Cardano Improvement Proposals

CIP 3 - Wallet key generation



Many wallets utilize some way of mapping a sentence of words (easy to read and write for humans) uniquely back and forth to a sized binary data (harder to remember).

This document outlines the various mapping algorithms used in the Cardano ecosystem.


The philosophy of cryptocurrencies is that you are in charge of your own finances. Therefore, it is very anti-thematic for wallet software to lock in a user by explicitly describing the algorithm used to derive keys for a wallet (both the master key and key derivation)

To this end, this document outlines all the relevant key generation algorithms used in the Cardano ecosystem.


Recovery Phrase (mnemonic) Generation

Conversion from a recovery phrase to entropy is the same as described in BIP39.

Hierarchical Deterministic Wallets

In Cardano, hierarchical deterministic (abbrev. HD) wallets are similar to those described in BIP-0032. Notably, we use a variation called ED25519-BIP32. A reference implementation can be found here

Master Key Generation

The master key generation is the mean by which on turns an initial entropy into a secure cryptographic key.

More specifically, the generation is a function from an initial seed to an extended private key (abbrev. XPrv) composed of:


Throughout the years, Cardano has used different styles of master key generation:

Name Used by Address prefix in Byron Is deprecated? Is Recommended?
Byron Daedalus Ddz Yes No
Icarus Yoroi, Daedalus Ae2 No Yes
Icarus-Trezor Trezor Ae2 No No
Ledger/BitBox02 Ledger/BitBox02 Ae2 No No


This CIP is merely to document the existing standards and not to provide rationales for the various methods used.

However, you can learn more at the following links:

This CIP is licensed under CC-BY-4.0