bitcoin-dev

BIP-? : Free seed mnemonics for steganography and attack-resistance

BIP-? : Free seed mnemonics for steganography and attack-resistance

Original Postby Aneesh Karve

Posted on: June 8, 2024 02:40 UTC

The proposed addition of a "Free" language to the BIP-39 protocol aims to enhance the security and versatility of Bitcoin seed mnemonics.

This enhancement allows for the generation and storage of seeds offline using everyday items such as playing cards, chess boards, and paper napkins, significantly increasing their steganographic potential and resilience against attackers. By incorporating PBKDF2() in a manner fully compatible with existing BIP-39 implementations, the proposal introduces a backward-compatible, non-breaking change that broadens mnemonic options without altering the core mechanics of seed derivation.

BIP-39 mnemonics currently suffer from several shortcomings, including their recognizability as Bitcoin passphrases, difficulty in memorization, necessity for electronic computation for checksum bits, and the cumbersome nature of manual entropy input, such as dice rolls. These limitations reduce the practicality and security of Bitcoin wallets by restricting mnemonic portability, memorability, and resistance to duress. The proposal addresses these issues by enabling the creation of cryptographically strong seeds through simple, physical means that are less susceptible to scrutiny and seizure.

To mitigate risks associated with the introduction of more varied mnemonic sources, such as weak entropy inputs, the proposal outlines specific requirements for mnemonic validation. These include ensuring a minimum threshold of complexity for user-provided mnemonics and maintaining the integrity of BIP-39 checksums for traditional mnemonics while expanding the input options. The specification details the technical adjustments necessary for implementing the "Free" language input, including character normalization and validation based on Shannon Entropy and Hamming Distance metrics to assess mnemonic complexity.

Several examples illustrate the practical applications of this proposal, showcasing how a deck of cards, chess moves, game boards, or even inscribed dice can encode sufficient entropy for secure Bitcoin seed mnemonics. These methods offer innovative ways to conceal and transport mnemonic information discreetly, enhancing the security and usability of Bitcoin wallets.

For further details, the online specification and reference implementation in Python are available at https://github.com/akarve/bip-keychain/blob/main/pre-bips/steganographic-seeds.md.