summaryrefslogtreecommitdiff
path: root/98/4d9615dff1df3ef6e8d68661d56d0044eb16a4
blob: 5e0cf11f3185c09dc16239ca497fec9d3f8ece92 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
Return-Path: <bitplates@marketnetworks.co.uk>
Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id DA56AC0001
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat,  8 May 2021 15:22:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by smtp1.osuosl.org (Postfix) with ESMTP id B1DE183D62
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat,  8 May 2021 15:22:09 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: 0.112
X-Spam-Level: 
X-Spam-Status: No, score=0.112 tagged_above=-999 required=5
 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7,
 RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, T_SPF_PERMERROR=0.01]
 autolearn=ham autolearn_force=no
Received: from smtp1.osuosl.org ([127.0.0.1])
 by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id YP74__ZsfIOR
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat,  8 May 2021 15:22:08 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
Received: from smtp.hosts.co.uk (smtp.hosts.co.uk [85.233.160.19])
 by smtp1.osuosl.org (Postfix) with ESMTPS id 3728883D51
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat,  8 May 2021 15:22:07 +0000 (UTC)
Received: from mail-lf1-f48.google.com ([209.85.167.48])
 by smtp.hosts.co.uk with esmtpsa (TLS1.3:TLS_AES_256_GCM_SHA384:256)
 (Exim) (envelope-from <bitplates@marketnetworks.co.uk>)
 id 1lfOmL-00045x-Di
 for bitcoin-dev@lists.linuxfoundation.org; Sat, 08 May 2021 16:22:06 +0100
Received: by mail-lf1-f48.google.com with SMTP id 124so16989763lff.5
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 08 May 2021 08:22:04 -0700 (PDT)
X-Gm-Message-State: AOAM533HP1dmjXFE74EjNNbWmeq5wUIlG7mRASEjUmel1eym9EZlFHAV
 8oyRywGQivozyLd6R96p+TtOLpz2uijN1MYURMY=
X-Google-Smtp-Source: ABdhPJz1tErqTft4+IOhALoWKx3ajzPKz9FonyN98fZdWN6O/K5T/4b7rTZevUCrifUjyvvhyJvmg1uRyo0EETz5Wek=
X-Received: by 2002:a05:6512:104d:: with SMTP id
 c13mr10355228lfb.59.1620487324019; 
 Sat, 08 May 2021 08:22:04 -0700 (PDT)
MIME-Version: 1.0
From: =?UTF-8?Q?BitPLATES=C2=AE_=28Chris=29?= <bitplates@marketnetworks.co.uk>
Date: Sat, 8 May 2021 16:21:51 +0100
X-Gmail-Original-Message-ID: <CAAvTZ6546k0Rx2ODQ7EHJWV=F-DU-kQEg=Qh6yK6WNH-dmgv8w@mail.gmail.com>
Message-ID: <CAAvTZ6546k0Rx2ODQ7EHJWV=F-DU-kQEg=Qh6yK6WNH-dmgv8w@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary="0000000000004fb17b05c1d31bc0"
X-Mailman-Approved-At: Sat, 08 May 2021 15:24:00 +0000
Subject: [bitcoin-dev] Proposal for an Informational BIP
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 08 May 2021 15:22:10 -0000

--0000000000004fb17b05c1d31bc0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi,

I'd like to submit an idea for review, as a potential informational BIP
(Bitcoin Improvement Proposal), describing an optional method of producing
a BIP39 passphrase, using only BIP39 'mnemonic' seed words.

The idea specifically refers to a method of introducing two-factor
authentication, to protect a Bitcoin wallet using only 24 seed words, and
therefore, providing plausible deniability about the existence of this
separate 2nd layer passphrase.

I've suggested the name 'quantum' passphrase to be used casually as a
unique identifier.

The data stored within a 'quantum' passphrase, is simultaneously the
minimum required data for reproducing a BIP39-compatible 24-word seed
mnemonic... hence, the name 'quantum' seems fitting, to reflect the
multiple simultaneous states of data.

Abstract...

This improvement proposal describes the use of twenty four, newly generated
BIP39 seed words, to produce a '25th-word' BIP39-compatible 'quantum'
passphrase.

Two-factor authentication (2FA) or (2 of 2 multi-signature) can be
implemented with a two-wallet setup:

The 1st Bitcoin wallet is protected by the seed words of the 2nd Bitcoin
wallet; inversely, the 2nd Bitcoin wallet is protected by the seed words of
the 1st Bitcoin wallet.

The 'quantum' passphrase offers an exponential increase in the level of
protection, as that offered by the original BIP39 mnemonic seed words
(=E2=89=882048^23 possible combinations).

ie. A Bitcoin wallet with a 2nd layer 'quantum'passphrase is protected by
2048^23 to the power of 2048^23 possible combinations.

With existing computer capabilities, this level of protection is far
greater than required; however, this does provide a sufficient level of
protection for each separate layer of a two-factor Bitcoin wallet, should
any one layer be accidentally exposed.

This method of passphrase generation, consists of two parts:

1st - generating the BIP39 mnemonic seed words, using a BIP39-compatible
hardware wallet.

2nd - Converting these seed words into the 'quantum' passphrase, following
four simple rules, which most importantly, do not destroy the integrity of
the initial data.

Motivation...

The well established practice of preserving up to 24 seed words for the
purpose of reproduction of a Bitcoin wallet, suffers from a major flaw...
Exposure of these mnemonic seed words can cause catastrophic loss of funds
without adequate multi-factor protection.

Whilst it is recognised that a number of multi-factor solutions are
available (including the standard BIP39 passphrase, and hardware wallet
multi-signature functionality), this proposal aims to provide an extremely
safe and secure 'low-tech' option, that requires minimal (non-destructive)
adjustments to the seed words.

Furthermore, the 'quantum' passphrase offers a number advantages over the
existing methods of multi-factor protection:

Firstly, this method of creating a passphrase leaves no evidence of its
existence on any backup devices, providing plausible deniability in case of
coercion.

This is because the passphrase is easily created from a genuine 24 seed
word mnemonic; therefore, the physical backup of the passphrase can be
disguised as a simple Bitcoin wallet on a metal backup plate.

It presents a way of discouraging user-created words or sentences (also
known as 'brain-wallets'), which often provide a drastically reduced level
of passphrase security, unbeknown to many users.

The large amount of data required to produce a 'quantum' passphrase (up to
96 characters long), encourages the physical backup of the passphrase.

Furthermore, the use of BIP39-only words provides a higher degree of
standardization, which can help to avoid potential mistakes made by
creating unnecessarily complicated combinations of letters, numbers and
symbols. Increased complication (disorderly, and non-human-friendly), does
not always equal increased complexity (orderly, and more human-friendly),
or increased security.

As previously mentioned, a two-wallet configuration provides the user an
opportunity to safely split the two factors of protection (equivalent to a
2 of 2 'multi-sig' setup).

If a BIP39-compatible passphrase is created using a new set of 24 seed
words, it provides 76 degrees of extra complexity (ie. 1 with 76 zeros, or
10=E2=81=B7=E2=81=B6 possible combinations of words).

The strength of this 2nd factor solution, provides adequate
risk-management, when considering the production of multiple backup
devices, strategically stored in multiple geographical locations.

Generating the 'quantum' passphrase...

Following just four (non-destructive) BIP39-compatible rules, the 24 seed
words can also function as a 'quantum' passphrase:

1 . Only BIP39 words
(Standard list of 2048 English words - other languages should be compatible=
)

2 . Only the first four letters of each word
(BIP39 words require only this data for reproduction)

3 . Only upper case letters
(All alphabet references use this standard format)

4 . No spaces between words
(Spaces represent an additional unit of data, that is not recorded)

In essence, the 'quantum' passphrase is simply a single string of all 24
seed words, set out using the above rules.

I welcome a productive technical discussion.

Thanks,

Chris Johnston

--0000000000004fb17b05c1d31bc0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">Hi,<div dir=3D"auto"><br></div><div dir=3D"auto">I&#39;d =
like to submit an idea for review, as a potential informational BIP (Bitcoi=
n Improvement Proposal), describing an optional method of producing a BIP39=
 passphrase, using only BIP39 &#39;mnemonic&#39; seed words.</div><div dir=
=3D"auto"><br></div><div dir=3D"auto">The idea specifically refers to a met=
hod of introducing two-factor authentication, to protect a Bitcoin wallet u=
sing only 24 seed words, and therefore, providing plausible deniability abo=
ut the existence of this separate 2nd layer passphrase.</div><div dir=3D"au=
to"><br></div><div dir=3D"auto">I&#39;ve suggested the name &#39;quantum&#3=
9; passphrase to be used casually as a unique identifier.</div><div dir=3D"=
auto"><br></div><div dir=3D"auto">The data stored within a &#39;quantum&#39=
; passphrase, is simultaneously the minimum required data for reproducing a=
 BIP39-compatible 24-word seed mnemonic... hence, the name &#39;quantum&#39=
; seems fitting, to reflect the multiple simultaneous states of data.</div>=
<div dir=3D"auto"><div dir=3D"auto"><br></div><div dir=3D"auto">Abstract...=
</div><div dir=3D"auto"><br></div><div dir=3D"auto">This improvement propos=
al describes the use of twenty four, newly generated BIP39 seed words, to p=
roduce a &#39;25th-word&#39; BIP39-compatible &#39;quantum&#39; passphrase.=
</div><div dir=3D"auto"><br></div><div dir=3D"auto">Two-factor authenticati=
on (2FA) or (2 of 2 multi-signature) can be implemented with a two-wallet s=
etup:</div><div dir=3D"auto"><br></div><div dir=3D"auto">The 1st Bitcoin wa=
llet is protected by the seed words of the 2nd Bitcoin wallet; inversely, t=
he 2nd Bitcoin wallet is protected by the seed words of the 1st Bitcoin wal=
let.</div><div dir=3D"auto"><br></div><div dir=3D"auto">The &#39;quantum&#3=
9; passphrase offers an exponential increase in the level of protection, as=
 that offered by the original BIP39 mnemonic seed words (=E2=89=882048^23 p=
ossible combinations).</div><div dir=3D"auto"><br></div><div dir=3D"auto">i=
e. A Bitcoin wallet with a 2nd layer &#39;quantum&#39;passphrase is protect=
ed by 2048^23 to the power of 2048^23 possible combinations.</div><div dir=
=3D"auto"><br></div><div dir=3D"auto">With existing computer capabilities, =
this level of protection is far greater than required; however, this does p=
rovide a sufficient level of protection for each separate layer of a two-fa=
ctor Bitcoin wallet, should any one layer be accidentally exposed.</div><di=
v dir=3D"auto"><br></div><div dir=3D"auto">This method of passphrase genera=
tion, consists of two parts:</div><div dir=3D"auto"><br></div><div dir=3D"a=
uto">1st - generating the BIP39 mnemonic seed words, using a BIP39-compatib=
le hardware wallet.</div><div dir=3D"auto"><br></div><div dir=3D"auto">2nd =
- Converting these seed words into the &#39;quantum&#39; passphrase, follow=
ing four simple rules, which most importantly, do not destroy the integrity=
 of the initial data.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Mo=
tivation...</div><div dir=3D"auto"><br></div><div dir=3D"auto">The well est=
ablished practice of preserving up to 24 seed words for the purpose of repr=
oduction of a Bitcoin wallet, suffers from a major flaw... Exposure of thes=
e mnemonic seed words can cause catastrophic loss of funds without adequate=
 multi-factor protection.</div><div dir=3D"auto"><br></div><div dir=3D"auto=
">Whilst it is recognised that a number of multi-factor solutions are avail=
able (including the standard BIP39 passphrase, and hardware wallet multi-si=
gnature functionality), this proposal aims to provide an extremely safe and=
 secure &#39;low-tech&#39; option, that requires minimal (non-destructive) =
adjustments to the seed words.</div><div dir=3D"auto"><br></div><div dir=3D=
"auto">Furthermore, the &#39;quantum&#39; passphrase offers a number advant=
ages over the existing methods of multi-factor protection:</div><div dir=3D=
"auto"><br></div><div dir=3D"auto">Firstly, this method of creating a passp=
hrase leaves no evidence of its existence on any backup devices, providing =
plausible deniability in case of coercion.</div><div dir=3D"auto"><br></div=
><div dir=3D"auto">This is because the passphrase is easily created from a =
genuine 24 seed word mnemonic; therefore, the physical backup of the passph=
rase can be disguised as a simple Bitcoin wallet on a metal backup plate.</=
div><div dir=3D"auto"><br></div><div dir=3D"auto">It presents a way of disc=
ouraging user-created words or sentences (also known as &#39;brain-wallets&=
#39;), which often provide a drastically reduced level of passphrase securi=
ty, unbeknown to many users.</div><div dir=3D"auto"><br></div><div dir=3D"a=
uto">The large amount of data required to produce a &#39;quantum&#39; passp=
hrase (up to 96 characters long), encourages the physical backup of the pas=
sphrase.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Furthermore, th=
e use of BIP39-only words provides a higher degree of standardization, whic=
h can help to avoid potential mistakes made by creating unnecessarily compl=
icated combinations of letters, numbers and symbols. Increased complication=
 (disorderly, and non-human-friendly), does not always equal increased comp=
lexity (orderly, and more human-friendly), or increased security.</div><div=
 dir=3D"auto"><br></div><div dir=3D"auto">As previously mentioned, a two-wa=
llet configuration provides the user an opportunity to safely split the two=
 factors of protection (equivalent to a 2 of 2 &#39;multi-sig&#39; setup).<=
/div><div dir=3D"auto"><br></div><div dir=3D"auto">If a BIP39-compatible pa=
ssphrase is created using a new set of 24 seed words, it provides 76 degree=
s of extra complexity (ie. 1 with 76 zeros, or 10=E2=81=B7=E2=81=B6 possibl=
e combinations of words).</div><div dir=3D"auto"><br></div><div dir=3D"auto=
">The strength of this 2nd factor solution, provides adequate risk-manageme=
nt, when considering the production of multiple backup devices, strategical=
ly stored in multiple geographical locations.</div><div dir=3D"auto"><br></=
div><div dir=3D"auto">Generating the &#39;quantum&#39; passphrase...</div><=
div dir=3D"auto"><br></div><div dir=3D"auto">Following just four (non-destr=
uctive) BIP39-compatible rules, the 24 seed words can also function as a &#=
39;quantum&#39; passphrase:</div><div dir=3D"auto"><br></div><div dir=3D"au=
to">1 . Only BIP39 words</div><div dir=3D"auto">(Standard list of 2048 Engl=
ish words - other languages should be compatible)</div><div dir=3D"auto"><b=
r></div><div dir=3D"auto">2 . Only the first four letters of each word</div=
><div dir=3D"auto">(BIP39 words require only this data for reproduction)</d=
iv><div dir=3D"auto"><br></div><div dir=3D"auto">3 . Only upper case letter=
s</div><div dir=3D"auto">(All alphabet references use this standard format)=
</div><div dir=3D"auto"><br></div><div dir=3D"auto">4 . No spaces between w=
ords</div><div dir=3D"auto">(Spaces represent an additional unit of data, t=
hat is not recorded)</div><div dir=3D"auto"><br></div><div dir=3D"auto">In =
essence, the &#39;quantum&#39; passphrase is simply a single string of all =
24 seed words, set out using the above rules.</div><div dir=3D"auto"><br></=
div><div dir=3D"auto">I welcome a productive technical discussion.</div><di=
v dir=3D"auto"><br></div><div dir=3D"auto">Thanks,</div><div dir=3D"auto"><=
br></div><div dir=3D"auto">Chris Johnston</div><div dir=3D"auto"><br></div>=
<div dir=3D"auto"><br></div></div></div>

--0000000000004fb17b05c1d31bc0--