1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
|
Return-Path: <truthcoin@gmail.com>
Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
by lists.linuxfoundation.org (Postfix) with ESMTP id DABB8C002D
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Jul 2022 09:12:23 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp4.osuosl.org (Postfix) with ESMTP id B3F4A424B3
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Jul 2022 09:12:23 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org B3F4A424B3
Authentication-Results: smtp4.osuosl.org;
dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
header.a=rsa-sha256 header.s=20210112 header.b=qsCCeb/Z
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from smtp4.osuosl.org ([127.0.0.1])
by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id kI2ATpJAeQvu
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Jul 2022 09:12:20 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.8.0
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 363F9424AB
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com
[IPv6:2a00:1450:4864:20::12d])
by smtp4.osuosl.org (Postfix) with ESMTPS id 363F9424AB
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 8 Jul 2022 09:12:20 +0000 (UTC)
Received: by mail-lf1-x12d.google.com with SMTP id m18so16857500lfg.10
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 08 Jul 2022 02:12:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=FB1MNKjSOw2IfazrPnPYwfkp9zvEW+8QEhgQCIAniYI=;
b=qsCCeb/ZHnhwTFNrZhWw0zmKTbiPzhE2Cdiex4ZqJJWpBIsbCo0O8ZwEHz0H6R276K
amlnBFx6TRGWRfN6JHjkLImRwEokAqV6KE2gao0sLhDgk8oxGbaKe+VF4EZSYyZdSnHP
FsQJx9IxICh5TaXZnLCn1tkaICi1nEuqzabAFvm1p79zRCBnufYHLu1boJwJJLcBIw7P
7uHUCCVr9lkRia6GKPaLsFLZ0gA+LI9O7O82zCK+d6tHLgCIi0lSghX9foZrv1NMjhgF
rwlShATX3c5hpPM40bZYUsGLDoHjO6LKq4uOPX23Y8yUglmuTft3OFUl6hK/8PJRJMPI
K/TQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=FB1MNKjSOw2IfazrPnPYwfkp9zvEW+8QEhgQCIAniYI=;
b=xXF8wRTasdk6S5J2q9i8f1V/XE9VLO7sJgtjvlzSUfmVIN2zkCsCsTvbg49HQAwcV5
HKv1asf0MrK4oZEE7eZb09+qX8SSYvl/y5xxSDBdxmc58hVUHRzo2AksRyvEeR88gCob
RnUMMLQ8sBYEur+6t08iJPQ+cRTzQAEnegqzk7uzgfWUremYOX7YMccbqfchCe7cBIDo
sr0OoTHLHABh+lbIsecUrBdL48hfI5Bjoqmeuvhx3JBgMD5BxOd9BULz/SKjOkienM7R
YzqADy7rQYtgkMvirNek0hVns7rnmgn5bqT/fVnlyw7U/hd9HrHLsceVqreNT+Kumq4z
x3tA==
X-Gm-Message-State: AJIora9VF+b1XR3hLgPvh6cCyrpGkoAuPVUQLujDf5g+OtL2ne59TpJX
jHd1VpWOI0ZseDQlOgh+DN42WIR0/NpvVFs9Wb2ibnR2
X-Google-Smtp-Source: AGRyM1uLjtWmZAdeLuJjOQbMpOgOkogtdiD01LdU63n/+CmIe0pqArteZzByon66gi8RHbqKVpTAo2c6uBPZQg50xmw=
X-Received: by 2002:ac2:54a2:0:b0:489:57b0:7adc with SMTP id
w2-20020ac254a2000000b0048957b07adcmr1760420lfk.271.1657271537926; Fri, 08
Jul 2022 02:12:17 -0700 (PDT)
MIME-Version: 1.0
References: <3D3BFE9C-CFF3-49FF-840F-063B52C69A42@voskuil.org>
<164256450-0ee6752f92c0be297952fc72b59076df@pmq5v.m5r2.onet>
In-Reply-To: <164256450-0ee6752f92c0be297952fc72b59076df@pmq5v.m5r2.onet>
From: Paul Sztorc <truthcoin@gmail.com>
Date: Fri, 8 Jul 2022 05:12:06 -0400
Message-ID: <CA+XQW1iKVRmEnyP-CGM2Fo4qHi3SQHUfjEmKftDdju-uxHViJg@mail.gmail.com>
To: vjudeu@gazeta.pl,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Content-Type: multipart/alternative; boundary="0000000000005084fb05e347990c"
X-Mailman-Approved-At: Fri, 08 Jul 2022 09:26:42 +0000
Subject: Re: [bitcoin-dev] No Order Mnemonic
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2022 09:12:23 -0000
--0000000000005084fb05e347990c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
What do you do if the "first" word (of 12), happens to be the last word in
the list alphabetically? So that seems like a dead end.
Since users are never expected to memorize the "whole list" (of 2048 words)
in any case, it seems that the smarter thing to do (if this "order"
criterion is desirable) may have been to just make the whole list 12x
longer and cut it into 12 sections. Each of the 12 slots would have 2048
distinct words. Then the computer would handle the order; the user could
neglect it.
I can guess why people weren't particularly interested in this: words
always have to be written down in some order or another. Even if you write
them down in a 3x4 grid, there are very few combinations needed to guess
the one true ordering. I wonder how obscure the words would have to be, by
the 12th list of 2048? But still it might be fun - the 4th word might
always be a nautical word, the 5th word a farm word, etc. And no one would
confuse it with a bip39 phrase -- in fact since they are just lists of
integers 1 to 2048, it would be pretty easy to make them interoperable.
Very easy but perhaps still not worth doing.
Paul
On Fri, Jul 8, 2022, 4:48 AM vjudeu via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> Isn't it enough to just generate a seed in the same way as today, then
> sort the words alphabetically, and then use that as a seed? I know, the
> last word is a checksum, but there are only 2048 words, so it is not a bi=
g
> deal to get any checksum we want. If that is insecure, because of lower
> possible combinations, then it is always possible to increase the number =
of
> words to compensate that.
>
>
> On 2022-07-08 04:27:21 user Eric Voskuil via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>
> Without a performance requirement there is no reason you can=E2=80=99t st=
ore the
> BIP39 words in any order you want. So it=E2=80=99s certainly possible, ju=
st brute
> force the recovery. If you have less than a second vs. a few days then it=
=E2=80=99s
> a different question.
>
>
> e
>
>
> On Jul 7, 2022, at 18:48, Bram Cohen via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
> Part of the rules of my challenge is that the 'new' words need to be in
> the same pool as the 'old' words, so any ordering is okay. Without that
> requirement it's mathematically very straightforward.
>
>
> On Thu, Jul 7, 2022 at 10:52 AM Pavol Rusnak <stick@satoshilabs.com>
> wrote:
> There is. Just encode the index of permutation used to scramble the
> otherwise sorted list. For 12 words you need to store 12! =3D ~32 bits so=
3
> words should be enough.
>
>
> Repetitions make this more difficult, though.
>
>
> On Thu 7. 7. 2022 at 19:41, Bram Cohen via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
> On Thu, Jul 7, 2022 at 7:43 AM Anton Shevchenko via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
> I made a python implementation for a different mnemonic encoding. The
> encoding requires user to remember words but not the order of those words=
.
> The code is open (MIT license) at https://github.com/sancoder/noomnem
>
>
>
> Thanks Anton. There's an interesting mathematical question of whether it'=
s
> possible to make a code like this which always uses the BIP-39 words for
> the same key as part of its encoding, basically adding a few words as err=
or
> correction in case the order is lost or confused. If the BIP-39 contains =
a
> duplicate you can add an extra word.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--0000000000005084fb05e347990c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"auto">What do you do if the "first" word (of 12), hap=
pens to be the last word in the list alphabetically? So that seems like a d=
ead end.<div dir=3D"auto"><br></div><div dir=3D"auto">Since users are never=
expected to memorize the "whole list" (of 2048 words) in any cas=
e, it seems that the smarter thing to do (if this "order" criteri=
on is desirable) may have been to just make the whole list 12x longer and c=
ut it into 12 sections. Each of the 12 slots would have 2048 distinct words=
. Then the computer would handle the order; the user could neglect it.</div=
><div dir=3D"auto"><br></div><div dir=3D"auto">I can guess why people weren=
't particularly interested in this: words always have to be written dow=
n in some order or another. Even if you write them down in a 3x4 grid, ther=
e are very few combinations needed to guess the one true ordering. I wonder=
how obscure the words would have to be, by the 12th list of 2048? But stil=
l it might be fun - the 4th word might always be a nautical word, the 5th w=
ord a farm word, etc. And no one would confuse it with a bip39 phrase -- in=
fact since they are just lists of integers 1 to 2048, it would be pretty e=
asy to make them interoperable. Very easy but perhaps still not worth doing=
.</div><div dir=3D"auto"><br></div><div dir=3D"auto">Paul</div></div><br><d=
iv class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Jul =
8, 2022, 4:48 AM vjudeu via bitcoin-dev <<a href=3D"mailto:bitcoin-dev@l=
ists.linuxfoundation.org">bitcoin-dev@lists.linuxfoundation.org</a>> wro=
te:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;b=
order-left:1px #ccc solid;padding-left:1ex">Isn't it enough to just gen=
erate a seed in the same way as today, then sort the words alphabetically, =
and then use that as a seed? I know, the last word is a checksum, but there=
are only 2048 words, so it is not a big deal to get any checksum we want. =
If that is insecure, because of lower possible combinations, then it is alw=
ays possible to increase the number of words to compensate that.<br>
<br>
<br>
On 2022-07-08 04:27:21 user Eric Voskuil via bitcoin-dev <<a href=3D"mai=
lto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" rel=3D"norefer=
rer">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br>
<br>
<br>
Without a performance requirement there is no reason you can=E2=80=99t stor=
e the BIP39 words in any order you want. So it=E2=80=99s certainly possible=
, just brute force the recovery. If you have less than a second vs. a few d=
ays then it=E2=80=99s a different question.<br>
<br>
<br>
e<br>
<br>
<br>
On Jul 7, 2022, at 18:48, Bram Cohen via bitcoin-dev <<a href=3D"mailto:=
bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" rel=3D"noreferrer"=
>bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br>
Part of the rules of my challenge is that the 'new' words need to b=
e in the same pool as the 'old' words, so any ordering is okay. Wit=
hout that requirement it's mathematically very straightforward.<br>
<br>
<br>
On Thu, Jul 7, 2022 at 10:52 AM Pavol Rusnak <<a href=3D"mailto:stick@sa=
toshilabs.com" target=3D"_blank" rel=3D"noreferrer">stick@satoshilabs.com</=
a>> wrote:<br>
There is. Just encode the index of permutation used to scramble the otherwi=
se sorted list. For 12 words you need to store 12! =3D ~32 bits so 3 words =
should be enough.=C2=A0<br>
<br>
<br>
Repetitions make this more difficult, though.=C2=A0<br>
<br>
<br>
On Thu 7. 7. 2022 at 19:41, Bram Cohen via bitcoin-dev <<a href=3D"mailt=
o:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" rel=3D"noreferre=
r">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br>
On Thu, Jul 7, 2022 at 7:43 AM Anton Shevchenko via bitcoin-dev <<a href=
=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" rel=3D"=
noreferrer">bitcoin-dev@lists.linuxfoundation.org</a>> wrote:<br>
I made a python implementation for a different mnemonic encoding. The encod=
ing requires user to remember words but not the order of those words.<br>
The code is open (MIT license) at <a href=3D"https://github.com/sancoder/no=
omnem" rel=3D"noreferrer noreferrer" target=3D"_blank">https://github.com/s=
ancoder/noomnem</a><br>
<br>
<br>
<br>
Thanks Anton. There's an interesting mathematical question of whether i=
t's possible to make a code like this which always uses the BIP-39 word=
s for the same key as part of its encoding, basically adding a few words as=
error correction in case the order is lost or confused. If the BIP-39 cont=
ains a duplicate you can add an extra word.<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" =
rel=3D"noreferrer">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer noreferrer" target=3D"_blank">https://lists.linuxfoundati=
on.org/mailman/listinfo/bitcoin-dev</a><br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank" =
rel=3D"noreferrer">bitcoin-dev@lists.linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer noreferrer" target=3D"_blank">https://lists.linuxfoundati=
on.org/mailman/listinfo/bitcoin-dev</a><br>
</blockquote></div>
--0000000000005084fb05e347990c--
|
