What Are the Differences Between the Passphrase Entropy and Private Key Entropy?

The Ballet wallet is engineered and constructed with many different components. Each component is vital to the authenticity and usability of the Ballet wallet itself.
The main components that are crucial in attesting ownership to your crypto consists of the passphrase entropy and private key entropy. Each Ballet cold storage card wallet stores two parts:
- Private Key Entropy (under the QR code)
- Passphrase Entropy (under scratch-off)
Together, they form your full private key—but only when you reveal and combine them.
The passphrase entropy being the secret set of letters and numbers underneath the scratch-off part of the wallet, and the private key entropy being the 58 character length starting with a ‘6P’ underneath the tamper-evident QR code sticker.
When both are combined to sign a transaction, the passphrase entropy is able to decrypt the private key entropy via the mathematics behind the BIP38 standard.
To take a step back, perhaps it is important to understand how both components are made. The BIP38 standard allows two parties to partake in the creation of the private keys.
The first party starts by creating a randomly generated passphrase entropy and some ‘salt’ to add more entropy to the process, an intermediate_passphrase_string is then derived and handed over to the second party to generate a public address and a private key entropy. And to stress a key point here is that the intermediate_passphrase_string DOES NOT reveal the original passphrase entropy, which is kept by the first party, and is needed to decrypt the end resulting private key entropy.
To take an excerpt from a previous blog our ours, the detailed process of how the passphrase entropy and private key entropy is laid out below:
Step 1: Owner (Ballet’s team in the US) creates a secret passphrase entropy generate an intermediate code (intermediate_passphrase_string)

1.Owner generates a randomized ‘ownersalt’ and a random ‘passphrase entropy’.
2. Both the ‘ownersalt’ and ‘passphrase entropy’ is then run through a key derivation algorithm, Scrypt. The result is a key called ‘passfactor’.
3. Elliptic curve multiplication is then used to “multiply” elliptic curve point G and ‘passfactor’ resulting in a ‘passpoint’.
4. The original ‘ownersalt’ and ‘passpoint’ is then shared with the Printer (Ballet’s team in China) in a base58check encoded format known as the intermediate_passphrase_string, or ‘intermediate code’ for short. This string starts with the actual word ‘passphrase’ for readability purposes. (This is also the actual BIP38 intermediate code our customers generate by themselves if they want to order the PRO Series wallets.) An example of this intermediate code they would send to us is shown below:
passphraseq56ehW7gSRMgF6MttNx1bpsPffCe7cKSodv8AaUVKCYZbSLH35MYu6uhXq6KpJ
5. Even if you use the same passphrase entropy to run through the algorithm again, you will always get a different ‘intermediate code’ due to the other randomized portion stemming from the ‘ownersalt’.
Step 2: The Owner (Ballet’s team in the US) sends over the ‘intermediate code’ to the Printer (Ballet’s team in China) over an encrypted network. The Printer then computes the public address and private key entropy.

1.The Printer sets a flagbyte: either 0x20 or 0x04, which indicates how the bitcoin address will be formed.
2. The Printer then generates a random ‘seedb’, which is then ran through SHA256 twice to generate ‘factorb’.
3. The ‘passpoint’ is then ECMultiplied by ‘factorb’ which generates the public keys, which is then hashed to generate the bitcoin public address. During this step, the Printer can also generate a confirmation code which allows the final end user, the Owner, of our Ballet wallet to confirm if the given bitcoin address matches the ‘passphrase entropy’.
4. The ‘ownersalt’ and a hash of the public address is then concatenated as a salt to encrypt ‘seedb’. And another key is derived from the ‘passpoint’ using Scrypt. The result is then split into two 32-byte halves called ‘derivedhalf1’ and ‘derivedhalf2’.
5. The AES256Encrypt is then used to produce two 16-byte results called ‘encryptedpart1’ and ‘encryptedpart2’.
6. The base58 check-encoded private key entropy is then derived from the formula (starting with ‘6P’):
7. 0x01 0x43 + flagbyte + addresshash + ownersalt + encryptedpart1[0…7] + encryptedpart2
8. The private key entropy with its corresponding public address is then given back to the Owner, who has the secret passphrase entropy. The Owner is now able to decrypt the private key entropy with the passphrase entropy to reveal the decrypted private key (shown as a Wallet Imported Formatted key).
So there you have it. This is what makes the passphrase entropy and private key entropy different. Essentially the passphrase entropy can be any string of characters with no limit on the character type or length. But the private key entropy will also be 58 characters long starting with a ‘6P’.
Thanks to the randomness instilled in each part (both parts 1 and 2), if a person runs the initial passphrase entropy again through the BIP38 generator, they will always get a different intermediate code as well as a completely different private key entropy. Therefore, a passphrase entropy will essentially only ever produce one unique private key entropy, once. Trying to generate the same private key entropy from a stolen passphrase entropy is statistically nearly impossible. And trying to guess a passphrase entropy from an existing private key entropy gets exponentially more difficult to brute-force if the passphrase entropy is long and complex.
Start your Ballet cold storage journey today: Shop Ballet’s Cold Storage Wallet.
Useful Links:
Ballet Official Online Store
Anti-Counterfeiting Guide
Download Ballet Crypto App
Stay Connected
X(Twitter) YouTube Telegram Facebook LinkedIn Reddit Instagram