A wallet is, underneath, a small pile of well-specified cryptography. Getting it exactly right matters more than anything else in the app.

From words to keys

BIP39 turns entropy into a human-readable mnemonic; the seed derives a tree of keys via BIP32/BIP44.

  1. Generate entropy, encode as a 12/24-word mnemonic
  2. Derive the master seed, then per-chain accounts
  3. Never store the seed — re-derive on unlock

Why WebAssembly

The crypto core is compiled to WASM: constant-time primitives, no JS number quirks, and it runs fast enough to sign without a spinner.

const seed = await bip39.mnemonicToSeed(mnemonic);
const account = hd.derivePath("m/44'/60'/0'/0/0");

Vault contents are sealed with AES-GCM, which gives confidentiality and integrity — a tampered vault fails to decrypt rather than silently returning garbage.

> Roll your own protocol, never your own primitives. Use the standards, and test against their vectors.