-
Notifications
You must be signed in to change notification settings - Fork 174
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature Draft/Discussion] sssss4ss - super simple shamir secret sharing for seedsigner? #552
Comments
As a quick example, take the following 3 shares which are each valid BIP39 24-word mnemonics,
and any 2 of the 3 shares can be combined to recover the valid BIP39 12-word mnemonic
Rather than use Here is the uncommented code and test demonstrating the above. If there is any interest, I would be happy to clean that code up with some comments so that it might be easier to use as a reference. |
Supporting Codex32 BIP93 would be better as the strings are easier to transcribe and type in. |
I do agree that supporting codex32 would probably be better, if nothing else because it (presumably) is more researched/tested than the concoction presented in the linked gist. But I am not sure I follow what you mean regarding the strings being easier to transcribe. Transcribing english words, at least for most people, is easier than transcribing a bech32 string I think. Maybe we need a bech32 alphabet which consists of words, rather than single characters/symbols? |
It's less characters. The average word in BIP39 is 5-6 characters so 60-72 vs 48. And BIP39 has no error correction, while codex32 can detect 8 substitutions and correct 4. I wrote the first wallet software to create and recover codex32 seed backups: https://github.com/BenWestgate/Bails/ In my testing, I can write a 48 character codex32 string in 45 seconds and type it on a qwerty keyboard in 30 if I go fast and let the error correction fix any typo. It feels pretty ergonomic, I've had boomers test it as well with similar comparative ease vs bip39 mnemonics. If it were absolutely required to use words (trying to turn a codex32 string into a brain wallet/share for example) the SLIP39 wordlist is 10-bits and can directly encode 2 bech32 characters. However writing and typing this is much more labor than 48 bech32 characters, but it would be easier to memorize these SLIP39 words in a pinch. |
Very cool! Thanks for sharing. Maybe trying to get a prototype of Codex32/BIP93 into seedsigner would be a good start then, like you suggested, especially since you have already implemented it.
Interesting, and good to know you have had success with the testing. Did you find that there was a sweet spot as to the number of characters you would remember/transcribe at a time? |
BlockstreamResearch/codex32#58 (comment)
4 characters is a common standard that fits in the working memory of most. Recommendations for wallet developers were compiled here: There is no corresponding document of recommendations for creating codex32 backups electronically. I will write a draft for that soon. |
why not just support slip39 shares? |
As I said in the gist, it would be better to use something like codex32 or slip39 and would be great if devices like seedsigner had support for those. |
This is very much a rough draft, or even worse, just some notes. However I wanted to share them to see if there might be demand for a adding feature like this to seedsigner. Feedback and comments welcome!!
See the gist here: simple shamir secret sharing
TL;DR:
Shares are valid 24-word BIP39 mnemonics. The master secret is a valid 12-word BIP39 mnemonic.
From the user perspective everything they need to store and handle in the physical world is simply a valid BIP39 mnemonic thereby achieving maximum (currently) interoperability when it comes to loading stored entropy from the physical world into these devices.
Devices do not need to add share-specific scanning flow or learn how to recognize more types of QR codes since all shares are valid 24-word BIP39 mnemonics. Of course this has benefits and drawbacks. Maybe the drawbacks outweigh the benefits, but it has been an interesting exercise to think through regardless.
The text was updated successfully, but these errors were encountered: