Most Bitcoin users write down a string of twelve words, tuck them in a drawer, and never think about what those words actually do. A new technology demo from 21 Million Bitco.in pulls that process into the open, showing — value by value, key by key — how a short mnemonic becomes a master key and, from there, billions of spendable addresses.
The demo reframes a common misconception. A modern wallet doesn't store a list of unrelated private keys. It stores a single seed, expressed as words, and re-derives every address it will ever hold from that one number. Change the words and every downstream value shifts in lock-step, a behaviour the page lets visitors trigger themselves by regenerating or hand-editing the mnemonic.
The walkthrough is broken into five stages that mirror the actual cryptographic pipeline. It begins with entropy. A wallet generates 128 cryptographically random bits, appends a short checksum, and slices the result into twelve 11-bit chunks. Each chunk indexes into the fixed 2,048-word BIP39 list, producing the mnemonic the user writes down. The demo notes that twelve words is the practical floor at 128 bits of entropy, while twenty-four words yields 256 bits and a larger margin against future advances in cryptanalysis.
From there, the mnemonic is stretched into a 512-bit seed using PBKDF2-HMAC-SHA512 across 2,048 iterations. The page highlights the optional passphrase — the so-called "25th word" — which salts the function so the same twelve words can unlock entirely unrelated wallets. This is where plausible deniability lives: a bare mnemonic can front a decoy wallet while the real one sits a single secret word away, and the deliberately slow key-stretching makes brute-forcing that word expensive even for an attacker who already holds the seed.
The third stage shows the seed being run through HMAC-SHA512 against the constant "Bitcoin seed" to produce the master private key and chain code, serialized together as an extended key. The demo distinguishes the private xprv from the shareable xpub, underlining that an xpub can be handed out to derive public addresses without exposing any ability to spend.
The final stages cover derivation paths and address generation. Visitors can toggle between BIP44 legacy, BIP49 wrapped SegWit, BIP84 native SegWit and BIP86 Taproot to see how each purpose level dictates the path and the resulting address format — base58, bech32 or bech32m. The page then derives a table of receive addresses along the external chain, illustrating the core promise of determinism: any wallet fed the same seed reproduces the same addresses in the same order. Lose the device, restore the words, and every coin sits exactly where it was left.
Crucially, all of this runs client-side. The values are derived in the visitor's own browser using audited cryptography libraries, with nothing transmitted. The page still carries a prominent warning that no real seed phrase should ever be pasted into any website — including this one — and that seeds backing real funds belong on offline, audited hardware.
Click here to view the interactive Bitcoin Deterministic Wallet demo.
20 June 2026
Country:
Global
Topic:
Security | Cryptography