Introducing Guided Coin-Flip Seed Generation in SeedSigner
At the heart of the Bitcoin ethos lies a powerful, almost sacred, principle: “Don’t trust, verify.” This philosophy drives the entire system, from the decentralized validation of transactions to the individual’s control over their own money. Yet, for every new Bitcoiner, there is a moment of profound cognitive dissonance — a moment where they must place immense trust in a system to create the very tool that is meant to obviate trust: the seed phrase.
A seed phrase (or mnemonic recovery phrase) is the master key to a user’s Bitcoin wallet. It’s a list of 12 or 24 words that can be used to restore access to all the Bitcoin controlled by that wallet, on any compatible device, anywhere in the world. If this phrase is compromised, the funds are gone forever. If it’s generated insecurely, the funds were never safe to begin with.
This is the sovereign’s dilemma. To achieve ultimate financial self- sovereignty, one must generate a key that is perfectly random and perfectly private. But how can you be sure the software you use to do this isn’t betraying you? For a Bitcoiner, this isn’t idle paranoia; it’s a fundamental security consideration.
The primary concern with software-based seed generation is the quality and secrecy of its randomness (entropy). Is the random number generator truly random? Is it secretly sending a copy of your seed to an attacker?
The coin flip method completely eliminates this point of failure. You yourself become the random number generator! The process is simple, transparent, and entirely under your control:
- Get a Fair Coin: A standard coin is sufficient. For the truly paranoid, multiple different coins can be used.
- Flip and Record: You decide which side represents a 0 and which represents a 1 (e.g., Tails = 0, Heads = 1).
- Generate the Bits: You flip the coin the required number of times and write down the sequence of 0s and 1s.
- For a 12-word seed, you need 128 bits (128 flips).
- For a 24-word seed, you need 256 bits (256 flips).
By doing this, you have created the foundational entropy for your seed phrase. You don’t need to trust a computer’s pseudo-random number generator (PRNG), a hardware wallet’s internal chip, or any software library. The randomness is physical, observable, and generated by you in a completely offline environment. You have verifiably solved the problem of malicious or flawed entropy generation.
You now have your trustworthy string of bits. Now you need a non-proprietary, verifiable, and safe way to convert it into the 12 or 24 words that wallets understand. BIP-39 (Bitcoin Improvement Proposal 39) is that public standard.
Here’s how the BIP-39 specification solves the rest of the problem:
A. It Creates a Checksum for Error-Proofing
This is one of the most brilliant parts of BIP-39. Your seed phrase isn’t just your random bits converted to words. A small checksum is added to ensure the phrase is valid.
- How it Works: The BIP-39 process takes your initial entropy (your 256 coin flips) and performs a SHA-256 hash on it. It then takes the first few bits of that hash and appends them to the end of your entropy string.
- For 256 bits of entropy, an 8-bit checksum is added, creating a final 264-bit number.
- For 128 bits of entropy, a 4-bit checksum is added, creating a 132-bit number.
- Why it Matters: This checksum acts as a “spellcheck.” When you later enter your seed phrase into a wallet, it performs the same calculation. If a single word is wrong or out of order, the checksum will not match, and the wallet will report the seed as “invalid.” This protects you from typos and makes it computationally impossible to accidentally guess a valid seed phrase.
B. It Provides a Standardized Wordlist and Mapping
BIP-39 specifies an official list of 2048 words. The number 2048 is not arbitrary; it’s 2¹¹. This means each word can represent exactly 11 bits of information.
How it Works: The process takes your final number (entropy + checksum) and chops it into 11-bit chunks. A 264-bit string (from a 24-word seed) is split into 24 chunks of 11 bits. A 132-bit string (from a 12-word seed) is split into 12 chunks of 11 bits.
Why it Matters: Each 11-bit chunk represents a number from 0 to 2047. This number is used as an index to look up the corresponding word in the official BIP-39 wordlist. Because the wordlist and this conversion process are public, any compatible wallet (which is nearly all of them) can perform the same operation. This ensures interoperability.
The result is a 24-word seed phrase that is verifiably random, generated without trusting any “black box” RNG, and is compatible with the entire Bitcoin ecosystem. You have successfully navigated the Sovereign’s Dilemma, taking full control of the creation of your keys!
Closing the Trust Loop: Introducing True User-Generated Entropy in
SeedSigner
Since the beginning, the mission of SeedSigner has been to make high-security Bitcoin self-custody accessible, transparent, and affordable. We achieve this with stateless, air-gapped hardware and fully open-source, verifiable software.
I’m thrilled to add another powerful option for user-generated entropy — a new coin-flip workflow, which joins our existing dice-roll method as a way to generate your seed phrase directly from physical reality.
Generating your own entropy with coins or dice has long been considered the gold standard for security, but it has always been a complex and error-prone process reserved for the most technical users. The old workflow involved writing down hundreds of ones and zeros on paper and then manually typing them into an offline computer running special software. It was powerful, but clumsy and intimidating. You may read this article to get a better understand of the method: https://estudiobitcoin.com/do-you-trust-your-seed-dont-generate-it- yourself/
My goal was to take this elite-level security practice and make it simple, guided, and safe for everyone. By integrating this entire process into the SeedSigner interface, I’ve eliminated the need for a separate secure computer, special software, and the risky step of transcribing hundreds of digits from paper. The SeedSigner now walks you through it, step-by-step, in a secure, air-gapped environment.
To make this as user-friendly as possible, I’ve implemented two distinct options for entering your coin flips.
1. The “All at Once” Method (128/256 bits)
This method is straightforward. You perform all your coin flips (128 for a 12-word seed, 256 for a 24-word seed), record the results, and then enter the complete string of 0s and 1s into the SeedSigner. It’s a clean, direct process for those who are confident in their ability to perform the task without error.
2. The Incremental “11-Bit Chunks” Method
This is the feature I’m most excited about, as it revolutionizes the user experience of entropy generation. A task of 256 coin flips can feel monumental. So, I broke it down.
With this method, you enter your entropy in sets of 11 flips. After the first 11 bits are entered, SeedSigner immediately calculates and displays the first word of your mnemonic. Then you enter the next 11 bits and see the second word, and so on.
This approach has huge benefits:
- Immediate Feedback: It turns a long, tedious task into a series of small, rewarding steps.
- Drastic Error Reduction: If you get distracted or make a mistake, you don’t have to re-enter a 256-digit string. You simply correct the last 11 bits. This makes the process far more robust and less stressful.
- BIP-39 Compliant: This process is fully compliant with the BIP-39 standard. Behind the scenes, the SeedSigner gathers all the entropy and correctly calculates the final checksum to generate the last word, ensuring your seed is valid and interoperable with any other wallet.
A New Symbiosis for Sovereignty
With this new feature, we’ve created a perfect symbiosis. You, the user, provide the verifiably random entropy from the physical world. The SeedSigner provides the secure, air-gapped calculator to safely convert that entropy into a Bitcoin seed.
This integration reinforces the core mission of SeedSigner: to empower individuals on their journey to true financial sovereignty. I’m incredibly proud to bring this feature to the community and believe it represents a major step forward in making trust-minimized security accessible to all.