1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
|
Delivery-date: Sat, 24 May 2025 06:07:38 -0700
Received: from mail-ot1-f58.google.com ([209.85.210.58])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDN53HXIYQFRBD4JY7AQMGQE3L23BRI@googlegroups.com>)
id 1uIobB-0004r1-0y
for bitcoindev@gnusha.org; Sat, 24 May 2025 06:07:38 -0700
Received: by mail-ot1-f58.google.com with SMTP id 46e09a7af769-72b831a73d8sf806493a34.1
for <bitcoindev@gnusha.org>; Sat, 24 May 2025 06:07:37 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1748092051; cv=pass;
d=google.com; s=arc-20240605;
b=UC0Uuhhq/lRDrD/qVBqfL4bZvxrZ+GohM/Q9XBSJBhYJsXUn9nZp861Ap05fNXAKc+
V9yt5ntktJ91A8Q5+6Xy/TlC4W8zqvI6qj04a8PkzaGWmAVR3IFenEK1UHnLrVcoNWyt
YPzaRNZJMLskdHhuQtTKCEFrekD+sQ+X71Nb+gbLrN4HTB9Cuos3MgEnlktsb3rVjk2G
JJR6RPnYKQb7U+/zLO/nFmRTVkeSa1NUpFYvbBTn1b2clqSPlXUfyesT5A3pCyLibXSD
uI4Uy9C6hZo8osKxpArw4eH3AIx5seB8DnezPRpX2n+uD0RmtrkKvdaH3YUe0k7pJKgf
l47A==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:to:subject:message-id:date:from
:in-reply-to:references:mime-version:sender:dkim-signature
:dkim-signature;
bh=69deYQVeZzkVa7zRVu2BWPaIHbniIxrXMYYDUfCAeZI=;
fh=CrpTeqfgCRE5FTBV+F7DkISUpWUGBxDwJD7jsG7D9KM=;
b=du0IKjt/CEWZq9Yf7vqaAQ37Yux4238rk8Y0HrUJP8uJZoabjW9h6dmnBLNWLpJ22E
sXDe61MF4TV9Y0e/FpnCWRK1il70DVq4KNMFkdEKGgKi53IQpP0Mvis7kurDgkQBs93w
8tS8hg9TOaIcxnis00kwwHhuWJjPx6eEswDKq0h6jB3Sh21Bln7fSu52gqy5azkocNtQ
FD0e5igtpG58lH3AWnpVO0Tw6wzl2kVNYYYlCk5IY7e1vC5zVsIO68d4KNj4jfUEPM3Y
XjBn5OnYGSrrmUZ+LG0MtS5wmIy0B2Ryo89qmppYeyxexyPQh9RtoWNAKi6uhQKIYSvT
jfSg==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=fkc47PC9;
spf=pass (google.com: domain of nerdyrugbyguy@gmail.com designates 2a00:1450:4864:20::42d as permitted sender) smtp.mailfrom=nerdyrugbyguy@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1748092051; x=1748696851; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:to:subject:message-id:date:from:in-reply-to
:references:mime-version:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=69deYQVeZzkVa7zRVu2BWPaIHbniIxrXMYYDUfCAeZI=;
b=nx1YgAbu1aafNBRcQ5xu3qgbsQkSSE+yUo9V3nnB9ToRhZ85GdtiwS0UoZqDYfFMXN
stafPrt2veKSJKlsMFMGVhtq+3OYbFPa7pdpvQ38j9xx8WconrwANabn8Y1u9HkOdfzm
6IT8Df++3d95PkSpWHWAeAjPuE5xPJYfdxiYz0QDKbT8gX/Ab5dLWxFZkj9UDQeqcbU3
8ETsrNAhGa2zPowQ3li30HEdNJo3hSLNlEr0z89OjNg6JgKBlHM+dVVtGEhIp1TRyI+a
8gwB4DIIqeaelwbTUrbQvhawPvwjEjEbNmZifEyhwWHf6U+vcqF69uELxHFXeuwbfgQz
fZ9Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1748092051; x=1748696851; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:to:subject:message-id:date:from:in-reply-to
:references:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=69deYQVeZzkVa7zRVu2BWPaIHbniIxrXMYYDUfCAeZI=;
b=Ouf+oMId/cfqEYhCcszhDP++nUTG+lwymYXrz9kM0SO9eGQo56cexacdpBCGu+phjv
WwA6cfz082gErpU62FtOkx3wL6/9ulp8DLpVFnU6BKiwbbUZw3UHO4C2/rkNFsYq/CO/
bh3onGLCRA7XrkAbvqIEJa9JRobxOIyV+0geKikmkfKqDbI7rGwCTE/Z4DYnuRs91lSM
kCk1ABgEm9tPLkBhVk73rXPr1uWz6y1TvvP+oRb2sfxoYkBlls9YPJ7VfBxTliYX9LUD
rx8efOWEQQkq2tBSDZFCl/dIrbyxVZoJN1IwYXz59DVi1Dr3i9Vq6jwyB4E6nAvXl7aj
Yc5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1748092051; x=1748696851;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:to:subject:message-id:date:from:in-reply-to
:references:mime-version:x-beenthere:x-gm-message-state:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=69deYQVeZzkVa7zRVu2BWPaIHbniIxrXMYYDUfCAeZI=;
b=WjYcHm9jTwiqbFcMvSj54Ciaud1EoCgQzrzm2c+nGIIAf5Jmq/cV3RzebYWtS3idDr
2lXXyG3vKW0DlF5v/I/At69489woLZbvqpWvQfBiiRB+MiUeP7F0pW91pTVdFQ4wraT4
tsQuKm2lWqKBw/i85vV2OwDnNthA2Ro4+XzQU5AQ39sF2yuwuUE3+Hm8BxiLkUQpbaRt
d9aGNhpLmGo2Gfbv8FQ/dNNbAHaLQS9AY0LYUqSj6egipeNJK12N3M7DG+jQo8Xi2gqe
eRyGhVnriAjvPMT6oHFEWJlkoX0OhQGvmfPUbXRMisokB0fQgJ5gRGUsdGpDw0rF+lUl
ur7g==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCVrlnyq8nW13XCo/V0A2nCxzqPk0twbqmST+hjMQW4ntcFHgVnOTT1Mqx3m105vrBs6i/FqATn/8hML@gnusha.org
X-Gm-Message-State: AOJu0YzCQMUB8l4uDpwFsgeVOVf1akpFpfSSkd/UwDPm7DEtmuR6qKF0
i+74lGdvz30D7qox2JLJTuQE8r5McyfnzLbJiujjpIUklm8jc3gqiCf/
X-Google-Smtp-Source: AGHT+IGqb/dIvjukukYDPYkowHTvVD3kDLM8cyQhw04FTmJgqnJSPprTm7H/HLLqh9HyKPJsC9d+/A==
X-Received: by 2002:a05:6808:6410:b0:404:ee81:deb0 with SMTP id 5614622812f47-40646810330mr1335426b6e.2.1748092051241;
Sat, 24 May 2025 06:07:31 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AVT/gBGxURFyA5UkgZp8LKvSZOo0j5boADOcx39gMXZrtUNNiw==
Received: by 2002:a4a:d81a:0:b0:5fe:b6d6:7500 with SMTP id 006d021491bc7-60b9f6f1823ls501916eaf.2.-pod-prod-07-us;
Sat, 24 May 2025 06:07:27 -0700 (PDT)
X-Received: by 2002:a05:6808:6f94:b0:404:e2fe:ee98 with SMTP id 5614622812f47-4064682286amr1408820b6e.10.1748092047478;
Sat, 24 May 2025 06:07:27 -0700 (PDT)
Received: by 2002:a05:6402:22a2:b0:604:5cbf:497f with SMTP id 4fb4d7f45d1cf-6045cbf508cmsa12;
Sat, 24 May 2025 05:33:51 -0700 (PDT)
X-Received: by 2002:a05:6402:35c6:b0:602:29e0:5e24 with SMTP id 4fb4d7f45d1cf-602d7c98073mr1986444a12.0.1748090029046;
Sat, 24 May 2025 05:33:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1748090029; cv=none;
d=google.com; s=arc-20240605;
b=MGcT73D0J2KXWSTZixuvNG0Zatf6Er0kIKX+6S+s8+lBOB0vEzggJxZJlZCPVv3E3t
GiDCasseKz4yBcNn2yymJMISMCfgHizJfF/bxMOvfrCJ9LQYBYrDA7LgY4/ottbeLv+6
Jbw/HSIkSp4U+u05gvzYRrMdz85Gjmm4Rgpq4JM8J+HjLofe9wMLZv/g7D0GOUFfy/mU
h7kgdtAaMAVzPb47UWGo7SlFoTqn83iMhRy9sRu6n2k3kqvITVIaZkSkDSIbfkN3LVRE
NqWltIMLBpJtnz+8KPKz3I6zgNpVmc/HZGslbPpLvmEeY+6sLWtbeGM2wszv321LcFeh
dGaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=to:subject:message-id:date:from:in-reply-to:references:mime-version
:dkim-signature;
bh=Sj2X6r27jYtNJbTe3Db+jAK/soLPZV6AFQK7W58ObNY=;
fh=DMP0F9ULS1guKiqimntQRCN8ZraraesEgQuVcn7F0Z0=;
b=RryAzGkYMBwSqnLDOx12ffkQECQPCIWnepo1g4tpJtc9CI5MfOdPQwln6SUDai0bnv
3Mm/CAWNf/GILfrFgFdLtvs42EbkHkAsnaWDa8l2H9otUKU6w0WMrsiLh7w5l/6G8Mul
x0vVoqSCDvS7cIOKuxnWyqgBm81oR3cnJc+a5Uo4avKin5d3YgwKfLSqYmye6ekrNGS6
/rLRsPz2m4U1hwHvdB7VNu+4gxnEB3z+7SisfaMUSHIa54ELAijgUE3kt5OaGg3Mznbf
7hNnptY8G5CV2A+CU0D0oW9J2jcDUGMnEdHoRgEHiG9q2SaAdCZiLZ/Zf0YmvRMb2K0y
Fj0A==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=fkc47PC9;
spf=pass (google.com: domain of nerdyrugbyguy@gmail.com designates 2a00:1450:4864:20::42d as permitted sender) smtp.mailfrom=nerdyrugbyguy@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com. [2a00:1450:4864:20::42d])
by gmr-mx.google.com with ESMTPS id 4fb4d7f45d1cf-6005a9ee990si208592a12.2.2025.05.24.05.33.49
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Sat, 24 May 2025 05:33:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of nerdyrugbyguy@gmail.com designates 2a00:1450:4864:20::42d as permitted sender) client-ip=2a00:1450:4864:20::42d;
Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-3a36e0d22c1so468048f8f.2
for <bitcoindev@googlegroups.com>; Sat, 24 May 2025 05:33:48 -0700 (PDT)
X-Gm-Gg: ASbGncvbxGlh1CUczSNB4RTRD7by084QSXoipzBaEQdBfj0Ks3TFIX+/1KXVm2qp7tP
edu+l9aKg5ossR9DJm1TMN5JW+y+VlqdgUgPqMkQiUhwf2pMDNsqiHkWXAI8cC9nbHXB+jcYP5p
dsUlYTRd0w/5zchkf8vGXVVdakqrzBGuhIh+B+vahYeA==
X-Received: by 2002:a05:6000:2285:b0:3a3:ec58:ebf2 with SMTP id
ffacd0b85a97d-3a4cb408fb0mr2307620f8f.7.1748090027382; Sat, 24 May 2025
05:33:47 -0700 (PDT)
MIME-Version: 1.0
References: <a139ee2e-473c-487b-a9b0-e68013fdb7cen@googlegroups.com>
<CAL9hkF1ptPqvjNqpBHv3_WkEf0cL5HhNudT9SNXZ9DfzpupyOA@mail.gmail.com>
<09A940A2-122A-445E-82EA-1B4E32AC7E34@gmail.com> <CAMZUoK=A8T5N4ekR7r6+cfaxMCYL=a5_v0kqdPNVDzgcUY9xrg@mail.gmail.com>
In-Reply-To: <CAMZUoK=A8T5N4ekR7r6+cfaxMCYL=a5_v0kqdPNVDzgcUY9xrg@mail.gmail.com>
From: Eric Kvam <nerdyrugbyguy@gmail.com>
Date: Sat, 24 May 2025 06:33:35 -0600
X-Gm-Features: AX0GCFvJNTze8upgs5p0Fkdeb-kMD9FgKwLMiT_WCu31hFCYlHLAI8jEfDhLSO4
Message-ID: <CADXQin4VbtvyWDGYLJB0HyJ2+Eai-01CKt6J6UzXM9qtdGJbuw@mail.gmail.com>
Subject: Re: [bitcoindev] BIP39 Extension for Manual Seed Phrase Creation
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Content-Type: multipart/alternative; boundary="0000000000001e1b0f0635e0eddf"
X-Original-Sender: nerdyrugbyguy@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b=fkc47PC9; spf=pass
(google.com: domain of nerdyrugbyguy@gmail.com designates 2a00:1450:4864:20::42d
as permitted sender) smtp.mailfrom=nerdyrugbyguy@gmail.com; dmarc=pass
(p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
--0000000000001e1b0f0635e0eddf
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
I dug up some past arguments regarding the BIP39 checksum. Hopefully my
proposal to import manually generated entropy with a 16 word seed phrase
avoids controversy because it doesn't conflict with the existing
12/15/18/21/24 word seed phrase formats that are meant for transcribing
computer generated entropy.
-
https://www.reddit.com/r/TREZOR/comments/1d47lxg/bip39_checksum_is_a_mis=
feature_trezor_should/
-
https://www.reddit.com/r/Bitcoin/comments/k761mf/fck_the_mnemonic_senten=
ce_checksum/
-
https://bitcoin.stackexchange.com/questions/100376/should-the-bip-39-mne=
monic-sentence-checksum-be-eliminated-from-the-standard-do
-
https://www.reddit.com/r/Bitcoin/comments/wh0s11/bip39_whats_the_benefit=
_of_the_checksum_word/
Using BIP39 to import manually generated entropy into a computer is a
work-around that has become a de-facto standard. Some others, like me,
have found that the checksum does more harm than good when importing
manually generated entropy. I can see that the checksum is quite helpful
when transcribing seed phrases between two computing devices. In lieu of a
checksum, users transcribing their 16 word phrase could: select their input
from the full 2048 word list, select their input from 256 words but do it
twice, check the xpub derived from their seed phrase input. Initial
confirmation of the xpub is critical to ensure that a compromised computing
device can not cause users to send funds to an address they don't control.
Users might store the 16 word phrase, or discard it once they have
confirmed their xpub in favor of a format that is better for transcription
(12 word phrase or seedQR).
When I am onboarding no-coiners, getting them to create their seed phrase
has been a stumbling block. Any friction during onboarding reduces the
conversion rate. Most people will not bother to learn what a hash is but
already understand randomness from games like poker and understand the need
to keep their passphrase secret. Just as BIP39 helped enable the
proliferation of devices like Trezor/Ledger, a standardized format for
import of manually generated entropy enables cheap and simple paper
products to help users create their seed phrase. A printout of the
wordlist with paper masks that each cover half of the words would make it
easy for users to perform a binary search. The user could simply set a
mask on top of the wordlist as odd or even based on the totals of dice
rolls until only one word is showing. Such a product can be bundled with
steel plates for recording and storing the phrase. Instead of the user
having to learn about binary numbers, hashes, and checksums, no numbers are
required at all. The secure computing device and its ops can also be
simplified (only needs to accept seedphrase, display xpub, scan unsigned
TX, and display signed TX).
On Fri, May 23, 2025 at 2:45=E2=80=AFPM Russell O'Connor <roconnor@blockstr=
eam.com>
wrote:
> FWIW, BIP-93 (codex32) was designed for both human and computer generated
> randomness. Codex32 also supports human and computer generated secret
> sharing.
>
> See also <https://secretcodex32.com/>.
>
> On Fri, May 23, 2025 at 11:35=E2=80=AFAM Eric <nerdyrugbyguy@gmail.com> w=
rote:
>
>> Quoting BIP39: "This guide is meant to be a way to transport
>> computer-generated randomness with a human-readable transcription."
>>
>> BIP39 was meant to capture computer generated randomness. Manually
>> calculating the sha256 hash is not practical.
>>
>> Using a separate tool to compute the checksum or last word is cumbersome
>> and requires users to have a more advanced understanding of cryptography=
.
>>
>>
>> On May 23, 2025 8:29:27 AM MDT, Kyle Honeycutt <coinables@gmail.com>
>> wrote:
>>
>>> Respectfully, a "black box" is not trusted to generate mnemonic
>>> passphrases, the standard is well-defined and generally followed across
>>> wallets.
>>>
>>>
>>> https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generati=
ng_the_mnemonic
>>>
>>> Users can create their own mnemonics in a trustless way following the
>>> BIP39 standard published in 2013.
>>>
>>> Using any entropy source a user can perform a SHA256 hash on the entrop=
y
>>> to get a 256 bit string, then convert that to binary. Perform another
>>> SHA256 hash on the binary, take the first 8 bits and solve for checksum=
and
>>> then solve the rest of mnemonic words.
>>>
>>> On Fri, May 23, 2025, 6:15=E2=80=AFAM Eric Kvam <nerdyrugbyguy@gmail.co=
m> wrote:
>>>
>>>> *Motivation*
>>>> Make it easy for users to manually create their seed phrase so that
>>>> they don't have to trust a "black box" and allow for encoding derivati=
on
>>>> path in seed phrase to simplify recovery
>>>>
>>>> *How*
>>>> Use every eighth word from the wordlist to generate 16 word phrases
>>>> with 128 bits of entropy (no checksum). The most significant eight bi=
ts of
>>>> each word are used as entropy. The least significant three bits of ea=
ch
>>>> word specify the derivation path.
>>>>
>>>> - *000* Derivation Path Not Specified
>>>> - *001* m/44'/0'/0'
>>>> - *010* m/49'/0'/0'
>>>> - *011* m/84'/0'/0'
>>>> - *100* m/48'/0'/0'/2'
>>>> - *101* m/86'/0'/0'
>>>>
>>>> Up to seven derivation paths can be specified if all words have the
>>>> same least significant bits. If the least significant bits of each wo=
rd
>>>> vary, there are 48 bits that can be used to encode meta-data. As long=
as
>>>> meta-data is limited to certain allowable values, this provides a mech=
anism
>>>> for error detection, similar to a checksum.
>>>>
>>>> *Benefits of Suggested Implementation*
>>>>
>>>> - The word length determines how the seed phrase should be
>>>> interpreted. User only needs to know how many words they have and =
how many
>>>> words the wallet supports to check for compatibility with this exte=
nsion
>>>> - Uses same wordlist to represent the same entropy as a 12 word
>>>> phrase (could be a revision to BIP39 instead of a new BIP)
>>>> - Manual procedure is very simple, each derivation path can use a
>>>> shortened 256 word list which enjoys improved alphabetical separati=
on of
>>>> words
>>>> - May prevent naive word selections which aren't limited to every
>>>> eighth word (similar to what checksum does)
>>>> - Can be extended further. For example, a 32 word phrase with the
>>>> same entropy as a 24 word phrase could also be added. We can keep =
adding
>>>> formats with unique word length and keep adding uses for the meta d=
ata as
>>>> needed.
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Bitcoin Development Mailing List" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to bitcoindev+unsubscribe@googlegroups.com.
>>>> To view this discussion visit
>>>> https://groups.google.com/d/msgid/bitcoindev/a139ee2e-473c-487b-a9b0-e=
68013fdb7cen%40googlegroups.com
>>>> <https://groups.google.com/d/msgid/bitcoindev/a139ee2e-473c-487b-a9b0-=
e68013fdb7cen%40googlegroups.com?utm_medium=3Demail&utm_source=3Dfooter>
>>>> .
>>>>
>>> --
>> You received this message because you are subscribed to the Google Group=
s
>> "Bitcoin Development Mailing List" group.
>> To unsubscribe from this group and stop receiving emails from it, send a=
n
>> email to bitcoindev+unsubscribe@googlegroups.com.
>> To view this discussion visit
>> https://groups.google.com/d/msgid/bitcoindev/09A940A2-122A-445E-82EA-1B4=
E32AC7E34%40gmail.com
>> <https://groups.google.com/d/msgid/bitcoindev/09A940A2-122A-445E-82EA-1B=
4E32AC7E34%40gmail.com?utm_medium=3Demail&utm_source=3Dfooter>
>> .
>>
>
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
CADXQin4VbtvyWDGYLJB0HyJ2%2BEai-01CKt6J6UzXM9qtdGJbuw%40mail.gmail.com.
--0000000000001e1b0f0635e0eddf
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>I dug up some past arguments regarding the BIP39 chec=
ksum.=C2=A0 Hopefully my proposal to import manually generated entropy with=
a 16 word seed phrase avoids controversy because it doesn't conflict w=
ith the existing 12/15/18/21/24 word seed phrase formats that are meant for=
transcribing computer generated entropy.=C2=A0=C2=A0</div><div><ul><li><a =
href=3D"https://www.reddit.com/r/TREZOR/comments/1d47lxg/bip39_checksum_is_=
a_misfeature_trezor_should/">https://www.reddit.com/r/TREZOR/comments/1d47l=
xg/bip39_checksum_is_a_misfeature_trezor_should/</a></li><li><a href=3D"htt=
ps://www.reddit.com/r/Bitcoin/comments/k761mf/fck_the_mnemonic_sentence_che=
cksum/">https://www.reddit.com/r/Bitcoin/comments/k761mf/fck_the_mnemonic_s=
entence_checksum/</a></li><li><a href=3D"https://bitcoin.stackexchange.com/=
questions/100376/should-the-bip-39-mnemonic-sentence-checksum-be-eliminated=
-from-the-standard-do">https://bitcoin.stackexchange.com/questions/100376/s=
hould-the-bip-39-mnemonic-sentence-checksum-be-eliminated-from-the-standard=
-do</a></li><li><a href=3D"https://www.reddit.com/r/Bitcoin/comments/wh0s11=
/bip39_whats_the_benefit_of_the_checksum_word/">https://www.reddit.com/r/Bi=
tcoin/comments/wh0s11/bip39_whats_the_benefit_of_the_checksum_word/</a></li=
></ul><div><br></div><div>Using BIP39 to import manually generated entropy =
into a computer is a work-around that has become a de-facto standard.=C2=A0=
Some others, like me, have found that the=C2=A0checksum does more harm tha=
n good when importing manually generated entropy.=C2=A0 I can see that the =
checksum is quite helpful when transcribing seed phrases between two comput=
ing devices.=C2=A0 In lieu of a checksum, users transcribing their 16 word =
phrase could: select their input from the full 2048 word list, select their=
input from 256 words but do it twice, check the xpub derived from their se=
ed phrase input.=C2=A0 Initial confirmation of the xpub is critical to ensu=
re that a compromised computing device can not cause users to send funds to=
an address they don't control.=C2=A0 Users might store the 16 word phr=
ase, or discard it once they have confirmed their xpub in favor of a format=
that is better for transcription (12 word phrase or seedQR).=C2=A0=C2=A0</=
div></div><div><br></div><div>When I am onboarding no-coiners, getting them=
to create their seed phrase has been a stumbling block.=C2=A0 Any friction=
during onboarding reduces the conversion rate.=C2=A0 Most people will not =
bother to=C2=A0learn what a hash is but already understand randomness from =
games like poker and understand the need to keep their passphrase secret.=
=C2=A0 Just as BIP39 helped enable the proliferation of devices like Trezor=
/Ledger, a standardized format for import of manually generated entropy ena=
bles cheap and simple paper products to help users create their seed phrase=
.=C2=A0 A printout of the wordlist with paper masks that each cover half of=
the words would make it easy for users to perform a binary search.=C2=A0 T=
he user could simply set a mask on top of the wordlist as odd or even based=
on the totals of dice rolls until only one word is showing.=C2=A0 Such a p=
roduct can be bundled with steel plates for recording and storing the phras=
e.=C2=A0 Instead of the user having to learn about binary numbers, hashes, =
and checksums, no numbers are required at all.=C2=A0 The=C2=A0secure comput=
ing device and its ops can also be simplified (only needs to accept seedphr=
ase, display xpub, scan unsigned TX, and display signed TX).</div></div><br=
><div class=3D"gmail_quote gmail_quote_container"><div dir=3D"ltr" class=3D=
"gmail_attr">On Fri, May 23, 2025 at 2:45=E2=80=AFPM Russell O'Connor &=
lt;<a href=3D"mailto:roconnor@blockstream.com">roconnor@blockstream.com</a>=
> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div=
dir=3D"ltr"><div dir=3D"ltr"><div>FWIW, BIP-93 (codex32) was designed for =
both human and computer generated randomness.=C2=A0 Codex32 also supports h=
uman and computer generated secret sharing.</div><div><br></div><div>See al=
so <<a href=3D"https://secretcodex32.com/" target=3D"_blank">https://sec=
retcodex32.com/</a>>.</div><br><div class=3D"gmail_quote"><div dir=3D"lt=
r" class=3D"gmail_attr">On Fri, May 23, 2025 at 11:35=E2=80=AFAM Eric <<=
a href=3D"mailto:nerdyrugbyguy@gmail.com" target=3D"_blank">nerdyrugbyguy@g=
mail.com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D=
"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-le=
ft:1ex"><div><div dir=3D"auto">Quoting BIP39: "This guide is meant to =
be a way to transport computer-generated randomness with a human-readable t=
ranscription."<br><br>BIP39 was meant to capture computer generated ra=
ndomness.=C2=A0 Manually calculating the sha256 hash is not practical.<br><=
br>Using a separate tool to compute the checksum or last word is cumbersome=
and requires users to have a more advanced understanding of cryptography.<=
/div><br><br><div class=3D"gmail_quote"><div dir=3D"auto">On May 23, 2025 8=
:29:27 AM MDT, Kyle Honeycutt <<a href=3D"mailto:coinables@gmail.com" ta=
rget=3D"_blank">coinables@gmail.com</a>> wrote:</div><blockquote class=
=3D"gmail_quote" style=3D"margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rg=
b(204,204,204);padding-left:1ex">
<div dir=3D"ltr"><p dir=3D"ltr">Respectfully, a "black box" is no=
t trusted to generate mnemonic passphrases, the standard is well-defined an=
d generally followed across wallets.</p><p dir=3D"ltr"><a href=3D"https://g=
ithub.com/bitcoin/bips/blob/master/bip-0039.mediawiki#Generating_the_mnemon=
ic" target=3D"_blank">https://github.com/bitcoin/bips/blob/master/bip-0039.=
mediawiki#Generating_the_mnemonic</a></p><p>Users can create their own mnem=
onics in a trustless way following the BIP39 standard published in 2013.=C2=
=A0</p><p>Using any entropy source a user can perform a SHA256 hash on the =
entropy to get a 256 bit string, then convert that to binary. Perform anoth=
er SHA256 hash on the binary, take the first 8 bits and solve for checksum =
and then solve the rest of mnemonic words.</p></div>
<br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri=
, May 23, 2025, 6:15=E2=80=AFAM Eric Kvam <<a href=3D"mailto:nerdyrugbyg=
uy@gmail.com" target=3D"_blank">nerdyrugbyguy@gmail.com</a>> wrote:<br><=
/div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;bo=
rder-left:1px solid rgb(204,204,204);padding-left:1ex"><b><u>Motivation</u>=
</b><div>Make it easy for users to manually create their seed phrase so tha=
t they don't have to trust a "black box" and allow for encodi=
ng derivation path in seed phrase to simplify recovery</div><div><br><div><=
div><b><u>How</u></b></div></div><div>Use every eighth word from the wordli=
st to generate 16 word phrases with 128 bits of entropy (no checksum).=C2=
=A0 The most significant eight bits of each word are used as entropy.=C2=A0=
The least significant three bits of each word specify the derivation path.=
</div><div><ul><li><b>000</b> Derivation Path Not Specified</li><li><b>001<=
/b> m/44'/0'/0'</li><li><b>010</b> m/49'/0'/0'</li=
><li><b>011</b> m/84'/0'/0'</li><li><b>100</b> m/48'/0'=
;/0'/2'</li><li><b>101</b> m/86'/0'/0'</li></ul><div>Up=
to seven derivation paths can be specified if all words have the same leas=
t significant bits.=C2=A0 If the least significant bits of each word vary, =
there are 48 bits that can be used to encode meta-data.=C2=A0 As long as me=
ta-data is limited to certain allowable values, this provides a mechanism f=
or error detection, similar to a checksum.</div></div></div><div><br></div>=
<div><b><u>Benefits of Suggested Implementation</u></b></div><div><ul><li>T=
he word length determines how the seed phrase should be interpreted.=C2=A0 =
User only needs to know how many words they have and how many words the wal=
let supports to check for compatibility with this extension</li><li>Uses sa=
me wordlist to represent the same entropy as a 12 word phrase (could be a r=
evision to BIP39 instead of a new BIP)</li><li>Manual procedure is very sim=
ple, each derivation path can use a shortened 256 word list which enjoys im=
proved alphabetical separation of words</li><li>May prevent naive word sele=
ctions which aren't limited to every eighth word (similar to what check=
sum does)</li><li>Can be extended further.=C2=A0 For example, a 32 word phr=
ase with the same entropy as a 24 word phrase could also be added.=C2=A0 We=
can keep adding formats with unique word length and keep adding uses for t=
he meta data as needed.</li></ul></div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com" rel=3D"n=
oreferrer" target=3D"_blank">bitcoindev+unsubscribe@googlegroups.com</a>.<b=
r>
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/a139ee2e-473c-487b-a9b0-e68013fdb7cen%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter" rel=3D"noreferrer" target=3D"_blank">h=
ttps://groups.google.com/d/msgid/bitcoindev/a139ee2e-473c-487b-a9b0-e68013f=
db7cen%40googlegroups.com</a>.<br>
</blockquote></div>
</blockquote></div></div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com" target=
=3D"_blank">bitcoindev+unsubscribe@googlegroups.com</a>.<br>
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/09A940A2-122A-445E-82EA-1B4E32AC7E34%40gmail.com?utm_medium=3Dem=
ail&utm_source=3Dfooter" target=3D"_blank">https://groups.google.com/d/=
msgid/bitcoindev/09A940A2-122A-445E-82EA-1B4E32AC7E34%40gmail.com</a>.<br>
</blockquote></div></div>
</div>
</blockquote></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CADXQin4VbtvyWDGYLJB0HyJ2%2BEai-01CKt6J6UzXM9qtdGJbuw%40mail.gma=
il.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/=
msgid/bitcoindev/CADXQin4VbtvyWDGYLJB0HyJ2%2BEai-01CKt6J6UzXM9qtdGJbuw%40ma=
il.gmail.com</a>.<br />
--0000000000001e1b0f0635e0eddf--
|
