Unveiling the Secrets of Random Number Generation in Seed Phrases
Key Takeaways
Mnemonics follow the BIP-39 standard, derived from cryptographic random numbers
Random numbers come in two types: pseudo-random (PRNG) and true random (TRNG)
PRNGs are algorithm-based and predictable; TRNGs rely on physical entropy sources
Hardware wallets use TRNG modules within secure elements (SE) for true randomness
OneKey uses EAL6+ certified SE chips compliant with NIST and FIPS standards
Even software wallets use OS-level secure entropy pools for cryptographic-grade randomness
In crypto, the more random, the more secure — it’s not magic, it’s engineering
Recently, a "cold case" has once again sparked heated discussions in the CT.
Milk Sad researchers revealed that as early as the end of 2020, a cluster of wallets associated with the mining pool Lubian.com was emptied in just two hours, resulting in the disappearance of over 130,000 Bitcoins, valued at over 3 billion US dollars.
The reason was that the wallets used a flawed pseudo-random algorithm when generating private keys, and attackers were able to deduce all private keys through brute-force cracking.
How are seed phrases generated?
When you create a new wallet, the string of 12 or 24 words that appears on the screen is not chosen randomly. They are "translated" by the wallet from a string of purely random numbers according to a set of rules. This set of rules is called BIP-39, and almost all mainstream wallets use it.
First, the wallet generates a random number locally, usually 128 to 256 bits long. This random number is like the "gene" of the wallet, from which all private keys and addresses are derived.
Next, the wallet adds a short checksum to the random number to prevent input errors. The method is: wrap the random number with the SHA-256 hash algorithm, take the first few characters of the result, and append them to the end of the random number.
You can imagine it as the last digit of an ID card we see every day: the first 17 digits of an ID card are your birth year, region code, etc., and the last digit is a "checksum" calculated based on the preceding numbers.
The final step is to cut the processed random number into segments of 11 bits each, convert each segment into a number between 0 and 1023, and then find the corresponding word from a dictionary table as the mnemonic phrase. You can think of the random number as an ultra-long string of numbers, which the wallet cuts into segments, and each segment is looked up in a word table to find the corresponding word, finally forming a sentence you can understand.
Where does randomness come from?
The core of a seed phrase is that random number. If that string of random numbers can be predicted, the security of the wallet ceases to exist.
So, the key question is - where do these random numbers actually come from?
In the world of computers, there are two types of random numbers: pseudo-random numbers (PRNG) and true random numbers (TRNG).
Their difference lies in "whether they have sufficient cryptographically strong randomness."
Pseudo-random numbers are "calculated" out.
The program first gives itself a starting point, called a "seed," and then calculates a string of seemingly disordered numbers according to a fixed algorithm.
If you run it again with the same algorithm and the same seed, the result will be exactly the same.
This is fine for ordinary applications, such as game item drops or data simulation, but it is a disaster in the crypto world.
Because as long as someone can guess the algorithm or the seed, they can completely reproduce your "random numbers." Such problems have indeed occurred in history, for example, some wallets used incorrect random algorithms, and attackers deduced private keys from the algorithm's characteristics, causing huge losses.
True random numbers are completely different.
They are not just "calculated" but "measured" - directly sampled from the physical world.
For example, electronic noise, slight jitters in crystal oscillations, voltage fluctuations, thermal noise...
These tiny changes have no predictable patterns, like the chaos in nature. True Random Number Generators (TRNGs) use specialized circuits to collect these tiny physical signals, such as current noise or slight crystal jitters.
However, the raw signals might also carry some slight patterns or biases, so the chip will process them further, "stirring" these subtle imbalances more thoroughly and evenly to generate a truly random sequence.
The generation of seed phrases in hardware wallets is based on random number generators in EAL6+ high-security certified SEs.
How do hardware wallets achieve pure randomness?
To understand the security of hardware wallets, one must start from their most fundamental "physical randomness." Inside a hardware wallet, there is a specialized security chip called a Secure Element (SE). Unlike ordinary main control chips, it is an independent module designed to prevent tampering and attacks, widely used in scenarios with extremely high security requirements such as bank IC cards, SIM cards, and electronic passports.
Within this security chip, there is a core small module called a True Random Number Generator (TRNG). It can directly "capture" randomness from the physical world, or it can combine algorithms that comply with FIPS / NIST (two US national security standard systems) to generate a true random number.
The chip's interior contains a host of extremely sensitive electronic circuits that capture fluctuations undetectable even by humans, such as current noise and minute vibrations. These signals are inherently chaotic and unpredictable, much like recording the sound of wind – every second is different.
The chip then "stirs" these "wind sounds" several times to remove any potential subtle patterns, and what remains is a truly random string of numbers that no one can predict. All of this is done within the chip's enclosed environment, without relying on a computer or mobile phone, and external interference is impossible.
You can think of it as a "dice-rolling machine" kept in a safe. Whenever the wallet needs to generate a mnemonic phrase, this machine automatically rolls the dice, records the results, and then locks the safe door.
From the very first digit of the mnemonic phrase, it is born in a secure space inaccessible to the outside world.
How OneKey Achieve It
When it comes to random numbers, OneKey has chosen the most fundamental and robust solution.
For hardware wallets, the new OneKey models use security chips with EAL6+ security certification. Their True Random Number Generators (TRNGs) fully comply with cryptographic security requirements.
The design of older OneKey devices also followed the same philosophy. They use the TRNG module built into the main control chip (MCU) to generate random numbers, which have passed randomness tests compliant with NIST SP800-22 and FIPS 140-2 standards. These standards are the "gold standard" in cryptography, used to verify whether a random number sequence is truly patternless and unpredictable.
And when it comes to software wallets, OneKey has not been careless either. Whether it's the desktop client, browser plugin, or mobile app, they "borrow" random numbers from the device itself when generating mnemonic phrases – instead of writing their own algorithms to calculate them, they directly call the operating system's security module.
For example, when you create a wallet with OneKey on your computer, the program asks the system to help "roll the dice." macOS and Windows both have built-in cryptographic-grade random engines that constantly collect noise from various sources: keyboard input, clock jitter, network latency... These chaotic pieces of information mix together to form a high-quality random source. The same applies to mobile phones. Or, if the hardware itself supports a TRNG module, it can be used directly.
In short, even on ordinary devices, randomness can be guaranteed to meet cryptographic security standards.
End
Crypto security is never metaphysics, but engineering.
For seed phrases, the more random, the more chaotic, the more secure!
