One seed to sow your key(s)
The full article was originally published by Koen Maris on Medium. Read the full article here.
IOTA tokens are stored in private, pseudo-anonymous virtual ‘wallets’. Each wallet is identified and protected by a unique access key known as a ‘seed’. Although we call them wallets, they do not actually store the tokens. Think of them as keychains that give you access to the tokens you store permanently on the ledger.
Remember that your seed is the one thing that you need to safeguard from disclosure at all times. Detailed information on how to create and protect your seed can be found here. But for many the seed remains a mystery.
This blogpost will help you understand how a seed works in the IOTA world, including:
- How addresses are generated from your seed
- Why you need to “reattach” with the light wallet after a snapshot
- How big is the chance that someone guesses your seed
Understanding the IOTA seed
The seed consists of 81 characters (called trytes). A tryte is any English CAPITAL letter or the number 9. A good seed contains no less than 81 trytes (any more than 81 are ignored) and would look something like this:
[AUTHOR’S NOTE: There is intentionally an incorrect character in the above example seed, to avoid people copying it and using it, which would create a dangerous situation.]
Remember, your seed should never be exposed, and in order to receive or send tokens you never need to disclose it to anyone. During a transaction, your seed is not transmitted anywhere. For example, when using a node or any other device (e.g., a charging station for electric vehicles), your seed is not passed over to these devices. Only a public key (or “address”) is transmitted.
How are addresses generated?
The seed is used to generate an address. IOTA handles addresses in a deterministic fashion — i.e., the same set of addresses are always generated in the same order. This provides the flexibility of not having to store a private key file on a device, as you only need your seed, which is used to (re)calculate your keys. You may hear the term “index,” which like page numbers in a book, describes the order of the generated keys.
Here is a simplified overview of the process of address generation, which explains why your seed is never revealed:
- An index is added to the seed (the indexing allows the stateless wallet to find the last used key).
- index+seed is hashed into a sub seed.
Hashing is a one-way process of generating a fixed-length value from a string/text using a mathematical function. This fixed-length value or hash is used from this point on, and it is impossible to work back to index+seed from the hash. The hash is called a sub-seed in the world of IOTA.
- Subsequently this sub-seed is hashed a further time to generate an address. Again it is impossible to revert back to the sub-seed from the address .These one-way mechanisms all protect your seed from disclosure.
If you like all the in-depth technical details, please continue here.
Sending or receiving tokens is based on what is commonly called an address. This address is often called the public key, but there is a difference in the way it is used in IOTA compared to other cryptocurrencies. Instead of having both a private and public key, IOTA generates a public key (address) from your private key (seed). This benefits the users by allowing them to access the wallet from anywhere on any device.
Receiving tokens is simple, you provide an “address” to the sender, and that person sends a defined amount of tokens to you. Remember, you can receive as many tokens as you like on the same address (public key), as long as you did not spend from that address (signing with private key).
When you send tokens to someone (i.e., spend tokens), you will need to prove to everyone that you own the address from which you are spending. By signing the transaction you prove that you are the holder of the private key for that address.
The signature used to sign the transaction, is generated by using the first half of the same method that generates the address from the seed (see previous section). Then, to verify the signature, the second half of this same method (which generates the address from the seed) is used. The result of this function is then compared to the address, to see if they match. Only the person holding the seed can generate the correct signature using the first half of the method, which when applying the second half of the method, will then result in the correct address.
IOTA uses a one time signature algorithm. This is great for security, but has the inconvenience that you cannot spend twice from the same address, as you reveal a part of your private key each time you sign a transaction. If you do spend twice from an address, you will reveal more than 50% of the private key, which makes it easy to maliciously hack the remainder of the private key and steal any remaining funds on the address.
Note: Even in this case, the seed has not been compromised, only that single address.
The light wallet and the new Trinity wallet have built-in protection so that when you do spend from an address, the remainder of the tokens are automatically moved to a new address.
Frequently Asked Questions
How many addresses can I generate?
It is not infinite, but a lot. To be exact you can create 3²⁴³ keys with one seed.
Is my seed sent to anyone else?
No, it is not. Your seed is used to create addresses (which are then sent). The seed never leaves your device.
Why do I need to regenerate addresses after a snapshot (with the lightwallet)?
After a snapshot you need to regenerate as many addresses as were used before the snapshot. If you had already 14 addresses used, you need to reattach that many to find the last one used. This will allow you to find your full balance. You can find a detailed article here
How can I avoid regenerating x times after a snapshot?
When regenerating becomes too time-consuming, consider creating a new seed and transferring the funds to it prior to the snapshot. This means that you will have many fewer addresses to regenerate after the snapshot.
Alternatively, use the Trinity Wallet which is stateful (i.e., keeps the full history) compared to the light wallet. The Trinity Wallet also has simple tools to automate the regeneration process (for people moving an old seed to Trinity).
What is a stateless wallet compared to a stateful wallet?
The lightwallet is stateless. This comes with a big advantage that you can log in from any device anywhere, with the condition that you know your seed. Some consider it inefficient since every time you log in, it (re)generates all past addresses used until it finds one without a transaction. This can make it slow to log in if you have used many addresses already.
Trinity on the other hand is a stateful wallet, so when logging in, it already remembers the previous history of the transactions, etc… This makes log in faster than the lightwallet.