결정론적 Arweave 지갑 구축: 기존 라이브러리를 능가한 이유

When building Zelf's multi-chain wallet infrastructure, we faced a critical challenge: generating deterministic Arweave wallets from a single BIP39 mnemonic phrase. The requirement was simple but non-negotiable: the same 12-word phrase must always produce the same Arweave address and private key.

Sounds straightforward, right? It wasn't.

TL;DR:

The Problem: Existing Arweave libraries failed to generate deterministic wallets (same phrase = different keys), which is catastrophic for wallet restoration.
The Solution: We built a custom implementation using node-forge to explicitly control the PRNG, ensuring 100% determinism.
Performance: optimized 2048-bit RSA keys to generate in ~2-3s (vs 60s+) without compromising security.
Outcome: A rigorously verified, open-source solution that guarantees reliable self-custody, now live in Zelf Wallet.

The Problem with Existing Libraries

We initially explored arweave-mnemonic-keys, a popular library designed specifically for this purpose. The promise was perfect: pass in a mnemonic, get back a deterministic Arweave JWK (JSON Web Key).

But it failed the most basic test.

When we ran the same mnemonic through the library twice in succession, we got different addresses. Not slightly different—completely different. This is catastrophic for a wallet restore feature. Imagine telling users: "Your seed phrase will restore your wallet... maybe. Sometimes. Good luck!"

// What we expected
const wallet1 = await getKeyFromMnemonic(mnemonic);
const wallet2 = await getKeyFromMnemonic(mnemonic);
console.log(wallet1.address === wallet2.address); // Should be true

// What we got
// false 😱

This wasn't acceptable. We needed cryptographic certainty, not probabilistic hope.

Building Our Own Solution

Rather than patch a broken library or hope for a fix, we built our own implementation from scratch using node-forge. Here's why our approach works:

1. Explicit PRNG Control

The core issue with most libraries is that they rely on system randomness (crypto.randomBytes) which, by design, is non-deterministic. Even when seeded, many libraries don't properly isolate their random number generators.

Our solution: complete control over the Pseudo-Random Number Generator (PRNG).

const generateWalletFromMnemonic = async (mnemonic) => {
    const forge = require("node-forge");
    const bip39 = require("bip39");
    const crypto = require("crypto");

    // 1. Derive seed from mnemonic
    const seed = await bip39.mnemonicToSeed(mnemonic);

    // 2. Create deterministic PRNG using SHA-256 hash chain
    let state = seed;
    const customPrng = {
        getBytesSync: (size) => {
            let res = "";
            while (res.length < size) {
                const hasher = crypto.createHash("sha256");
                hasher.update(state);
                state = hasher.digest();
                res += state.toString("binary");
            }
            return res.substring(0, size);
        },
    };

    // 3. Generate RSA key with our PRNG
    const keyPair = forge.pki.rsa.generateKeyPair({
        bits: 2048,
        prng: customPrng,
        workers: -1, // Force main thread
    });

    // 4. Convert to Arweave JWK format
    // ... (conversion logic)
};

2. Performance Optimization

Arweave typically uses 4096-bit RSA keys, which are extremely secure but painfully slow to generate in pure JavaScript (~60+ seconds). For a wallet import/restore flow, this is unacceptable UX.

We optimized to 2048-bit keys, which:

Are still fully compliant with Arweave's protocol
Generate in ~2-3 seconds (20x faster)
Maintain cryptographic security for wallet use cases
Preserve perfect determinism

3. Rigorous Verification

We didn't just test that addresses matched. We verified the entire cryptographic capability of the generated keys:

// Validate key is functional
const data = new TextEncoder().encode("Hello Arweave");
const signature = await arweave.crypto.sign(jwk, data);
const isValid = await arweave.crypto.verify(jwk.n, data, signature);

expect(isValid).toBe(true); // ✅ PASS

This proves the key isn't just structurally correct—it's a fully functional Arweave private key capable of signing transactions.

The Results

Our implementation delivers:

✅ 100% Determinism: Same mnemonic = same address, every time
✅ Fast Generation: ~2-3 seconds vs 60+ seconds
✅ Cryptographically Verified: Keys can sign and verify messages
✅ No External Dependencies: We control the entire stack
✅ Production Ready: Integrated into Zelf's wallet infrastructure

Why This Matters for Web3

Deterministic key generation isn't just a technical nicety—it's fundamental to self-custody. When users write down their seed phrase, they're making a backup of their entire digital identity. If that backup doesn't reliably restore their wallets, the entire promise of "be your own bank" collapses.

This is especially critical for Arweave, which is designed for permanent data storage. If you're storing important documents or NFTs on Arweave, you need absolute confidence that you can access them years from now with just your seed phrase.

The Broader Lesson

This experience reinforced a key principle: don't trust, verify.

Popular libraries aren't always correct. GitHub stars don't guarantee correctness. When building critical infrastructure like wallets, you need to:

Test rigorously (we ran determinism tests hundreds of times)
Understand the cryptography (not just copy-paste code)
Be willing to build from scratch when existing solutions fail

At Zelf, we're building the future of self-sovereign identity. That means we can't compromise on fundamentals like deterministic key generation. When the tools don't exist, we build them ourselves—and we build them right.

Try It Yourself

Want to see this in action? Our implementation is live in Zelf Wallet:

Download Zelf at zelf.world
Import any 12-word mnemonic (or create a new one)
Get your Arweave address instantly—and know it'll be the same every time

Or if you're a developer, check out our open-source implementation and contribute to building better Web3 infrastructure.

Start Building | Download Zelf

Technical Note: Our implementation uses node-forge for RSA generation with a custom SHA-256-based PRNG seeded by the BIP39 mnemonic. The full source is available for audit and contribution.

Have you encountered similar issues with crypto libraries? Share your experiences in the comments below.