A wallet is, underneath, a small pile of well-specified cryptography. Getting it exactly right matters more than anything else in the app.
From words to keys
BIP39 turns entropy into a human-readable mnemonic; the seed derives a tree of keys via BIP32/BIP44.
- Generate entropy, encode as a 12/24-word mnemonic
- Derive the master seed, then per-chain accounts
- Never store the seed — re-derive on unlock
Why WebAssembly
The crypto core is compiled to WASM: constant-time primitives, no JS number quirks, and it runs fast enough to sign without a spinner.
const seed = await bip39.mnemonicToSeed(mnemonic);
const account = hd.derivePath("m/44'/60'/0'/0/0");
Vault contents are sealed with AES-GCM, which gives confidentiality and integrity — a tampered vault fails to decrypt rather than silently returning garbage.
> Roll your own protocol, never your own primitives. Use the standards, and test against their vectors.