From: "'Rama Gan' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
To: Andrew Poelstra <apoelstra@wpsoftware.net>
Cc: "bitcoindev@googlegroups.com" <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Penlock, a paper-computer for secret-splitting BIP39 seed phrases
Date: Tue, 14 May 2024 12:03:45 +0000 [thread overview]
Message-ID: <GqYxqTBUgHl6yq1UAaOc2O9Ea4-5yKnM-jGZzGaKC19c-k3KcUN_Bo2e7XPYUrNaX3NMJC0tCMudgSl0_l1BCRUz4DIYBR1ecL2ifopzs98=@proton.me> (raw)
In-Reply-To: <ZkIYXs7PgbjazVFk@camus>
Hello Andrew,
Thank you for sharing your thoughts.
I think I fixed the biggest compatibility issues. Most browsers should now
display the documents correctly, but there still are issues when using the
"Print to PDF" feature. Chromium, Brave and Firefox do it well. With qutebrowser
5.x and 6.x, I get weirdly pixelated results and the wrong page margins. I'm not
sure yet if it is something that I can fix, or how it will look when actually
printing; I'll investigate further as soon as I can.
- The "Generate a Seed Phrase" guide is useful for initializing a new hardware
wallet that only supports BIP39. The guide and the worksheet only support
the 12-word variant, because as you said grinding for the checksum is
otherwise tedious. I guess I should add an explainer for that. I also expect
that most Penlock users will already have a seed phrase and that's why I
didn't mention this feature in the presentation.
- About seedxor: I am not familiar with it, but it looks like something I'd
want to dig in. About BIP39->binary conversion: even double-checking can't
fully guarantee its correctness, so it can lead to dramatic failures.
- About GF(27) being non-standard: the documents for analog computations will
remain valid and available, so it's not like a software implementation that
requires routine maintenance or might be discontinued.
- Penlock implements arithmetic operations differently than Codex32. Additions
and subtractions are implemented with a slider-wheel (only possible with
GF(P)); Multiplications and "divisions" are done with volvelles. There is
indeed a risk of using the slider-wheel in the wrong direction, and this is
mitigated by 2-of-N not using additions at all.
- An experienced user can compute a 12-words checksum in 4mins, and verify its
correctness in 3 mins. Checksumming 24-word is quite doable, but then the
difficulty comes with the shares derivation part that takes close to an hour
and feels really tedious (again, for 24 words). For reference, an
experienced user can secret-split a 12-words sentence in 45 minutes. A
24-words sentence will more than double that due to getting tired and losing
focus.
- The 2-of-(N<=26) case is handled with a variant of Shamir's algorithm that
can be fully implemented in a single wheel. I'm about to post a presentation
that will go into more details about that. For (K>=3)-of-M cases there's
indeed a recovery wheel, plus a volvelle that does translation+fusion on the
same side (see: https://beta.penlock.io/kofm-wheels.html).
Best regards,
Rama Gan
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/GqYxqTBUgHl6yq1UAaOc2O9Ea4-5yKnM-jGZzGaKC19c-k3KcUN_Bo2e7XPYUrNaX3NMJC0tCMudgSl0_l1BCRUz4DIYBR1ecL2ifopzs98%3D%40proton.me.
next prev parent reply other threads:[~2024-05-14 12:14 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-12 18:04 [bitcoindev] Penlock, a paper-computer for secret-splitting BIP39 seed phrases 'Rama Gan' via Bitcoin Development Mailing List
2024-05-13 13:40 ` Andrew Poelstra
2024-05-14 12:03 ` 'Rama Gan' via Bitcoin Development Mailing List [this message]
2024-05-14 13:42 ` Andrew Poelstra
2024-05-16 7:43 ` 'Rama Gan' via Bitcoin Development Mailing List
2024-05-16 13:27 ` Andrew Poelstra
2024-05-16 17:24 ` Andrew Poelstra
2024-05-24 10:39 ` 'Rama Gan' via Bitcoin Development Mailing List
2024-05-24 14:14 ` Andrew Poelstra
2024-05-24 15:02 ` 'Rama Gan' via Bitcoin Development Mailing List
2024-05-14 12:43 ` 'Rama Gan' via Bitcoin Development Mailing List
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='GqYxqTBUgHl6yq1UAaOc2O9Ea4-5yKnM-jGZzGaKC19c-k3KcUN_Bo2e7XPYUrNaX3NMJC0tCMudgSl0_l1BCRUz4DIYBR1ecL2ifopzs98=@proton.me' \
--to=bitcoindev@googlegroups.com \
--cc=apoelstra@wpsoftware.net \
--cc=ganrama@proton.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox