From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 5CCC0AF9C for ; Wed, 6 Feb 2019 14:28:32 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1573B899 for ; Wed, 6 Feb 2019 13:48:38 +0000 (UTC) Received: by mail-ed1-f52.google.com with SMTP id r15so4459711eds.9 for ; Wed, 06 Feb 2019 05:48:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/SXwD46STgaau1JKmPZnpNadgUqndN6yNc+haSWWJKc=; b=OPfqrq0KWGSyg6TX8KyS+xZLxAZeE0o6shz6oD64O80joKKLLWossW0W6LVRiw/Mv8 joesDTbkmmWBJ+53zjlRFL/9LwM2jMMaPqAoM+MMxXU2kfbBAW1mSdKqSYqCHQWUtPR7 dqBazLqJyBWO4SynAfesEfpoBg/d0oba3r4OM+d3dGdCywd368EcJVZ/lGipxbUvp5pM dlEGOgjrW9GKtjDvIPXFEGD718RXf+zkK/Cnt8kq3abeXPs5fVw0L0VCDffWFQGMntKS VSWUxiYH2nO/+Z2afl7qO4mYDyU6ZQsez85oAdEvEH7K8oGtkIggXWRMTAHSrf/u+FQF waeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/SXwD46STgaau1JKmPZnpNadgUqndN6yNc+haSWWJKc=; b=kPmEpx3RwMDygjcvg9ZND0HgubVso/8G6NGqJPAQkwdMY8fo25LtedLMw3oDXqlRUf 8HAKMePq5bGjklVXz6qjCDL2aIppNSaPSmtnexGAC5e0wvZYLpLiFDnUPlXmJ0fXm2rE pVDUB5hZx8Mxa9cWx4bt37gs50eEAnwwzg9dQJ1c/fgfL8QVsEo1c6UxmzDgHN+9r06a t9VeElXvow/OebeFVBMg+mZOBbEEAACp77AVZDKNtzmHonG5Y4qys8aIPGP2SyO3epwo cZR1JVW6io7PI+EML0d5yHvII6eH5GrXPLhW9b75ThNCuf7GVD1g1tjJfT+848S7jARr 3U8g== X-Gm-Message-State: AHQUAubAuU0LKEb0iE8Ht5jEk73iFxO/e6ajhnANZGk8QKE4O07ZV1in eOY7DyNmazvSbFbiVUNDO2SLCnH0g3y6SkWsKFc= X-Google-Smtp-Source: AHgI3IaEEjMm4PVa6VPeqUON+O19xgu+6TU9uccxafJZWeAKkpgCnv7QMVjeE0ivEPicWcCwaGSI0g3731TjrI7NSMU= X-Received: by 2002:a50:fe15:: with SMTP id f21mr8011802edt.116.1549460916523; Wed, 06 Feb 2019 05:48:36 -0800 (PST) MIME-Version: 1.0 References: <2s__WN8iJ71DEJxYfCGbJpcp3lVLuOV95To49v3xc9XxyHod7ikfJU3EjYt2bSReGlKpjLxny0fR8KkEGjZynH8OFBoy_aCfWaScv9Vw5I4=@protonmail.com> In-Reply-To: From: Alan Evans Date: Wed, 6 Feb 2019 09:48:25 -0400 Message-ID: To: Devrandom , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="00000000000085e1d7058139fb8c" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 06 Feb 2019 15:48:05 +0000 Subject: Re: [bitcoin-dev] Card Shuffle To Bitcoin Seed X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Feb 2019 14:28:32 -0000 --00000000000085e1d7058139fb8c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable It's not quite enough to just do SHA512, you missed out this condition (incredibly rare as it is): > In case IL is 0 or =E2=89=A5n, the master key is invalid. Also I can't see how I would use this to seed a hardware wallet that requires a BIP39 seed as mentioned in your abstract. For both of those reasons, you may want to just invent/formalize a scheme that takes Cards -> Entropy. >From that Entropy one can generate BIP39, and non-BIP39 fans can just continue, generate and store their root xprv. Prior art: Note that Ian Coleman's BIP39 site already supports Cards (and Dice), see the logic here: https://github.com/iancoleman/bip39/blob/master/src/js/entropy.js [image: image.png] Note it detected "full deck". It also calculates the Total Bits of Entropy and can handle card replacement and multiple decks. PS, you're a bit out on your entropy calculation, log2(52!) ~=3D 225.58 bit= s, not 219. On Tue, 5 Feb 2019 at 02:08, Devrandom via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > I would suggest 50+ 6-sided dice rolls, giving about 128 bits of entropy. > Compared to a shuffle, it's easier to be sure that you got the right amou= nt > of entropy, even if the dice are somewhat biased. > > > On Mon, Feb 4, 2019 at 2:33 PM James MacWhyte via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> >> James >> >> >> On Sun, Feb 3, 2019 at 10:27 AM Ryan Havar via bitcoin-dev < >> bitcoin-dev@lists.linuxfoundation.org> wrote: >> >>> Conveniently a shuffled deck of cards also can serve as a physical >>> backup which is easy to hide in plain sight with great plausible >>> deniability. >>> >> >> To make sure someone doesn't play with your cards and mix up the order, >> use a permanent marker to draw a diagonal line on the side of the deck f= rom >> corner to corner. If the cards ever get mixed up, you can put them back = in >> order by making sure the diagonal line matches up. >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --00000000000085e1d7058139fb8c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
It's not quite enough to just do SHA512, you missed ou= t this condition (incredibly rare as it is):

> In cas= e IL is 0 or =E2=89=A5n, the master key is invalid.

Also I can't see how I would use this to seed a hardware wallet that = requires a BIP39 seed as mentioned in your abstract.

For both of those reasons, you may want to just invent/formalize a schem= e that takes Cards -> Entropy.
From that Entropy one can gener= ate BIP39, and non-BIP39 fans can just continue, generate and store their r= oot xprv.

Prior art: Note that Ian Coleman'= ;s BIP39 site already supports Cards (and Dice), see the logic here:=C2=A0<= a href=3D"https://github.com/iancoleman/bip39/blob/master/src/js/entropy.js= " rel=3D"noreferrer" target=3D"_blank">https://github.com/iancoleman/bip39/= blob/master/src/js/entropy.js

3D"image.png"
=

Note it detected "full deck"= ;. It also calculates the Total Bits of Entropy and can handle card replace= ment and multiple decks.

PS, you're a bit out = on your entropy calculation, log2(52!) ~=3D 225.58 bits, not 219.


On Tue, 5 Feb 2019 at 02:08, Devrandom via bitcoin-dev <bitcoin-dev@lists.linux= foundation.org> wrote:
I would suggest 50+ 6-sided dice rolls, givi= ng about 128 bits of entropy.=C2=A0 Compared to a shuffle, it's easier = to be sure that you got the right amount of entropy, even if the dice are s= omewhat biased.


On Mon, Feb 4, 2019 at 2:33 PM James MacWhyte= via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
=

James


On Sun, Feb 3, 2019 at 10:27 = AM Ryan Havar via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org= > wrote:
Conveniently a shuffled deck of cards also can serve as a physical backup = which is easy to hide in plain sight with great plausible deniability.

To make sure someone doesn't play wit= h your cards and mix up the order, use a permanent marker to draw a diagona= l line on the side of the deck from corner to corner. If the cards ever get= mixed up, you can put them back in order by making sure the diagonal line = matches up.=C2=A0
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--00000000000085e1d7058139fb8c--