Seed Entropy Mixer
A collaborative process where multiple random seeds are combined into one final cryptographic seed.
A seed entropy mixer combines randomness from multiple independent sources to produce a single wallet seed that no individual participant could have predicted. The math is straightforward: XOR (or hash) the contributions together; the result is unpredictable as long as at least one input was actually random.
Typical workflow:
- Each participant generates their own entropy independently. Common methods: a hundred dice rolls, a hardware RNG output, the SHA-256 of some carefully-collected randomness.
- Each participant commits to their value (a hash of it) before anyone reveals.
- After all commits are received, participants reveal their entropy values.
- The values get XORed (or hashed) together. The result is the final seed entropy.
- The seed is converted to BIP 39 words.
The commit-then-reveal step is important. Without it, the last participant to share could see everyone else's contribution and adversarially pick their own to bias the result. Commit-then-reveal forces each participant to pick their entropy blind to everyone else's.
Where this is used:
- High-stakes key generation ceremonies. Hardware wallet manufacturer signing keys, federation key sets (Liquid functionaries, Fedimint guardians), institutional cold-storage roots.
- Distributed key generation for threshold schemes. FROST and similar protocols use cryptographically richer versions of this idea, where the "shared entropy" is built up in a way that produces individually-useful key shares rather than just a combined secret.
- Paranoid personal setups. A small minority of self-custody users generate their seeds this way as defense against a compromised hardware RNG.
The tradeoff is operational: every participant needs to be present (or trusted to commit and reveal correctly), all contributions need to happen on air-gapped equipment, and any one corrupted participant can DoS the ceremony (refuse to reveal, etc.). For most users, trusting a well-audited hardware wallet's RNG is dramatically more practical and only marginally less secure.
Key takeaways
- Prevents a single point of failure in seed generation
- Requires trust that at least one party's randomness is genuine
- Used in high-security setups or multi-party ceremonies