From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sat, 24 May 2025 06:07:38 -0700 Received: from mail-ot1-f58.google.com ([209.85.210.58]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1uIobB-0004r1-0y for bitcoindev@gnusha.org; Sat, 24 May 2025 06:07:38 -0700 Received: by mail-ot1-f58.google.com with SMTP id 46e09a7af769-72b831a73d8sf806493a34.1 for ; Sat, 24 May 2025 06:07:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1748092051; cv=pass; d=google.com; s=arc-20240605; b=UC0Uuhhq/lRDrD/qVBqfL4bZvxrZ+GohM/Q9XBSJBhYJsXUn9nZp861Ap05fNXAKc+ V9yt5ntktJ91A8Q5+6Xy/TlC4W8zqvI6qj04a8PkzaGWmAVR3IFenEK1UHnLrVcoNWyt YPzaRNZJMLskdHhuQtTKCEFrekD+sQ+X71Nb+gbLrN4HTB9Cuos3MgEnlktsb3rVjk2G JJR6RPnYKQb7U+/zLO/nFmRTVkeSa1NUpFYvbBTn1b2clqSPlXUfyesT5A3pCyLibXSD uI4Uy9C6hZo8osKxpArw4eH3AIx5seB8DnezPRpX2n+uD0RmtrkKvdaH3YUe0k7pJKgf l47A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=69deYQVeZzkVa7zRVu2BWPaIHbniIxrXMYYDUfCAeZI=; fh=CrpTeqfgCRE5FTBV+F7DkISUpWUGBxDwJD7jsG7D9KM=; b=du0IKjt/CEWZq9Yf7vqaAQ37Yux4238rk8Y0HrUJP8uJZoabjW9h6dmnBLNWLpJ22E sXDe61MF4TV9Y0e/FpnCWRK1il70DVq4KNMFkdEKGgKi53IQpP0Mvis7kurDgkQBs93w 8tS8hg9TOaIcxnis00kwwHhuWJjPx6eEswDKq0h6jB3Sh21Bln7fSu52gqy5azkocNtQ FD0e5igtpG58lH3AWnpVO0Tw6wzl2kVNYYYlCk5IY7e1vC5zVsIO68d4KNj4jfUEPM3Y XjBn5OnYGSrrmUZ+LG0MtS5wmIy0B2Ryo89qmppYeyxexyPQh9RtoWNAKi6uhQKIYSvT jfSg==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fkc47PC9; spf=pass (google.com: domain of nerdyrugbyguy@gmail.com designates 2a00:1450:4864:20::42d as permitted sender) smtp.mailfrom=nerdyrugbyguy@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1748092051; x=1748696851; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=69deYQVeZzkVa7zRVu2BWPaIHbniIxrXMYYDUfCAeZI=; b=nx1YgAbu1aafNBRcQ5xu3qgbsQkSSE+yUo9V3nnB9ToRhZ85GdtiwS0UoZqDYfFMXN stafPrt2veKSJKlsMFMGVhtq+3OYbFPa7pdpvQ38j9xx8WconrwANabn8Y1u9HkOdfzm 6IT8Df++3d95PkSpWHWAeAjPuE5xPJYfdxiYz0QDKbT8gX/Ab5dLWxFZkj9UDQeqcbU3 8ETsrNAhGa2zPowQ3li30HEdNJo3hSLNlEr0z89OjNg6JgKBlHM+dVVtGEhIp1TRyI+a 8gwB4DIIqeaelwbTUrbQvhawPvwjEjEbNmZifEyhwWHf6U+vcqF69uELxHFXeuwbfgQz fZ9Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1748092051; x=1748696851; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=69deYQVeZzkVa7zRVu2BWPaIHbniIxrXMYYDUfCAeZI=; b=Ouf+oMId/cfqEYhCcszhDP++nUTG+lwymYXrz9kM0SO9eGQo56cexacdpBCGu+phjv WwA6cfz082gErpU62FtOkx3wL6/9ulp8DLpVFnU6BKiwbbUZw3UHO4C2/rkNFsYq/CO/ bh3onGLCRA7XrkAbvqIEJa9JRobxOIyV+0geKikmkfKqDbI7rGwCTE/Z4DYnuRs91lSM kCk1ABgEm9tPLkBhVk73rXPr1uWz6y1TvvP+oRb2sfxoYkBlls9YPJ7VfBxTliYX9LUD rx8efOWEQQkq2tBSDZFCl/dIrbyxVZoJN1IwYXz59DVi1Dr3i9Vq6jwyB4E6nAvXl7aj Yc5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748092051; x=1748696851; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-beenthere:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=69deYQVeZzkVa7zRVu2BWPaIHbniIxrXMYYDUfCAeZI=; b=WjYcHm9jTwiqbFcMvSj54Ciaud1EoCgQzrzm2c+nGIIAf5Jmq/cV3RzebYWtS3idDr 2lXXyG3vKW0DlF5v/I/At69489woLZbvqpWvQfBiiRB+MiUeP7F0pW91pTVdFQ4wraT4 tsQuKm2lWqKBw/i85vV2OwDnNthA2Ro4+XzQU5AQ39sF2yuwuUE3+Hm8BxiLkUQpbaRt d9aGNhpLmGo2Gfbv8FQ/dNNbAHaLQS9AY0LYUqSj6egipeNJK12N3M7DG+jQo8Xi2gqe eRyGhVnriAjvPMT6oHFEWJlkoX0OhQGvmfPUbXRMisokB0fQgJ5gRGUsdGpDw0rF+lUl ur7g== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCVrlnyq8nW13XCo/V0A2nCxzqPk0twbqmST+hjMQW4ntcFHgVnOTT1Mqx3m105vrBs6i/FqATn/8hML@gnusha.org X-Gm-Message-State: AOJu0YzCQMUB8l4uDpwFsgeVOVf1akpFpfSSkd/UwDPm7DEtmuR6qKF0 i+74lGdvz30D7qox2JLJTuQE8r5McyfnzLbJiujjpIUklm8jc3gqiCf/ X-Google-Smtp-Source: AGHT+IGqb/dIvjukukYDPYkowHTvVD3kDLM8cyQhw04FTmJgqnJSPprTm7H/HLLqh9HyKPJsC9d+/A== X-Received: by 2002:a05:6808:6410:b0:404:ee81:deb0 with SMTP id 5614622812f47-40646810330mr1335426b6e.2.1748092051241; Sat, 24 May 2025 06:07:31 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=AVT/gBGxURFyA5UkgZp8LKvSZOo0j5boADOcx39gMXZrtUNNiw== Received: by 2002:a4a:d81a:0:b0:5fe:b6d6:7500 with SMTP id 006d021491bc7-60b9f6f1823ls501916eaf.2.-pod-prod-07-us; Sat, 24 May 2025 06:07:27 -0700 (PDT) X-Received: by 2002:a05:6808:6f94:b0:404:e2fe:ee98 with SMTP id 5614622812f47-4064682286amr1408820b6e.10.1748092047478; Sat, 24 May 2025 06:07:27 -0700 (PDT) Received: by 2002:a05:6402:22a2:b0:604:5cbf:497f with SMTP id 4fb4d7f45d1cf-6045cbf508cmsa12; Sat, 24 May 2025 05:33:51 -0700 (PDT) X-Received: by 2002:a05:6402:35c6:b0:602:29e0:5e24 with SMTP id 4fb4d7f45d1cf-602d7c98073mr1986444a12.0.1748090029046; Sat, 24 May 2025 05:33:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1748090029; cv=none; d=google.com; s=arc-20240605; b=MGcT73D0J2KXWSTZixuvNG0Zatf6Er0kIKX+6S+s8+lBOB0vEzggJxZJlZCPVv3E3t GiDCasseKz4yBcNn2yymJMISMCfgHizJfF/bxMOvfrCJ9LQYBYrDA7LgY4/ottbeLv+6 Jbw/HSIkSp4U+u05gvzYRrMdz85Gjmm4Rgpq4JM8J+HjLofe9wMLZv/g7D0GOUFfy/mU h7kgdtAaMAVzPb47UWGo7SlFoTqn83iMhRy9sRu6n2k3kqvITVIaZkSkDSIbfkN3LVRE NqWltIMLBpJtnz+8KPKz3I6zgNpVmc/HZGslbPpLvmEeY+6sLWtbeGM2wszv321LcFeh dGaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=Sj2X6r27jYtNJbTe3Db+jAK/soLPZV6AFQK7W58ObNY=; fh=DMP0F9ULS1guKiqimntQRCN8ZraraesEgQuVcn7F0Z0=; b=RryAzGkYMBwSqnLDOx12ffkQECQPCIWnepo1g4tpJtc9CI5MfOdPQwln6SUDai0bnv 3Mm/CAWNf/GILfrFgFdLtvs42EbkHkAsnaWDa8l2H9otUKU6w0WMrsiLh7w5l/6G8Mul x0vVoqSCDvS7cIOKuxnWyqgBm81oR3cnJc+a5Uo4avKin5d3YgwKfLSqYmye6ekrNGS6 /rLRsPz2m4U1hwHvdB7VNu+4gxnEB3z+7SisfaMUSHIa54ELAijgUE3kt5OaGg3Mznbf 7hNnptY8G5CV2A+CU0D0oW9J2jcDUGMnEdHoRgEHiG9q2SaAdCZiLZ/Zf0YmvRMb2K0y Fj0A==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fkc47PC9; spf=pass (google.com: domain of nerdyrugbyguy@gmail.com designates 2a00:1450:4864:20::42d as permitted sender) smtp.mailfrom=nerdyrugbyguy@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com. [2a00:1450:4864:20::42d]) by gmr-mx.google.com with ESMTPS id 4fb4d7f45d1cf-6005a9ee990si208592a12.2.2025.05.24.05.33.49 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 24 May 2025 05:33:49 -0700 (PDT) Received-SPF: pass (google.com: domain of nerdyrugbyguy@gmail.com designates 2a00:1450:4864:20::42d as permitted sender) client-ip=2a00:1450:4864:20::42d; Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-3a36e0d22c1so468048f8f.2 for ; Sat, 24 May 2025 05:33:48 -0700 (PDT) X-Gm-Gg: ASbGncvbxGlh1CUczSNB4RTRD7by084QSXoipzBaEQdBfj0Ks3TFIX+/1KXVm2qp7tP edu+l9aKg5ossR9DJm1TMN5JW+y+VlqdgUgPqMkQiUhwf2pMDNsqiHkWXAI8cC9nbHXB+jcYP5p dsUlYTRd0w/5zchkf8vGXVVdakqrzBGuhIh+B+vahYeA== X-Received: by 2002:a05:6000:2285:b0:3a3:ec58:ebf2 with SMTP id ffacd0b85a97d-3a4cb408fb0mr2307620f8f.7.1748090027382; Sat, 24 May 2025 05:33:47 -0700 (PDT) MIME-Version: 1.0 References: <09A940A2-122A-445E-82EA-1B4E32AC7E34@gmail.com> In-Reply-To: From: Eric Kvam Date: Sat, 24 May 2025 06:33:35 -0600 X-Gm-Features: AX0GCFvJNTze8upgs5p0Fkdeb-kMD9FgKwLMiT_WCu31hFCYlHLAI8jEfDhLSO4 Message-ID: Subject: Re: [bitcoindev] BIP39 Extension for Manual Seed Phrase Creation To: Bitcoin Development Mailing List Content-Type: multipart/alternative; boundary="0000000000001e1b0f0635e0eddf" X-Original-Sender: nerdyrugbyguy@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fkc47PC9; spf=pass (google.com: domain of nerdyrugbyguy@gmail.com designates 2a00:1450:4864:20::42d as permitted sender) smtp.mailfrom=nerdyrugbyguy@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --0000000000001e1b0f0635e0eddf Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I dug up some past arguments regarding the BIP39 checksum. Hopefully my proposal to import manually generated entropy with a 16 word seed phrase avoids controversy because it doesn't conflict with the existing 12/15/18/21/24 word seed phrase formats that are meant for transcribing computer generated entropy. - https://www.reddit.com/r/TREZOR/comments/1d47lxg/bip39_checksum_is_a_mis= feature_trezor_should/ - https://www.reddit.com/r/Bitcoin/comments/k761mf/fck_the_mnemonic_senten= ce_checksum/ - https://bitcoin.stackexchange.com/questions/100376/should-the-bip-39-mne= monic-sentence-checksum-be-eliminated-from-the-standard-do - https://www.reddit.com/r/Bitcoin/comments/wh0s11/bip39_whats_the_benefit= _of_the_checksum_word/ Using BIP39 to import manually generated entropy into a computer is a work-around that has become a de-facto standard. Some others, like me, have found that the checksum does more harm than good when importing manually generated entropy. I can see that the checksum is quite helpful when transcribing seed phrases between two computing devices. In lieu of a checksum, users transcribing their 16 word phrase could: select their input from the full 2048 word list, select their input from 256 words but do it twice, check the xpub derived from their seed phrase input. Initial confirmation of the xpub is critical to ensure that a compromised computing device can not cause users to send funds to an address they don't control. Users might store the 16 word phrase, or discard it once they have confirmed their xpub in favor of a format that is better for transcription (12 word phrase or seedQR). When I am onboarding no-coiners, getting them to create their seed phrase has been a stumbling block. Any friction during onboarding reduces the conversion rate. Most people will not bother to learn what a hash is but already understand randomness from games like poker and understand the need to keep their passphrase secret. Just as BIP39 helped enable the proliferation of devices like Trezor/Ledger, a standardized format for import of manually generated entropy enables cheap and simple paper products to help users create their seed phrase. A printout of the wordlist with paper masks that each cover half of the words would make it easy for users to perform a binary search. The user could simply set a mask on top of the wordlist as odd or even based on the totals of dice rolls until only one word is showing. Such a product can be bundled with steel plates for recording and storing the phrase. Instead of the user having to learn about binary numbers, hashes, and checksums, no numbers are required at all. The secure computing device and its ops can also be simplified (only needs to accept seedphrase, display xpub, scan unsigned TX, and display signed TX). On Fri, May 23, 2025 at 2:45=E2=80=AFPM Russell O'Connor wrote: > FWIW, BIP-93 (codex32) was designed for both human and computer generated > randomness. Codex32 also supports human and computer generated secret > sharing. > > See also . > > On Fri, May 23, 2025 at 11:35=E2=80=AFAM Eric w= rote: > >> Quoting BIP39: "This guide is meant to be a way to transport >> computer-generated randomness with a human-readable transcription." >> >> BIP39 was meant to capture computer generated randomness. Manually >> calculating the sha256 hash is not practical. >> >> Using a separate tool to compute the checksum or last word is cumbersome >> and requires users to have a more advanced understanding of cryptography= . >> >> >> On May 23, 2025 8:29:27 AM MDT, Kyle Honeycutt >> wrote: >> >>> Respectfully, a "black box" is not trusted to generate mnemonic >>> passphrases, the standard is well-defined and generally followed across >>> wallets. >>> >>> >>> https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generati= ng_the_mnemonic >>> >>> Users can create their own mnemonics in a trustless way following the >>> BIP39 standard published in 2013. >>> >>> Using any entropy source a user can perform a SHA256 hash on the entrop= y >>> to get a 256 bit string, then convert that to binary. Perform another >>> SHA256 hash on the binary, take the first 8 bits and solve for checksum= and >>> then solve the rest of mnemonic words. >>> >>> On Fri, May 23, 2025, 6:15=E2=80=AFAM Eric Kvam wrote: >>> >>>> *Motivation* >>>> Make it easy for users to manually create their seed phrase so that >>>> they don't have to trust a "black box" and allow for encoding derivati= on >>>> path in seed phrase to simplify recovery >>>> >>>> *How* >>>> Use every eighth word from the wordlist to generate 16 word phrases >>>> with 128 bits of entropy (no checksum). The most significant eight bi= ts of >>>> each word are used as entropy. The least significant three bits of ea= ch >>>> word specify the derivation path. >>>> >>>> - *000* Derivation Path Not Specified >>>> - *001* m/44'/0'/0' >>>> - *010* m/49'/0'/0' >>>> - *011* m/84'/0'/0' >>>> - *100* m/48'/0'/0'/2' >>>> - *101* m/86'/0'/0' >>>> >>>> Up to seven derivation paths can be specified if all words have the >>>> same least significant bits. If the least significant bits of each wo= rd >>>> vary, there are 48 bits that can be used to encode meta-data. As long= as >>>> meta-data is limited to certain allowable values, this provides a mech= anism >>>> for error detection, similar to a checksum. >>>> >>>> *Benefits of Suggested Implementation* >>>> >>>> - The word length determines how the seed phrase should be >>>> interpreted. User only needs to know how many words they have and = how many >>>> words the wallet supports to check for compatibility with this exte= nsion >>>> - Uses same wordlist to represent the same entropy as a 12 word >>>> phrase (could be a revision to BIP39 instead of a new BIP) >>>> - Manual procedure is very simple, each derivation path can use a >>>> shortened 256 word list which enjoys improved alphabetical separati= on of >>>> words >>>> - May prevent naive word selections which aren't limited to every >>>> eighth word (similar to what checksum does) >>>> - Can be extended further. For example, a 32 word phrase with the >>>> same entropy as a 24 word phrase could also be added. We can keep = adding >>>> formats with unique word length and keep adding uses for the meta d= ata as >>>> needed. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Bitcoin Development Mailing List" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to bitcoindev+unsubscribe@googlegroups.com. >>>> To view this discussion visit >>>> https://groups.google.com/d/msgid/bitcoindev/a139ee2e-473c-487b-a9b0-e= 68013fdb7cen%40googlegroups.com >>>> >>>> . >>>> >>> -- >> You received this message because you are subscribed to the Google Group= s >> "Bitcoin Development Mailing List" group. >> To unsubscribe from this group and stop receiving emails from it, send a= n >> email to bitcoindev+unsubscribe@googlegroups.com. >> To view this discussion visit >> https://groups.google.com/d/msgid/bitcoindev/09A940A2-122A-445E-82EA-1B4= E32AC7E34%40gmail.com >> >> . >> > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= CADXQin4VbtvyWDGYLJB0HyJ2%2BEai-01CKt6J6UzXM9qtdGJbuw%40mail.gmail.com. --0000000000001e1b0f0635e0eddf Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I dug up some past arguments regarding the BIP39 chec= ksum.=C2=A0 Hopefully my proposal to import manually generated entropy with= a 16 word seed phrase avoids controversy because it doesn't conflict w= ith the existing 12/15/18/21/24 word seed phrase formats that are meant for= transcribing computer generated entropy.=C2=A0=C2=A0

Using BIP39 to import manually generated entropy = into a computer is a work-around that has become a de-facto standard.=C2=A0= Some others, like me, have found that the=C2=A0checksum does more harm tha= n good when importing manually generated entropy.=C2=A0 I can see that the = checksum is quite helpful when transcribing seed phrases between two comput= ing devices.=C2=A0 In lieu of a checksum, users transcribing their 16 word = phrase could: select their input from the full 2048 word list, select their= input from 256 words but do it twice, check the xpub derived from their se= ed phrase input.=C2=A0 Initial confirmation of the xpub is critical to ensu= re that a compromised computing device can not cause users to send funds to= an address they don't control.=C2=A0 Users might store the 16 word phr= ase, or discard it once they have confirmed their xpub in favor of a format= that is better for transcription (12 word phrase or seedQR).=C2=A0=C2=A0

When I am onboarding no-coiners, getting them= to create their seed phrase has been a stumbling block.=C2=A0 Any friction= during onboarding reduces the conversion rate.=C2=A0 Most people will not = bother to=C2=A0learn what a hash is but already understand randomness from = games like poker and understand the need to keep their passphrase secret.= =C2=A0 Just as BIP39 helped enable the proliferation of devices like Trezor= /Ledger, a standardized format for import of manually generated entropy ena= bles cheap and simple paper products to help users create their seed phrase= .=C2=A0 A printout of the wordlist with paper masks that each cover half of= the words would make it easy for users to perform a binary search.=C2=A0 T= he user could simply set a mask on top of the wordlist as odd or even based= on the totals of dice rolls until only one word is showing.=C2=A0 Such a p= roduct can be bundled with steel plates for recording and storing the phras= e.=C2=A0 Instead of the user having to learn about binary numbers, hashes, = and checksums, no numbers are required at all.=C2=A0 The=C2=A0secure comput= ing device and its ops can also be simplified (only needs to accept seedphr= ase, display xpub, scan unsigned TX, and display signed TX).
On Fri, May 23, 2025 at 2:45=E2=80=AFPM Russell O'Connor &= lt;roconnor@blockstream.com= > wrote:
FWIW, BIP-93 (codex32) was designed for = both human and computer generated randomness.=C2=A0 Codex32 also supports h= uman and computer generated secret sharing.


On Fri, May 23, 2025 at 11:35=E2=80=AFAM Eric <<= a href=3D"mailto:nerdyrugbyguy@gmail.com" target=3D"_blank">nerdyrugbyguy@g= mail.com> wrote:
Quoting BIP39: "This guide is meant to = be a way to transport computer-generated randomness with a human-readable t= ranscription."

BIP39 was meant to capture computer generated ra= ndomness.=C2=A0 Manually calculating the sha256 hash is not practical.
<= br>Using a separate tool to compute the checksum or last word is cumbersome= and requires users to have a more advanced understanding of cryptography.<= /div>

On May 23, 2025 8= :29:27 AM MDT, Kyle Honeycutt <coinables@gmail.com> wrote:

Respectfully, a "black box" is no= t trusted to generate mnemonic passphrases, the standard is well-defined an= d generally followed across wallets.

https://github.com/bitcoin/bips/blob/master/bip-0039.= mediawiki#Generating_the_mnemonic

Users can create their own mnem= onics in a trustless way following the BIP39 standard published in 2013.=C2= =A0

Using any entropy source a user can perform a SHA256 hash on the = entropy to get a 256 bit string, then convert that to binary. Perform anoth= er SHA256 hash on the binary, take the first 8 bits and solve for checksum = and then solve the rest of mnemonic words.


On Fri= , May 23, 2025, 6:15=E2=80=AFAM Eric Kvam <nerdyrugbyguy@gmail.com> wrote:
<= /div>
Motivation=
Make it easy for users to manually create their seed phrase so tha= t they don't have to trust a "black box" and allow for encodi= ng derivation path in seed phrase to simplify recovery

<= div>How
Use every eighth word from the wordli= st to generate 16 word phrases with 128 bits of entropy (no checksum).=C2= =A0 The most significant eight bits of each word are used as entropy.=C2=A0= The least significant three bits of each word specify the derivation path.=
  • 000 Derivation Path Not Specified
  • 001<= /b> m/44'/0'/0'
  • 010 m/49'/0'/0'
  • 011 m/84'/0'/0'
  • 100 m/48'/0'= ;/0'/2'
  • 101 m/86'/0'/0'
Up= to seven derivation paths can be specified if all words have the same leas= t significant bits.=C2=A0 If the least significant bits of each word vary, = there are 48 bits that can be used to encode meta-data.=C2=A0 As long as me= ta-data is limited to certain allowable values, this provides a mechanism f= or error detection, similar to a checksum.

=
Benefits of Suggested Implementation
  • T= he word length determines how the seed phrase should be interpreted.=C2=A0 = User only needs to know how many words they have and how many words the wal= let supports to check for compatibility with this extension
  • Uses sa= me wordlist to represent the same entropy as a 12 word phrase (could be a r= evision to BIP39 instead of a new BIP)
  • Manual procedure is very sim= ple, each derivation path can use a shortened 256 word list which enjoys im= proved alphabetical separation of words
  • May prevent naive word sele= ctions which aren't limited to every eighth word (similar to what check= sum does)
  • Can be extended further.=C2=A0 For example, a 32 word phr= ase with the same entropy as a 24 word phrase could also be added.=C2=A0 We= can keep adding formats with unique word length and keep adding uses for t= he meta data as needed.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit h= ttps://groups.google.com/d/msgid/bitcoindev/a139ee2e-473c-487b-a9b0-e68013f= db7cen%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/= msgid/bitcoindev/09A940A2-122A-445E-82EA-1B4E32AC7E34%40gmail.com.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/= msgid/bitcoindev/CADXQin4VbtvyWDGYLJB0HyJ2%2BEai-01CKt6J6UzXM9qtdGJbuw%40ma= il.gmail.com.
--0000000000001e1b0f0635e0eddf--