
Many members of the cryptocurrency community believe that a 24-word seed is safer than a 12-word seed. Even well-known bitcoin evangelist Andreas Antonopoulos confessedwhich considered the long seed to be more reliable.
Together with bitcoin mixer Mixer.money we explain why 12 words are enough to ensure the safety of funds.
How the seed phrase secures the private key
Software and hardware bitcoin wallets generate 256-bit private keys – long alphanumeric sequences like KxBacM22hLi3o8W8nQFk6gpWZ6c3C2N9VAr1e3buYGpBVNZaft2p. In this format, they are quite difficult to write down and remember.
In 2013 the developers turned on to the bitcoin code, a proposal to improve BIP39, which described a mechanism for generating a mnemonic code (seed phrase) from private keys from 12 to 24 words long.
“Users want to protect their savings as much as possible, so they intuitively choose “reliable” backups of 24 words. They hope for a higher seed entropy, which in reality increases the security of the private key only theoretically,” Mixer.money representatives say.
An attacker can attack the private key in two ways – try to recover it from a bitcoin address or pick up a mnemonic phrase.
The first attack is also known as ECDLP (Elliptic Curve Discrete Logarithm Problem) is a discrete logarithm problem in a group of points on an elliptic curve. In theory, an attacker can solve it for an address with a large number of coins.
The bitcoin protocol uses elliptic cryptographynamely, the curve secp256k1. It allows you to quickly generate public keys and bitcoin addresses based on them from private ones. At the same time, the reverse process – the recovery of private keys from public ones – is practically impossible.
ECDLP solution for secp256k1 using Pollard’s ro-algorithm reduces the entropy of the keys by half and requires 2128 operations. However, this process will take billions of years of work on modern computers.
The second attack is brute force seed phrases. The number of combinations of 12 words is 204812. We discard the seeds with the wrong checksum – there will be 2128 valid phrases. A full search will also take billions of years.
“The probability of finding a mnemonic code by modern technical means is negligible. Using 24 words will certainly increase the already huge brute-force time by many orders of magnitude, but this makes no practical sense, ”comments the Mixer.money team.
Why Long Seed Phrases Are Not Necessary
12 words is enough to generate private keys with 128 bits of security (security strength). At the same time, reducing the seed even by two words will make it possible to attack by enumeration.
A long mnemonic phrase has a higher level of entropy. However, the backbone of the bitcoin protocol remains secp256k1 with 128-bit security.
The private key, created from 24 words, contains all the same 128 bits of security. It can be hacked, like a seed of 12 words, for 2128 operations.
“A seed of 12 words is only more vulnerable if the attacker already knows the set of words and can quickly pick up their order.
But even in such a scenario, a long phrase is unlikely to save the owner of the wallet: when backing up, users pay equal attention to the words and their sequence. If a hacker has access to a mnemonic code, it is likely that he knows both.
You can strengthen the protection of the seed phrase from such brute force, but the private key will still remain the basis of Bitcoin security, ”the analysts conclude. Mixer.money.
conclusions
12 words are enough to generate a strong secret and protect against brute force. Seed phrases of this length have the same security as the private key itself.
Mixer.money notes that the loss of bitcoins can be caused not only by theft, but also by an error when creating a backup. From this point of view, a 12-word mnemonic phrase is safer: the user is more likely to spell it correctly.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!

Many members of the cryptocurrency community believe that a 24-word seed is safer than a 12-word seed. Even well-known bitcoin evangelist Andreas Antonopoulos confessedwhich considered the long seed to be more reliable.
Together with bitcoin mixer Mixer.money we explain why 12 words are enough to ensure the safety of funds.
How the seed phrase secures the private key
Software and hardware bitcoin wallets generate 256-bit private keys – long alphanumeric sequences like KxBacM22hLi3o8W8nQFk6gpWZ6c3C2N9VAr1e3buYGpBVNZaft2p. In this format, they are quite difficult to write down and remember.
In 2013 the developers turned on to the bitcoin code, a proposal to improve BIP39, which described a mechanism for generating a mnemonic code (seed phrase) from private keys from 12 to 24 words long.
“Users want to protect their savings as much as possible, so they intuitively choose “reliable” backups of 24 words. They hope for a higher seed entropy, which in reality increases the security of the private key only theoretically,” Mixer.money representatives say.
An attacker can attack the private key in two ways – try to recover it from a bitcoin address or pick up a mnemonic phrase.
The first attack is also known as ECDLP (Elliptic Curve Discrete Logarithm Problem) is a discrete logarithm problem in a group of points on an elliptic curve. In theory, an attacker can solve it for an address with a large number of coins.
The bitcoin protocol uses elliptic cryptographynamely, the curve secp256k1. It allows you to quickly generate public keys and bitcoin addresses based on them from private ones. At the same time, the reverse process – the recovery of private keys from public ones – is practically impossible.
ECDLP solution for secp256k1 using Pollard’s ro-algorithm reduces the entropy of the keys by half and requires 2128 operations. However, this process will take billions of years of work on modern computers.
The second attack is brute force seed phrases. The number of combinations of 12 words is 204812. We discard the seeds with the wrong checksum – there will be 2128 valid phrases. A full search will also take billions of years.
“The probability of finding a mnemonic code by modern technical means is negligible. Using 24 words will certainly increase the already huge brute-force time by many orders of magnitude, but this makes no practical sense, ”comments the Mixer.money team.
Why Long Seed Phrases Are Not Necessary
12 words is enough to generate private keys with 128 bits of security (security strength). At the same time, reducing the seed even by two words will make it possible to attack by enumeration.
A long mnemonic phrase has a higher level of entropy. However, the backbone of the bitcoin protocol remains secp256k1 with 128-bit security.
The private key, created from 24 words, contains all the same 128 bits of security. It can be hacked, like a seed of 12 words, for 2128 operations.
“A seed of 12 words is only more vulnerable if the attacker already knows the set of words and can quickly pick up their order.
But even in such a scenario, a long phrase is unlikely to save the owner of the wallet: when backing up, users pay equal attention to the words and their sequence. If a hacker has access to a mnemonic code, it is likely that he knows both.
You can strengthen the protection of the seed phrase from such brute force, but the private key will still remain the basis of Bitcoin security, ”the analysts conclude. Mixer.money.
conclusions
12 words are enough to generate a strong secret and protect against brute force. Seed phrases of this length have the same security as the private key itself.
Mixer.money notes that the loss of bitcoins can be caused not only by theft, but also by an error when creating a backup. From this point of view, a 12-word mnemonic phrase is safer: the user is more likely to spell it correctly.
Found a mistake in the text? Select it and press CTRL+ENTER
Cryplogger Newsletters: Keep your finger on the pulse of the bitcoin industry!