From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 23 May 2025 14:12:04 -0700 Received: from mail-yw1-f188.google.com ([209.85.128.188]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1uIZgR-0000Yu-Mo for bitcoindev@gnusha.org; Fri, 23 May 2025 14:12:04 -0700 Received: by mail-yw1-f188.google.com with SMTP id 00721157ae682-70dd69249e0sf5941447b3.3 for ; Fri, 23 May 2025 14:12:03 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1748034718; cv=pass; d=google.com; s=arc-20240605; b=Z0jVrk+97KZGeikPQ3vx0f48ojiopWky92Fr4+wVHGQxcXVYMHl1xxbn8PiGB2k4q5 WvTN9KCnBDlLoFAWbptIUgqFUsh8FvQ9po1aja/M2mZKqWvb5ZBSdw4EvR1gWlGnnjK8 nl67CZG2jJFeR4wMGZASLx3YJeEByyMTGT0o88+/WtPSa6t54d/LbXdx3eeRAbSUwV1X lDvfCwbLlkVVBx/mZrKS2w9rn+x8++xVNhHUXM+pt/IJ0ksqcjt5SgHfIb6rFRjhQaa0 i/1p7mdvWd11Nj87Ll5awvsruLUK0KAh2OSeGo9zF7wq5eD7AoSgX0rRH+3Pv9pFttzO ReZQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:cc:to:subject:message-id :date:from:in-reply-to:references:mime-version:dkim-signature; bh=j1dzLCt0BjkD5kTLDJMzmmIo2w9MLHdJ81a4Dl6WJ3w=; fh=W6kxbSeouukL6IFo4rA0Atd9cDNIibpTwBkR7+N6+24=; b=VLQqJkfN/HYWX/aTHMqyNZB5zODKFmMCZVLpvZj72LTjx3VmmlyBx1QcESE2k0vkZA Go431+m45F0AIwtLG304WfgNBkuOfw7h2+VdKjMnapkRGQxLLdr65YWDSDSE9PKInArv YZGoRosqRLSnbNTg4xwNog7Hc0psAudfL9knJ2GSsTAObVEYvAzohmtld7GO3YO+kqca CajK14SozBuaNVMyo71BtpJWaJWexeQDdnZ7OVLAJF5gsdDgZ1sthfp/IRTgsNfKSzGo U4tNh7oiDTAOV2jiVX9JA/eOkx4Zaz3Je8k3CBxOzrEh0BvkWIt/PLeV7Z9kPxN6iHg8 8JKA==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@blockstream.com header.s=google header.b=F2lErF1o; spf=pass (google.com: domain of roconnor@blockstream.com designates 2607:f8b0:4864:20::633 as permitted sender) smtp.mailfrom=roconnor@blockstream.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=blockstream.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1748034718; x=1748639518; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version:from:to:cc :subject:date:message-id:reply-to; bh=j1dzLCt0BjkD5kTLDJMzmmIo2w9MLHdJ81a4Dl6WJ3w=; b=bG3rf4ldElOwHiF7QjdpL318fHq7Go83Fbv+nmvPziRazE8v9H/+I0I1l4t1q/qrsp L10p5AMn7y6fl6+2uaqzDc8GXBrkqIithffuDrpwRM43Ulwv4e1fsoMcDCx+ccCN5DlP EQI3r6726JTUtTWIHc6VV0Yu1BK0gkEPx8yA3lhC06tTQKnld/q9EwYuk0Jq0x4rm0Hw PqT52+HkD296T7KnhbfXF6nnzzC7KFaUmD96w1k/67/PNV1Rt0jn1KTCu9kLt96ByZO5 WGp86/BAhZX3knLx+IjMJEYgfR7DOeBmHoseUwQSOEf9WUaoGXCxzEMLlm6G/nSt/KDk OmDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748034718; x=1748639518; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=j1dzLCt0BjkD5kTLDJMzmmIo2w9MLHdJ81a4Dl6WJ3w=; b=r1rgSc4h+94AIQDtkqzvwURYigMsoOHWGolTnRiJapvLM4ZhjGCNb57cRATSK8Rzn0 +Lbx1h7I7w0PqLvS4orWbDj7oI5y22q5bfGh1sE1yBuz7z1Jyo2I2K/GWohmHHc6A5Wm Wdg2Jn9QYSPsobl4S49krAtJoADwo7Sr+5L0IbPogdvrwep3Ktt9vCf6BQgl8Bvy9fc7 DTq2jmgiYcR8lRFM/YQknewHhllOu2pbrRUxEUtO5EYySKAzjix1GkXYE1c1TVrvaGjS bT/AEMCIKCmjI6GzJlpEN8uQO6rtIa3NzCxMcFmMnzdw4m9cDcp+4NCTtEMt1AgTQ8Jv G10Q== X-Forwarded-Encrypted: i=2; AJvYcCUInW+Vt/7IQj3gPkC8WLX6AwCbMlyEM6zcU5Zgm5M/Dh+aO+IUg/pAB8HKWjMrY510sYaB4g02vvv4@gnusha.org X-Gm-Message-State: AOJu0YzIa+J6hL3PR112G9Us4xD8rnTfAbP+o+9+XIPqHBow84NSW9rk 0n74KAyXOADELW0ccFRGSOAm8oAM2nmHiMhqNhXlo7dhBPO1wxNYxqdI X-Google-Smtp-Source: AGHT+IGSssm9l4fYoEA8BVT4d4mRb4cHGLS766k96XBPm4FoEIE+SZhOvwa0JC0DNr39zGt1I52rIA== X-Received: by 2002:a05:6902:1029:b0:e79:100d:5a29 with SMTP id 3f1490d57ef6-e7d91a2a226mr1174700276.38.1748034717805; Fri, 23 May 2025 14:11:57 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=AVT/gBFpcWGhBjeb2gVIrBXV06kti6QlQw0lIdNA1SONtcbu/Q== Received: by 2002:a25:3a07:0:b0:e7d:6000:9f13 with SMTP id 3f1490d57ef6-e7d9202c078ls284498276.1.-pod-prod-05-us; Fri, 23 May 2025 14:11:53 -0700 (PDT) X-Received: by 2002:a05:690c:6f0f:b0:70e:1874:b915 with SMTP id 00721157ae682-70e2d993e8fmr8921917b3.10.1748034713579; Fri, 23 May 2025 14:11:53 -0700 (PDT) Received: by 2002:a05:690c:2d04:b0:70e:2cf8:9db8 with SMTP id 00721157ae682-70e2cf8b6cams7b3; Fri, 23 May 2025 13:45:35 -0700 (PDT) X-Received: by 2002:a05:690c:4b89:b0:70d:ff2a:d686 with SMTP id 00721157ae682-70e2daaea2fmr6643547b3.28.1748033134414; Fri, 23 May 2025 13:45:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1748033134; cv=none; d=google.com; s=arc-20240605; b=HhjOVPihH/2XUX5XzJZ4UgETCvJpB2SWSbkhR4KlUDENXXlnf3gLB6DuiJaeBN1xbb UWvo2pwmBn4hE+yz5VY2HUPwGDePqmna23kI4fyuzZ29vc7iMP5iO/bGVPkvuGABhiNi EuEu0xiRiCRYbkHF6bcgLOEIQPbzo4fjTlf/H4nzxWEZ58Me9UNF+kQI/nHBc/WR/yZG TPz5MPgiJsBxIZIDSnjiNXJyyPdfK5ujkIMBRfzt2/rSsWeo4xFE1PAcAJBJMtEUvyC3 9UQiOcdfotCce1DT5JertptR9QQtRto6DlsDqksxhzuNfefRCdVRdURB/lziTce6UUdn 0ePA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=3FqlL5i3y6Bp6axkK48J8eo3ziJLEfdV6eLUKc/SX38=; fh=/YjgnsghaA3pt4+dPTSGC/uW8wSzfrrCiZ4aVJWipfQ=; b=VE0KMW2G45GNYHQSb+slpmkikQyh53A94eh9hOYLfmvgaSNHXHxeGA3hBVAt0IEppz GYuAc/vhJKwZDahNJSa0PnI7+YtMb5X8aLxIyty0c17KiNbxTT9mhCZava/YL5cK8lrx YbibaHLmEP+0z+u9b6oZ4NCufIXBIH175m5iFOPx7DkfeV5E5aaTfT5UbIj0i0lZJL29 /CRZIbIu4IKKktrGhiiGHK5sJ/7zXE2b4gy59wEqMgqlVkjYploeBaEi8vBgFygwlH+v 4H5LEWHWDn36yT1ki2aZ8tmCXZVO4F6MHqCCkoAOVQsPTHATN0KVH/SV3UfP2LRYh9U4 AHGA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@blockstream.com header.s=google header.b=F2lErF1o; spf=pass (google.com: domain of roconnor@blockstream.com designates 2607:f8b0:4864:20::633 as permitted sender) smtp.mailfrom=roconnor@blockstream.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=blockstream.com; dara=pass header.i=@googlegroups.com Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com. [2607:f8b0:4864:20::633]) by gmr-mx.google.com with ESMTPS id 00721157ae682-70e26c63663si226787b3.1.2025.05.23.13.45.34 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 23 May 2025 13:45:34 -0700 (PDT) Received-SPF: pass (google.com: domain of roconnor@blockstream.com designates 2607:f8b0:4864:20::633 as permitted sender) client-ip=2607:f8b0:4864:20::633; Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-232059c0b50so2826895ad.2 for ; Fri, 23 May 2025 13:45:34 -0700 (PDT) X-Gm-Gg: ASbGnctLtfdOTAPXRP5BlzwmDKI/JkD6qFuXFPAK9BSENTkOHcft6/78C71J69iTEX7 cCNiICsx3REhy6ROYaKOoTl2C4lt05S/aavNVv2py5n+Hu/BJhJVMH9E4rB9RoMtaj4bD1kNZgk 8jhtoSV89s6973ETriLqRmrO99pfXPzFPt X-Received: by 2002:a17:902:e807:b0:231:d0e9:2b84 with SMTP id d9443c01a7336-23414fb2d50mr10595685ad.37.1748033133402; Fri, 23 May 2025 13:45:33 -0700 (PDT) MIME-Version: 1.0 References: <09A940A2-122A-445E-82EA-1B4E32AC7E34@gmail.com> In-Reply-To: <09A940A2-122A-445E-82EA-1B4E32AC7E34@gmail.com> From: "'Russell O'Connor' via Bitcoin Development Mailing List" Date: Fri, 23 May 2025 16:45:22 -0400 X-Gm-Features: AX0GCFtj5z4N1BYD4_rD2IDBA56DePcZ7bJZ4Sg4ynZRn0-n1QmP2U9nd_gE66g Message-ID: Subject: Re: [bitcoindev] BIP39 Extension for Manual Seed Phrase Creation To: Eric Cc: Bitcoin Development Mailing List Content-Type: multipart/alternative; boundary="000000000000f8f6470635d3ad5a" X-Original-Sender: roconnor@blockstream.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@blockstream.com header.s=google header.b=F2lErF1o; spf=pass (google.com: domain of roconnor@blockstream.com designates 2607:f8b0:4864:20::633 as permitted sender) smtp.mailfrom=roconnor@blockstream.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=blockstream.com; dara=pass header.i=@googlegroups.com X-Original-From: "Russell O'Connor" Reply-To: "Russell O'Connor" Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -1.0 (-) --000000000000f8f6470635d3ad5a Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable FWIW, BIP-93 (codex32) was designed for both human and computer generated randomness. Codex32 also supports human and computer generated secret sharing. See also . On Fri, May 23, 2025 at 11:35=E2=80=AFAM Eric wro= te: > Quoting BIP39: "This guide is meant to be a way to transport > computer-generated randomness with a human-readable transcription." > > BIP39 was meant to capture computer generated randomness. Manually > calculating the sha256 hash is not practical. > > Using a separate tool to compute the checksum or last word is cumbersome > and requires users to have a more advanced understanding of cryptography. > > > On May 23, 2025 8:29:27 AM MDT, Kyle Honeycutt > wrote: > >> Respectfully, a "black box" is not trusted to generate mnemonic >> passphrases, the standard is well-defined and generally followed across >> wallets. >> >> >> https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generatin= g_the_mnemonic >> >> Users can create their own mnemonics in a trustless way following the >> BIP39 standard published in 2013. >> >> Using any entropy source a user can perform a SHA256 hash on the entropy >> to get a 256 bit string, then convert that to binary. Perform another >> SHA256 hash on the binary, take the first 8 bits and solve for checksum = and >> then solve the rest of mnemonic words. >> >> On Fri, May 23, 2025, 6:15=E2=80=AFAM Eric Kvam wrote: >> >>> *Motivation* >>> Make it easy for users to manually create their seed phrase so that the= y >>> don't have to trust a "black box" and allow for encoding derivation pat= h in >>> seed phrase to simplify recovery >>> >>> *How* >>> Use every eighth word from the wordlist to generate 16 word phrases wit= h >>> 128 bits of entropy (no checksum). The most significant eight bits of = each >>> word are used as entropy. The least significant three bits of each wor= d >>> specify the derivation path. >>> >>> - *000* Derivation Path Not Specified >>> - *001* m/44'/0'/0' >>> - *010* m/49'/0'/0' >>> - *011* m/84'/0'/0' >>> - *100* m/48'/0'/0'/2' >>> - *101* m/86'/0'/0' >>> >>> Up to seven derivation paths can be specified if all words have the sam= e >>> least significant bits. If the least significant bits of each word var= y, >>> there are 48 bits that can be used to encode meta-data. As long as >>> meta-data is limited to certain allowable values, this provides a mecha= nism >>> for error detection, similar to a checksum. >>> >>> *Benefits of Suggested Implementation* >>> >>> - The word length determines how the seed phrase should be >>> interpreted. User only needs to know how many words they have and h= ow many >>> words the wallet supports to check for compatibility with this exten= sion >>> - Uses same wordlist to represent the same entropy as a 12 word >>> phrase (could be a revision to BIP39 instead of a new BIP) >>> - Manual procedure is very simple, each derivation path can use a >>> shortened 256 word list which enjoys improved alphabetical separatio= n of >>> words >>> - May prevent naive word selections which aren't limited to every >>> eighth word (similar to what checksum does) >>> - Can be extended further. For example, a 32 word phrase with the >>> same entropy as a 24 word phrase could also be added. We can keep a= dding >>> formats with unique word length and keep adding uses for the meta da= ta as >>> needed. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Bitcoin Development Mailing List" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to bitcoindev+unsubscribe@googlegroups.com. >>> To view this discussion visit >>> https://groups.google.com/d/msgid/bitcoindev/a139ee2e-473c-487b-a9b0-e6= 8013fdb7cen%40googlegroups.com >>> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to bitcoindev+unsubscribe@googlegroups.com. > To view this discussion visit > https://groups.google.com/d/msgid/bitcoindev/09A940A2-122A-445E-82EA-1B4E= 32AC7E34%40gmail.com > > . > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= CAMZUoK%3DA8T5N4ekR7r6%2BcfaxMCYL%3Da5_v0kqdPNVDzgcUY9xrg%40mail.gmail.com. --000000000000f8f6470635d3ad5a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
FWIW, BIP-93 (codex32) was designed = for both human and computer generated randomness.=C2=A0 Codex32 also suppor= ts human and computer generated secret sharing.


On Fri, May 23, 2025 at 11:35=E2=80=AFAM Eric= <nerdyrugb= yguy@gmail.com> wrote:
Quoting BIP39: "This guide is mea= nt to be a way to transport computer-generated randomness with a human-read= able transcription."

BIP39 was meant to capture computer genera= ted randomness.=C2=A0 Manually calculating the sha256 hash is not practical= .

Using a separate tool to compute the checksum or last word is cumb= ersome and requires users to have a more advanced understanding of cryptogr= aphy.


On May 23, = 2025 8:29:27 AM MDT, Kyle Honeycutt <coinables@gmail.com> wrote:

Respectfully, a "black box" is no= t trusted to generate mnemonic passphrases, the standard is well-defined an= d generally followed across wallets.

https://github.com/bitcoin/bips/blob/master/bip-0039.= mediawiki#Generating_the_mnemonic

Users can create their own mnem= onics in a trustless way following the BIP39 standard published in 2013.=C2= =A0

Using any entropy source a user can perform a SHA256 hash on the = entropy to get a 256 bit string, then convert that to binary. Perform anoth= er SHA256 hash on the binary, take the first 8 bits and solve for checksum = and then solve the rest of mnemonic words.


On Fri= , May 23, 2025, 6:15=E2=80=AFAM Eric Kvam <nerdyrugbyguy@gmail.com> wrote:
<= /div>
Motivation=
Make it easy for users to manually create their seed phrase so tha= t they don't have to trust a "black box" and allow for encodi= ng derivation path in seed phrase to simplify recovery

<= div>How
Use every eighth word from the wordli= st to generate 16 word phrases with 128 bits of entropy (no checksum).=C2= =A0 The most significant eight bits of each word are used as entropy.=C2=A0= The least significant three bits of each word specify the derivation path.=
  • 000 Derivation Path Not Specified
  • 001<= /b> m/44'/0'/0'
  • 010 m/49'/0'/0'
  • 011 m/84'/0'/0'
  • 100 m/48'/0'= ;/0'/2'
  • 101 m/86'/0'/0'
Up= to seven derivation paths can be specified if all words have the same leas= t significant bits.=C2=A0 If the least significant bits of each word vary, = there are 48 bits that can be used to encode meta-data.=C2=A0 As long as me= ta-data is limited to certain allowable values, this provides a mechanism f= or error detection, similar to a checksum.

=
Benefits of Suggested Implementation
  • T= he word length determines how the seed phrase should be interpreted.=C2=A0 = User only needs to know how many words they have and how many words the wal= let supports to check for compatibility with this extension
  • Uses sa= me wordlist to represent the same entropy as a 12 word phrase (could be a r= evision to BIP39 instead of a new BIP)
  • Manual procedure is very sim= ple, each derivation path can use a shortened 256 word list which enjoys im= proved alphabetical separation of words
  • May prevent naive word sele= ctions which aren't limited to every eighth word (similar to what check= sum does)
  • Can be extended further.=C2=A0 For example, a 32 word phr= ase with the same entropy as a 24 word phrase could also be added.=C2=A0 We= can keep adding formats with unique word length and keep adding uses for t= he meta data as needed.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit h= ttps://groups.google.com/d/msgid/bitcoindev/a139ee2e-473c-487b-a9b0-e68013f= db7cen%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/= msgid/bitcoindev/09A940A2-122A-445E-82EA-1B4E32AC7E34%40gmail.com.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.co= m/d/msgid/bitcoindev/CAMZUoK%3DA8T5N4ekR7r6%2BcfaxMCYL%3Da5_v0kqdPNVDzgcUY9= xrg%40mail.gmail.com.
--000000000000f8f6470635d3ad5a--