From: "Anton Shevchenko" <anton@sancoder•com>
To: "Alfred Hodler" <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] No Order Mnemonic
Date: Sat, 09 Jul 2022 16:46:19 -0700 [thread overview]
Message-ID: <bf3b36b1-e999-43bf-88d4-3aab19d10e9d@www.fastmail.com> (raw)
In-Reply-To: <CAJ4-pEA7WJpbExcsgdPWVNuZLrbDDhVYr37g6_6NSf7t41eB4w@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2260 bytes --]
I would say removing ordering from 12-word seed reduces 25 bits of entropy, not 29. Additional 4 bits come from checksum (12 words encode 132 bits, not 128).
My idea [for developing this project] was to feed its output to some kind of AI story generator (GPT-3 based?) so a user can remember a story, not ordered words. But as others pointed out, having 12 words without order is probably good enough. So at this point there's not much sense of using the proposed encoding. Unless a remembered story has wholes/errors. In this case recovering few words would be easier with unordered encoding. Any thoughts?
-- Anton Shevchenko
On Sat, Jul 9, 2022, at 1:31 PM, Zac Greenwood via bitcoin-dev wrote:
> Sorting a seed alphabetically reduces entropy by ~29 bits.
>
> A 12-word seed has (12, 12) permutations or 479 million, which is ln(469m) / ln(2) ~= 29 bits of entropy. Sorting removes this entropy entirely, reducing the seed entropy from 128 to 99 bits.
>
> Zac
>
>
> On Fri, 8 Jul 2022 at 16:09, James MacWhyte via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> wrote:
>>
>>> What do you do if the "first" word (of 12), happens to be the last word in the list alphabetically?
>>
>> That couldn't happen. If one word is the very last from the wordlist, it would end up at the end of your mnemonic once you rearrange your 12 words alphabetically.
>>
>> However!
>>
>> (@vjudeu) Choosing 11 random words and then sorting them alphabetically before assigning a checksum would reduce entropy considerably. If you think about it, to bruteforce the entire keyspace one would only need to come up with every possible combination of 11 words + 1 checksum. I'm not the best at napkin math, but I think that leaves you with around 10 trillion combinations, which would only take a couple months to exhaust with hardware that can do 1 million guesses per second.
>>
>>
>> James
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists•linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
[-- Attachment #2: Type: text/html, Size: 4541 bytes --]
next prev parent reply other threads:[~2022-07-09 23:46 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-07 14:33 Anton Shevchenko
2022-07-07 17:36 ` Bram Cohen
2022-07-07 17:52 ` Pavol Rusnak
2022-07-07 17:58 ` Anton Shevchenko
2022-07-08 1:47 ` Bram Cohen
2022-07-08 2:19 ` Eric Voskuil
2022-07-08 4:35 ` vjudeu
2022-07-08 9:12 ` Paul Sztorc
2022-07-08 14:08 ` James MacWhyte
2022-07-09 20:31 ` Zac Greenwood
2022-07-09 22:21 ` James MacWhyte
2022-07-09 23:46 ` Anton Shevchenko [this message]
2022-07-11 13:11 ` Erik Aronesty
2022-07-11 13:18 ` Erik Aronesty
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bf3b36b1-e999-43bf-88d4-3aab19d10e9d@www.fastmail.com \
--to=anton@sancoder$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox