password) {var mnemonicBuffer = Buffer.from(unorm.nfkd(mnemonic), 'utf8')var saltBuffer = Buffer.from(salt(unorm.nfkd(password)), 'utf8')return pbkdf2(mnemonicBuffer, saltBuffer, 2048, 64, 'sha512')


function mnemonicToSeedHex (mnemonic, password) {return mnemonicToSeed(mnemonic, password).toString('hex')


function mnemonicToEntropy (mnemonic, wordlist) {

wordlist= wordlist ||DEFAULT_WORDLISTvar words = unorm.nfkd(mnemonic).split(' ')if (words.length % 3 !== 0) throw newError(INVALID_MNEMONIC)//convert word indices to 11 bit binary strings

var bits =words.map(function (word) {var index =wordlist.indexOf(word)if (index === -1) throw newError(INVALID_MNEMONIC)return lpad(index.toString(2), '0', 11)

}).join('')//split the binary string into ENT/CS

var dividerIndex = Math.floor(bits.length / 33) * 32

var entropyBits = bits.slice(0, dividerIndex)var checksumBits =bits.slice(dividerIndex)//calculate the checksum and compare

var entropyBytes = entropyBits.match(/(.{1,8})/g).map(binaryToByte)if (entropyBytes.length < 16) throw newError(INVALID_ENTROPY)if (entropyBytes.length > 32) throw newError(INVALID_ENTROPY)if (entropyBytes.length % 4 !== 0) throw newError(INVALID_ENTROPY)var entropy = Buffer.from(entropyBytes)var newChecksum =deriveChecksumBits(entropy)if (newChecksum !== checksumBits) throw newError(INVALID_CHECKSUM)return entropy.toString('hex')


function entropyToMnemonic (entropy, wordlist) {if (!Buffer.isBuffer(entropy)) entropy = Buffer.from(entropy, 'hex')

wordlist= wordlist ||DEFAULT_WORDLIST//128 <= ENT <= 256

if (entropy.length < 16) throw newTypeError(INVALID_ENTROPY)if (entropy.length > 32) throw newTypeError(INVALID_ENTROPY)if (entropy.length % 4 !== 0) throw newTypeError(INVALID_ENTROPY)var entropyBits =bytesToBinary([].slice.call(entropy))var checksumBits =deriveChecksumBits(entropy)var bits = entropyBits +checksumBitsvar chunks = bits.match(/(.{1,11})/g)var words =chunks.map(function (binary) {var index =binaryToByte(binary)returnwordlist[index]

})return wordlist === JAPANESE_WORDLIST ? words.join('\u3000') : words.join(' ')


function generateMnemonic (strength, rng, wordlist) {

strength= strength || 128

if (strength % 32 !== 0) throw newTypeError(INVALID_ENTROPY)

rng= rng ||randomBytesreturn entropyToMnemonic(rng(strength / 8), wordlist)


function validateMnemonic (mnemonic, wordlist) {try{

mnemonicToEntropy(mnemonic, wordlist)

}catch(e) {return false}return true}


mnemonicToSeed: mnemonicToSeed,

mnemonicToSeedHex: mnemonicToSeedHex,

mnemonicToEntropy: mnemonicToEntropy,

entropyToMnemonic: entropyToMnemonic,

generateMnemonic: generateMnemonic,

validateMnemonic: validateMnemonic,

wordlists: {













test vector


"abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about",//mnemonic


"xprv9s21ZrQH143K3h3fDYiay8mocZ3afhfULfb5GX8kCBdno77K4HiA15Tg23wpbeF1pLfs1c5SPmYHrEpTuuRhxMwvKDwqdKiGJS9XFKzUsAF"//root key


npm install bip-39 --save//+ bip39@2.5.0

var bip39 = require('bip39')//defaults to BIP39 English word list//uses HEX strings for entropy

var mnemonic = bip39.entropyToMnemonic('00000000000000000000000000000000')

console.log(mnemonic)//=> abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon abandon about//reversible

console.log(bip39.mnemonicToEntropy(mnemonic))//=> '00000000000000000000000000000000'//Generate a random mnemonic (uses crypto.randomBytes under the hood), defaults to 128-bits of entropy//var mnemonic = bip39.generateMnemonic()

console.log(bip39.mnemonicToSeedHex(mnemonic))//=> '5eb00bbddcf069084889a8ab9155568165f5c453ccb85e70811aaed6f6da5fc19a5ac40b389cd370d086206dec8aa6c43daea6690f20ad3d8d48b2d2ce9e38e4'


console.log(bip39.validateMnemonic(mnemonic))//=> true

console.log(bip39.validateMnemonic('basket actual'))//=> false



