Introducing a version field to BIP39 mnemonic phrases

Introducing a version field to BIP39 mnemonic phrases

Original Postby Leslie

Posted on: January 10, 2024 14:28 UTC

This blog post introduces a proposed enhancement to BIP39 mnemonic phrases, a system widely used for generating deterministic keys in the cryptocurrency space.

The main feature of this proposal is the addition of a version field to the existing format of mnemonic phrases. This version field comprises a 32-bit segment, which is further divided into a 24-bit general-purpose area and an 8-bit section specifically for denoting the BIP39 standard version.

The motivation behind introducing versioning to BIP39 mnemonic phrases stems from the lack of such a feature in the current implementation. This omission has been recognized as a significant design flaw by industry experts and developers alike. Notably, figures like Greg Maxwell have commented on this shortcoming, and concerns have been documented within the Electrum wallet documentation. By incorporating a version number, the new proposal aims to increase the robustness and adaptability of mnemonics, facilitating future enhancements and ensuring backward compatibility. This change is anticipated to improve the efficiency of wallet software in managing different derivation methods and secure user funds by minimizing risks associated with incompatibilities between mnemonic phrases and wallet software.

The versioned mnemonic generation process builds on the structure of BIP39. It begins with the creation of initial entropy (ENT), which must be a multiple of 32 bits. A 32-bit version field is then prepended to this entropy. Following BIP39's original method, a checksum is calculated and appended to the combined entropy. This data is subsequently split into groups of 11 bits, each mapping to a word in the BIP39 wordlist, ultimately forming the mnemonic sentence.

Compatibility is a key consideration in this proposal. Systems that are designed around the classic BIP39 format without awareness of the version extension will interpret these mnemonics as 'Legacy' phrases, preserving backward compatibility. On the other hand, forward compatibility is also considered, preparing systems to integrate future changes to the BIP39 standard smoothly.

However, wallets implementing this enhanced system would still rely on the predefined BIP39 dictionary to determine the mnemonic seed's version and to validate the checksum. Moreover, the proposed versioning allows for the possibility of adopting alternative entropy derivation methods as cryptographic standards evolve, potentially moving beyond the currently employed PBKDF2 key stretching algorithm.

For further information and reference, readers can access the official Bitcoin Improvement Proposals document for BIP39 and the GitHub repository dedicated to the versioned BIP39 proposal through the provided links.