1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
Return-Path: <thealanevans@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 5CCC0AF9C
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 6 Feb 2019 14:28:32 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com
[209.85.208.52])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 1573B899
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 6 Feb 2019 13:48:38 +0000 (UTC)
Received: by mail-ed1-f52.google.com with SMTP id r15so4459711eds.9
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 06 Feb 2019 05:48:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=/SXwD46STgaau1JKmPZnpNadgUqndN6yNc+haSWWJKc=;
b=OPfqrq0KWGSyg6TX8KyS+xZLxAZeE0o6shz6oD64O80joKKLLWossW0W6LVRiw/Mv8
joesDTbkmmWBJ+53zjlRFL/9LwM2jMMaPqAoM+MMxXU2kfbBAW1mSdKqSYqCHQWUtPR7
dqBazLqJyBWO4SynAfesEfpoBg/d0oba3r4OM+d3dGdCywd368EcJVZ/lGipxbUvp5pM
dlEGOgjrW9GKtjDvIPXFEGD718RXf+zkK/Cnt8kq3abeXPs5fVw0L0VCDffWFQGMntKS
VSWUxiYH2nO/+Z2afl7qO4mYDyU6ZQsez85oAdEvEH7K8oGtkIggXWRMTAHSrf/u+FQF
waeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=/SXwD46STgaau1JKmPZnpNadgUqndN6yNc+haSWWJKc=;
b=kPmEpx3RwMDygjcvg9ZND0HgubVso/8G6NGqJPAQkwdMY8fo25LtedLMw3oDXqlRUf
8HAKMePq5bGjklVXz6qjCDL2aIppNSaPSmtnexGAC5e0wvZYLpLiFDnUPlXmJ0fXm2rE
pVDUB5hZx8Mxa9cWx4bt37gs50eEAnwwzg9dQJ1c/fgfL8QVsEo1c6UxmzDgHN+9r06a
t9VeElXvow/OebeFVBMg+mZOBbEEAACp77AVZDKNtzmHonG5Y4qys8aIPGP2SyO3epwo
cZR1JVW6io7PI+EML0d5yHvII6eH5GrXPLhW9b75ThNCuf7GVD1g1tjJfT+848S7jARr
3U8g==
X-Gm-Message-State: AHQUAubAuU0LKEb0iE8Ht5jEk73iFxO/e6ajhnANZGk8QKE4O07ZV1in
eOY7DyNmazvSbFbiVUNDO2SLCnH0g3y6SkWsKFc=
X-Google-Smtp-Source: AHgI3IaEEjMm4PVa6VPeqUON+O19xgu+6TU9uccxafJZWeAKkpgCnv7QMVjeE0ivEPicWcCwaGSI0g3731TjrI7NSMU=
X-Received: by 2002:a50:fe15:: with SMTP id f21mr8011802edt.116.1549460916523;
Wed, 06 Feb 2019 05:48:36 -0800 (PST)
MIME-Version: 1.0
References: <2s__WN8iJ71DEJxYfCGbJpcp3lVLuOV95To49v3xc9XxyHod7ikfJU3EjYt2bSReGlKpjLxny0fR8KkEGjZynH8OFBoy_aCfWaScv9Vw5I4=@protonmail.com>
<CAH+Axy5zB7GuS0Z6LCYibP81c0kk=uFk+t_uULCtwf-7xmnDfQ@mail.gmail.com>
<CAB0O3SUG5QbbdYphEkyRrbGfeeVF2L1UFKrg_wM+cxz5qdSdkg@mail.gmail.com>
In-Reply-To: <CAB0O3SUG5QbbdYphEkyRrbGfeeVF2L1UFKrg_wM+cxz5qdSdkg@mail.gmail.com>
From: Alan Evans <thealanevans@gmail.com>
Date: Wed, 6 Feb 2019 09:48:25 -0400
Message-ID: <CALPhJazk__qL5uM7nV_cxNDseLfbLsAGXNB8hef-u+vEg__6hQ@mail.gmail.com>
To: Devrandom <c1.bitcoin@niftybox.net>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="00000000000085e1d7058139fb8c"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Wed, 06 Feb 2019 15:48:05 +0000
Subject: Re: [bitcoin-dev] Card Shuffle To Bitcoin Seed
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2019 14:28:32 -0000
--00000000000085e1d7058139fb8c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
It's not quite enough to just do SHA512, you missed out this condition
(incredibly rare as it is):
> In case IL is 0 or =E2=89=A5n, the master key is invalid.
Also I can't see how I would use this to seed a hardware wallet that
requires a BIP39 seed as mentioned in your abstract.
For both of those reasons, you may want to just invent/formalize a scheme
that takes Cards -> Entropy.
From that Entropy one can generate BIP39, and non-BIP39 fans can just
continue, generate and store their root xprv.
Prior art: Note that Ian Coleman's BIP39 site already supports Cards (and
Dice), see the logic here:
https://github.com/iancoleman/bip39/blob/master/src/js/entropy.js
[image: image.png]
Note it detected "full deck". It also calculates the Total Bits of Entropy
and can handle card replacement and multiple decks.
PS, you're a bit out on your entropy calculation, log2(52!) ~=3D 225.58 bit=
s,
not 219.
On Tue, 5 Feb 2019 at 02:08, Devrandom via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> I would suggest 50+ 6-sided dice rolls, giving about 128 bits of entropy.
> Compared to a shuffle, it's easier to be sure that you got the right amou=
nt
> of entropy, even if the dice are somewhat biased.
>
>
> On Mon, Feb 4, 2019 at 2:33 PM James MacWhyte via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>>
>> James
>>
>>
>> On Sun, Feb 3, 2019 at 10:27 AM Ryan Havar via bitcoin-dev <
>> bitcoin-dev@lists.linuxfoundation.org> wrote:
>>
>>> Conveniently a shuffled deck of cards also can serve as a physical
>>> backup which is easy to hide in plain sight with great plausible
>>> deniability.
>>>
>>
>> To make sure someone doesn't play with your cards and mix up the order,
>> use a permanent marker to draw a diagonal line on the side of the deck f=
rom
>> corner to corner. If the cards ever get mixed up, you can put them back =
in
>> order by making sure the diagonal line matches up.
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--00000000000085e1d7058139fb8c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">It's not quite enough to just do SHA512, you missed ou=
t this condition (incredibly rare as it is):<div><br></div><div>> In cas=
e IL is 0 or =E2=89=A5n, the master key is invalid.</div><div><br></div><di=
v>Also I can't see how I would use this to seed a hardware wallet that =
requires a BIP39 seed as mentioned in your abstract.</div><div><br></div><d=
iv>For both of those reasons, you may want to just invent/formalize a schem=
e that takes Cards -> Entropy.</div><div>From that Entropy one can gener=
ate BIP39, and non-BIP39 fans can just continue, generate and store their r=
oot xprv.<br></div><div><br></div><div>Prior art: Note that Ian Coleman'=
;s BIP39 site already supports Cards (and Dice), see the logic here:=C2=A0<=
a href=3D"https://github.com/iancoleman/bip39/blob/master/src/js/entropy.js=
" rel=3D"noreferrer" target=3D"_blank">https://github.com/iancoleman/bip39/=
blob/master/src/js/entropy.js</a></div><div><br></div><div><div><div><img s=
rc=3D"cid:ii_jrt8lj791" alt=3D"image.png" width=3D"525" height=3D"294"><br>=
</div></div></div><div><br></div><div>Note it detected "full deck"=
;. It also calculates the Total Bits of Entropy and can handle card replace=
ment and multiple decks.</div><div><br></div><div>PS, you're a bit out =
on your entropy calculation, log2(52!) ~=3D 225.58 bits, not 219.</div><div=
><br></div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"g=
mail_attr">On Tue, 5 Feb 2019 at 02:08, Devrandom via bitcoin-dev <<a hr=
ef=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.linux=
foundation.org</a>> wrote:<br></div><blockquote class=3D"gmail_quote" st=
yle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padd=
ing-left:1ex"><div dir=3D"ltr">I would suggest 50+ 6-sided dice rolls, givi=
ng about 128 bits of entropy.=C2=A0 Compared to a shuffle, it's easier =
to be sure that you got the right amount of entropy, even if the dice are s=
omewhat biased.<div><br></div></div><br><div class=3D"gmail_quote"><div dir=
=3D"ltr" class=3D"gmail_attr">On Mon, Feb 4, 2019 at 2:33 PM James MacWhyte=
via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.or=
g" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<b=
r></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">=
<div dir=3D"ltr"><br clear=3D"all"><div><div dir=3D"ltr" class=3D"gmail-m_2=
502680302958532490gmail-m_5907409456106827790gmail_signature"><div dir=3D"l=
tr"><div>James<br></div></div></div></div><br></div><br><div class=3D"gmail=
_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Sun, Feb 3, 2019 at 10:27 =
AM Ryan Havar via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@lists.linux=
foundation.org" target=3D"_blank">bitcoin-dev@lists.linuxfoundation.org</a>=
> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div=
>Conveniently a shuffled deck of cards also can serve as a physical backup =
which is easy to hide in plain sight with great plausible deniability.</div=
></blockquote><div><br></div><div>To make sure someone doesn't play wit=
h your cards and mix up the order, use a permanent marker to draw a diagona=
l line on the side of the deck from corner to corner. If the cards ever get=
mixed up, you can put them back in order by making sure the diagonal line =
matches up.=C2=A0</div></div></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">=
bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--00000000000085e1d7058139fb8c--
|