Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id C828AC002A for ; Fri, 19 May 2023 21:25:01 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id A996182F49 for ; Fri, 19 May 2023 21:25:01 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org A996182F49 Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20221208 header.b=o9zyIJ/V X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -0.199 X-Spam-Level: X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id be8eUBNa0LuZ for ; Fri, 19 May 2023 21:24:59 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 4ACA781FF6 Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) by smtp1.osuosl.org (Postfix) with ESMTPS id 4ACA781FF6 for ; Fri, 19 May 2023 21:24:59 +0000 (UTC) Received: by mail-wr1-x436.google.com with SMTP id ffacd0b85a97d-30644c18072so2461720f8f.2 for ; Fri, 19 May 2023 14:24:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684531497; x=1687123497; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=MiXTuAvBXNV4JDHIRvLGw5g3ALLj9ARXfm03A0bV93g=; b=o9zyIJ/VNY4WUYM0srOq0V0LJba7J1GwkXMLTQvtlNsZjIxAYMdEKV1v8LD17BQdrW 7A1LijWyBdek9OLN7yepkTSg3mEIDxaovvCrLSmmk5fCx8IoIg1CNjy4fdZh1OELXdAh IFQ2HITdtM8MHICRf5pHnvaUfXatZP7CiDkZMIk35dvhOLMOGmahqqErFGImsjevCzhn nuSC8NI8IKU4npSlpCipK44Bdd8i1b7/xWjERIonINpK+O3gd6p5cqYB2fFSVQ0IpxYw USg+8cufYexLYtzS5gFsalfdUsBfjL+lusA3SFKfszbmIWRnMje8SiFACxz0AcBL0Y2D sAQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684531497; x=1687123497; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MiXTuAvBXNV4JDHIRvLGw5g3ALLj9ARXfm03A0bV93g=; b=XTiUDGxrcRkVRmw/r0cbXRUaiU/a14hATtUNzdUlGDCpxsQqJ0AFTAz5pA42wtA3vm WD6V/ZOTIznFAK39TTRuQSxTz2QF4/EQjFpwwRk398e1/fonqlzmIOxtedw6RYQdA7p9 mNIfczCSOZumRQu9TFdOyN8ItUzRCKeKCxaPpmT3hsM/nCYQYPYnUika7EECqD23KMWL B2RXXhPTANsSQJfKX/CytbGSpWNNC+OkX9E91Dlp4dLMxNiT9IY6twej744QvdSDy1sR QE+uqkKrFawgA97dpzkNMOLtgUUGgz9SG9XBxFFEmk9gnpgdEO6aBKy3X5toYiFp53r+ cXxQ== X-Gm-Message-State: AC+VfDys7QiU/PEfz6u5umgt6MaoRZwutit2oz8xMxAD7AQI26bh7wY+ oClSdEgmp3La+Ly5qAJ4W4KBMlcdBBGAhKPiPnA= X-Google-Smtp-Source: ACHHUZ66BfyFqOJuec5WKUd99KO1wQFD3LhTD8rd41wxZL0cwH044LtqGoz2AeLrln6ERc1VXnkGxV45MDRa2D6BOgc= X-Received: by 2002:a5d:490b:0:b0:306:32fa:6737 with SMTP id x11-20020a5d490b000000b0030632fa6737mr2588610wrq.8.1684531496886; Fri, 19 May 2023 14:24:56 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Keagan McClelland Date: Fri, 19 May 2023 15:24:45 -0600 Message-ID: To: yurisvb@pm.me, Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="0000000000007c257405fc128d93" X-Mailman-Approved-At: Fri, 19 May 2023 23:23:50 +0000 Subject: Re: [bitcoin-dev] Formosa --- proposed improvement upon BIP39 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 May 2023 21:25:01 -0000 --0000000000007c257405fc128d93 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Good day Yuri, This is a very cool idea. After reviewing the repository it seems that there lacks a BIP style specification for this, so it is possible that some of my takeaways may not be correct but I figured I'd comment with some observations anyway. Feel free to correct me where I've made a mistake. I think to make an idea like this work it would be necessary for it to "extend" BIP39 rather than "replace" it. What I mean by this is that BIP39 is heavily entrenched in the ecosystem and so in order for you to sidestep the need to get everyone in the ecosystem to adopt a new standard, you'd want this process to be able to output a standard BIP39 seed sequence. This becomes even more important when you allow these different "themes" that are mentioned later in the document. The notion of themes practically precludes the standardization of the technique since customization really is the antithesis of standardization. The largest value proposition of these schemes is that it allows significant wallet interoperability. This is achieved if process for translating these phrases to the underlying wallet seed is deterministic. Themes may prove to make this harder to solve. I also do not believe that themes meaningfully increase the ability to remember the phrase: the fact that the phrase has a valid semantic at all is a massive step up from an undifferentiated sequence of words that is the current state of BIP39. The benefits afforded by the themes here are little by comparison. Overall, I think exploring this idea further is a good idea. However, there may be concerns about whether the increased memorability is a good thing. It would certainly make $5 wrench attacks more viable, not less. I can't help but ask myself the question whether more Bitcoin is lost because of seed phrases not being memorized, or because of social engineering exercises used to scrape these phrases from the brains of users. I have a hunch that loss is a larger problem than theft, but it is a very real possibility that a wide deployment of this type of tech could change that. Stay Inspired, Keags On Tue, May 2, 2023 at 6:05=E2=80=AFAM Yuri S VB via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Dear colleagues, > > The following is a password format that improves upon BIP39 by allowing > meaningful, themed sentences with a regular grammatical structure instead > of semantically disconnected words, while keeping the same entropy/checks= um > and total bits/non-repeating leading digits ratios (of 32/1 and 11/4 > respectively). > > https://github.com/Yuri-SVB/formosa > > Anecdotal experiments suggest that less than one hour of moderate > concentration is enough for long term memorization of 128 + 4 bits > (equivalent to the 12 words standard of BIP39) if a theme of interest is > employed. > > I hereby offer it to your scrutiny as a Bitcoin Improvement Proposal. > Please don't hesitate to ask whatever issue about the project there might > be. > > Faithfully yours, Yuri S VB. > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --0000000000007c257405fc128d93 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Good day Yuri,

This is a very coo= l idea. After reviewing the repository it seems that there lacks a BIP styl= e specification for this, so it is possible that some of my takeaways may n= ot be correct but I figured I'd comment with some observations anyway. = Feel free to correct me where I've made a mistake.

I= think to make an idea like this work it would be necessary for it to "= ;extend" BIP39 rather than "replace" it. What I mean by this= is that BIP39 is heavily entrenched in the ecosystem and so in order for y= ou to sidestep the need to get everyone in the ecosystem to adopt a new sta= ndard, you'd want this process to be able to output a standard BIP39 se= ed sequence. This becomes even more important when you allow these differen= t "themes" that are mentioned later in the document. The notion o= f themes practically precludes the standardization of the technique since c= ustomization really is the antithesis of standardization.

The largest value proposition of these schemes is that it allows si= gnificant wallet interoperability. This is achieved if process for translat= ing these phrases to the underlying wallet seed is deterministic. Themes ma= y prove to make this harder to solve. I also do not believe that themes mea= ningfully increase the ability to remember the phrase: the fact that the ph= rase has a valid semantic at all is a massive step up from an undifferentia= ted sequence of words that is the current state of BIP39. The benefits affo= rded by the themes here are little by comparison.

= Overall, I think exploring this idea further is a good idea. However, there= may be concerns about whether the increased memorability is a good thing. = It would certainly make $5 wrench attacks more viable, not less. I can'= t help but ask myself the question whether more Bitcoin is lost because of = seed phrases not being memorized, or because of social engineering exercise= s used to scrape these phrases from the brains of users. I have a hunch tha= t loss is a larger problem than theft, but it is a very real possibility th= at a wide deployment of this type of tech could change that.

=
Stay Inspired,
Keags

On Tue, May 2, 2023 at 6:05= =E2=80=AFAM Yuri S VB via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote= :
Dear colleagues,

The following is a password format th= at improves upon BIP39 by allowing meaningful, themed sentences with a regu= lar grammatical structure instead of semantically disconnected words, while= keeping the same entropy/checksum and total bits/non-repeating leading dig= its ratios (of 32/1 and 11/4 respectively).

https://github.com/Yuri-SVB/f= ormosa

Anecdotal experiments suggest that less than one h= our of moderate concentration is enough for long term memorization of 128 += 4 bits (equivalent to the 12 words standard of BIP39) if a theme of intere= st is employed.

I hereby offer it to your scrutiny as a Bitcoin Impr= ovement Proposal. Please don't hesitate to ask whatever issue about the= project there might be.

Faithfully yours, Yuri S VB.

_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--0000000000007c257405fc128d93--