Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 25D3CA03E for ; Thu, 28 Feb 2019 03:49:11 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qt1-f181.google.com (mail-qt1-f181.google.com [209.85.160.181]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id EDA9B42D for ; Thu, 28 Feb 2019 03:49:09 +0000 (UTC) Received: by mail-qt1-f181.google.com with SMTP id w4so22052639qtc.1 for ; Wed, 27 Feb 2019 19:49:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=f6B4ZjiA8oNLJ2Y0rAdTzDzfxkC4WmYy1CybLD9fRRQ=; b=W364gzjeiD6Prf1NAxMBmANhF6xEN16fxDrBvqSW2vFN1o9NYhApxnMft8AqJoSOrQ tyCcqlKrfC44mmEVN9Be1xha28VyEqAGnHmuVLjhNawTtL94kniWV9pLNZKiEJqlcMNW 87XWZUhGvLjNTYQXUzTNdvXhhn5dCbQ9dT+70G9m+4F6dnOBroPpxJ+H2E/Yn/GV1Mcw nhNpD4WrzvpS4oCWBxB5FnOnxQKk581dK3RR58O9Tej0BXlWQ1RVQTjW+htS/DPquhO7 ExPyiq4MCmVj8fONt+m2Fy+zbWXK8Xp03NjWR0RobCNp9CFEg9vmRewsAMLxXT+u8UQO HAsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=f6B4ZjiA8oNLJ2Y0rAdTzDzfxkC4WmYy1CybLD9fRRQ=; b=gIgqbEEZC0tI2fQL0K43Sf+XCqZdVRmZOdYKkVvLco8M0F+f2AopOuAJL5Mi99cTHP D1AzNqISeTr/sj80u3hzVZ1NStQGemfffvofF/0nRVcWEITZa9VzZvQBQYtwyWP/c/WN ReMMcBL1cqtAZgFGarOIrh8ghiqayvaYvHN98aeWTI1BcalmwMRUq+CfzO68uvFuYjNT 4YZGa54EcBVJL5dv6Cm+6LObtU2T3AqY2zSGIZ2FnH+v1vuD0YfnJf5WfMkWcoe0IR0P VHfyn0R7mUmI5N0I9/NsG/7TCEb44V5lWSMHnyyJF57Q6SLaMiNbwuq4hntuJPojIrcp C05w== X-Gm-Message-State: APjAAAWgy0silSaLz66+n5fOVUeUIWt2O+Z2Wwx7iqfRoO0h02v0mYbt TXiCBq//naOWvrtgh1ijAHWuxn4Ei4MJr4V6JQzvmJFB X-Google-Smtp-Source: APXvYqzUxkxFfsoFPAY0Lep+jEqdSphPWcWoYsmW6nH1IXjWxBsRRO5TSIWO+T9NUuTKgDCkpWpb/3B+HlQiwIQmWSI= X-Received: by 2002:ac8:3464:: with SMTP id v33mr4613918qtb.65.1551325748843; Wed, 27 Feb 2019 19:49:08 -0800 (PST) MIME-Version: 1.0 From: Trey Del Bonis Date: Wed, 27 Feb 2019 22:48:57 -0500 Message-ID: To: Bitcoin Protocol Discussion Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 06 Mar 2019 00:37:01 +0000 Subject: [bitcoin-dev] Fortune Cookies to Bitcoin Seed X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Feb 2019 03:49:11 -0000 Hello all, This might be another proto-BIP similar to the post about using a card shuffle as a wallet seed that was posted here a few weeks back: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016645.html This is an idea I had to deriving a wallet seed from the lucky numbers on a fortunes from fortune cookies [1]. On one side is some silly fortune, which we don't really care about here. But depending on the brand, on the other side there's 2 parts: * "Learn Chinese", with a word in English and its translation into Chinese characters and the (probably) pinyin. * "Lucky Numbers", followed by usually 6 or 7 numbers, presumably in the range of 1 to 99. Someone can correct me on this if I'm wrong. So each number should have around ~6.6 bits of entropy, which means you could generate a "very secure" wallet seed with about 7 fortunes. We can remember the order of the numbers on these fortunes based on the English words, which we can commit to memory. It's considered a rule of thumb that you can remember "7 things" at once, which is pretty convenient for this. Sometimes the numbers are sorted, which decreases the entropy a bit, but that can be remedied with just more fortunes. This also splits up the information required to reconstruct the seed into both something physical and something remembered, and there isn't any particular ordering that someone can mess up by, say, shuffling the card deck. Although someone is arguably more likely to throw away random fortunes than they are to throw away a deck of cards which is a weakness of this scheme. It also arguably has better deniability. If you keep a pile of 20 fortunes (with different "Learn Chinese" words) and remember which 7 of them are for your key, but pick another 7 you can use to make a decoy wallet to use if being forced to reveal a wallet. Keeping 20 around is a little excessive but it gives 390700800 possible wallets. So security can be trivially parameterized based on how secure you want your wallet to be if someone finds your stash. I wrote a little Python script to generate a key with this, it's not very clean and could be much improved but it works pretty well as a proof of concept: https://gitlab.com/delbonis/chinese-wallet -Trey Del Bonis [1] https://en.wikipedia.org/wiki/Fortune_cookie