Creating a standardized mnemonic system for storing seeds seems like it would be a great benefit to the community.
A mnemonic code or sentence is superior for human interaction compared to the handling of raw binary or hexadecimal representations of a wallet seed. The sentence could be written on paper or spoken over the telephone.
This is one of the future items on the docket for nanovault and I think it would a good idea to standardize this across multiple wallets so as not to introduce vendor lock by using a mnemonic to write down your seed.
This standard is meant to be a way to transport computer-generated randomness with a human readable transcription. It's not a way to process user-created sentences (also known as brainwallets) into a wallet seed.
My proposal is a standard similar to BIP39, modified for use with our 256 bit seeds. The mnemonic generation would be the same, which is copied here for easy reference:
The mnemonic must encode entropy in a multiple of 32 bits. With more entropy
security is improved but the sentence length increases. We refer to the
initial entropy length as ENT. The allowed size of ENT is 128-256 bits.
First, an initial entropy of ENT bits is generated. A checksum is generated by
taking the first
ENT / 32bits of its SHA256 hash. This checksum is
The following table describes the relation between the initial entropy
length (ENT), the checksum length (CS) and the length of the generated mnemonic
sentence (MS) in words.
CS = ENT / 32 MS = (ENT + CS) / 11 | ENT | CS | ENT+CS | MS | +-------+----+--------+------+ | 128 | 4 | 132 | 12 | | 160 | 5 | 165 | 15 | | 192 | 6 | 198 | 18 | | 224 | 7 | 231 | 21 | | 256 | 8 | 264 | 24 |
An ideal wordlist has the following characteristics:
a) smart selection of words
b) similar words avoided
c) sorted wordlists
The wordlist can contain native characters, but they must be encoded in UTF-8
using Normalization Form Compatibility Decomposition (NFKD).
This section is modified from the BIP39 standard to fit with our seed key length and use the new Argon2 hashing function.
A user may decide to protect their mnemonic with a passphrase. If a passphrase is not present, an empty string "" is used instead.
To create a binary seed from the mnemonic, we use the Argon2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt.
Argon2di is used as a key derivation function with the parameters:
This gives a good compromise of time and memory protection while being fast enough to calculate relatively quickly even on low-power devices like cell phones.
euru
In the meantime I use this tool https://github.com/iancoleman/bip39 to generate 24-word seed & use its entropy as seed to Nano Desktop wallet.
I second this
BIP39 please. That would open a potential road / make it easier to integrate into hardware wallets in the future (i.e. Trezor Model T).