Are dices for generating seed words fair? - page 5.

Medusah

sr. member

Activity: 267

Merit: 268

Not your coins, not your business

Quote from: LoyceV on October 16, 2023, 06:10:29 AM

I read it, but can't believe it. That would mean a dice that rolls heads 3.25% times more often than it rolls tails would only lose 0.02% of the entropy after 256 rolls.

Yes.

Quote from: LoyceV on October 16, 2023, 06:10:29 AM

I would expect this 2-to-1-dice to create much less entropy. Please convince me you used the correct formula.

You are correct. I used Shannon's formula. There are many good answers about the "why" part in here: https://math.stackexchange.com/questions/331103/intuitive-explanation-of-entropy

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Medusah on October 15, 2023, 06:04:54 PM

If there is 50.8% chance for heads and 49.2% for tails, then you can calculate the entropy like that:

Code:

H(X) = - P(heads) * log2(P(heads)) - P(tails) * log2(P(tails)) = - 0.508 * log2(0.508) - 0.492 * log2(0.492) = 0.999815327

I read it, but can't believe it. That would mean a dice that rolls heads 3.25% times more often than it rolls tails would only lose 0.02% of the entropy after 256 rolls.
I know it's been a while since I studied statistics, so bear with me. Let's say we have a 3-sided coin, with 2 sides heads and 1 side tails.
Using your formula, that gives:

Code:

- 0.6667 * log2(0.6667) - 0.3333 * log2(0.3333) = 0.9183

I would expect this 2-to-1-dice to create much less entropy. Please convince me you used the correct formula.

Medusah

sr. member

Activity: 267

Merit: 268

Not your coins, not your business

Quote from: philipma1957 on October 15, 2023, 05:39:52 PM

So if you have a 51 to 49 percent bias on all your picks it still to the 24th power.

What number are you raising to the 24?

If there is 50.8% chance for heads and 49.2% for tails, then you can calculate the entropy like that:

Code:

H(X) = - P(heads) * log2(P(heads)) - P(tails) * log2(P(tails)) = - 0.508 * log2(0.508) - 0.492 * log2(0.492) = 0.999815327

So tossing a coin gives you 0.999815327 bits of entropy. If you toss it 256 times, it will give you 255.95 bits which are sufficient.

philipma1957

legendary

Activity: 4102

Merit: 7765

'The right to privacy matters'

Quote from: LoyceV on October 15, 2023, 05:36:51 AM

Quote from: o_e_l_e_o on October 23, 2022, 03:48:04 AM

Quote from: larry_vw_1955 on October 22, 2022, 08:16:15 PM

but then we get into other questions such as "what is an acceptable level of bias in an experiment where you perform it some number of times, be that 1000, or more?"

When considering generating private keys for bitcoin, then my answer is zero. I don't see why you would settle for anything less. This is why I advocate for using coin flips with von Neumann's algorithm, since by doing this you can be certain you have eliminated any bias in your coin, as well as not introduced any new bias by performing randomness extraction or other processes you don't fully understand on your data.

By coincidence, I stumbled upon an article about bias in coin tosses. It reminded me about this topic, hence the 10 month bump.

TL;DR: if you start a coin toll with heads up, there's a 50.8% chance you'll end up with heads.

Quote from: Coin Tosses Are Not 50/50: Scientists Toss 350,757 Coins And Prove Old Theory

"According to the Diaconis model, precession causes the coin to spend more time in the air with the initial side facing up," a new team writes in a pre-print paper that has not yet been peer-reviewed. "Consequently, the coin has a higher chance of landing on the same side as it started (i.e., ‘same-side bias’)."

Diaconis found, from a smaller ideal number of coin tosses recorded and analyzed, that coins land on the same side they were tossed from around 51 percent of the time. The new team recruited 48 people to flip 350,757 coins from 46 different currencies, finding that overall, there was a 50.8 percent chance of the coin showing up the same side it was tossed from.

Delving into the data further, they found that coin tosses are highly variable between people, with some showing a strong same-side bias and others having none at all – coin tosses may come down (ever so slightly) to the tosser.

Further reading: Fair coins tend to land on the same side they started: Evidence from 350,757 flips.

There are older articles also claiming a similar (51/49) distribution, but as far as I've found the recent research had the largest sample size.

So if you have a 51 to 49 percent bias on all your picks it still to the 24th power.

so effectively the bias mean a 24 word seed is more like a 22 word seed or am I wrong

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: o_e_l_e_o on October 23, 2022, 03:48:04 AM

Quote from: larry_vw_1955 on October 22, 2022, 08:16:15 PM

but then we get into other questions such as "what is an acceptable level of bias in an experiment where you perform it some number of times, be that 1000, or more?"

When considering generating private keys for bitcoin, then my answer is zero. I don't see why you would settle for anything less. This is why I advocate for using coin flips with von Neumann's algorithm, since by doing this you can be certain you have eliminated any bias in your coin, as well as not introduced any new bias by performing randomness extraction or other processes you don't fully understand on your data.

By coincidence, I stumbled upon an article about bias in coin tosses. It reminded me about this topic, hence the 10 month bump.

TL;DR: if you start a coin toll with heads up, there's a 50.8% chance you'll end up with heads.

Quote from: Coin Tosses Are Not 50/50: Scientists Toss 350,757 Coins And Prove Old Theory

"According to the Diaconis model, precession causes the coin to spend more time in the air with the initial side facing up," a new team writes in a pre-print paper that has not yet been peer-reviewed. "Consequently, the coin has a higher chance of landing on the same side as it started (i.e., ‘same-side bias’)."

Diaconis found, from a smaller ideal number of coin tosses recorded and analyzed, that coins land on the same side they were tossed from around 51 percent of the time. The new team recruited 48 people to flip 350,757 coins from 46 different currencies, finding that overall, there was a 50.8 percent chance of the coin showing up the same side it was tossed from.

Delving into the data further, they found that coin tosses are highly variable between people, with some showing a strong same-side bias and others having none at all – coin tosses may come down (ever so slightly) to the tosser.

Further reading: Fair coins tend to land on the same side they started: Evidence from 350,757 flips.

There are older articles also claiming a similar (51/49) distribution, but as far as I've found the recent research had the largest sample size.

larry_vw_1955

sr. member

Activity: 1036

Merit: 350

Quote from: o_e_l_e_o on December 27, 2022, 08:55:50 AM

Not necessarily.

ok thanks for the clarification. seems like you thought of everything.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: larry_vw_1955 on December 26, 2022, 10:12:31 PM

so are you going to admit that storing your seed phrase in such a place is highly risky?

Not necessarily.

I'm not a fan of any back up system for seed phrases where the compromise of a single back up results in you losing your coins. Because of this, I exclusively use either wallets generated from both a seed phrase and an additional passphrase, or multi-sig wallets. And as I have said before, I would always recommend having at least two back ups of any important information. So in such a case where I am storing a back up in a safe deposit box, then if the bank makes a mistake and drills out my box, I have not lost my wallet since I have additional back ups elsewhere, and my funds cannot be stolen since one back up on its own is insufficient to compromise my wallets.

If you only have one back up, and someone discovering that one back up gives them all the information required to steal your coins, then you are already in a highly risky situation.

larry_vw_1955

sr. member

Activity: 1036

Merit: 350

Quote from: o_e_l_e_o on December 24, 2022, 05:43:17 AM

A quick web search and I can find metal engraving pen for $10-15, and a set of metal letter stamps for hammering in to the metal for $15-20. So still significantly cheaper than any proprietary piece of kit.

ok yeah that's true. i'll have to look into those "metal engraving pens" not sure how well they work. or how long they last but i guess they don't have to last very long to engrave a seed phrase one or two times.

Quote from: larry_vw_1955 on December 23, 2022, 09:59:50 PM

dude lost $10 million. not to theft but the bank just made a mistake. not sure if he got reimbursed or not.

Quote

Another great argument for having more than one back up then. Wink

i doubt it's a great argument for anything other than not storing your seed phrase in a place like a bank deposit box or storage unit that you pay for rent to keep. as the story shows, you're at the mercy of the company that manages the thing. so are you going to admit that storing your seed phrase in such a place is highly risky?

you did read the story, right? Grin

they drilled out the locks on his box and yeah that was a mistake on their part. but they didn't realize they were making a mistake. but they had the wrong box. could happen to anyone right? then the contents of his box got sent to some other storage facility but at some point during that process, the "good stuff" got taken. stolen. get the point?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: larry_vw_1955 on December 23, 2022, 09:59:50 PM

but still i would imagine 2 metal plates $10, the tools to do the stamping maybe $50.

A quick web search and I can find metal engraving pen for $10-15, and a set of metal letter stamps for hammering in to the metal for $15-20. So still significantly cheaper than any proprietary piece of kit.

Quote from: larry_vw_1955 on December 23, 2022, 09:59:50 PM

dude lost $10 million. not to theft but the bank just made a mistake. not sure if he got reimbursed or not.

Another great argument for having more than one back up then. Wink

larry_vw_1955

sr. member

Activity: 1036

Merit: 350

Quote

Nothing wrong with using metal plates, but you still need redundancy in your set up. And you can buy a stainless steel plate for 5 bucks at a hardware store. No need to pay upwards of $100 for the same thing.

the metal plates themselves are not what form the bulk of the cost. the tools needed to create the seed phrases on the metal plates do and does the hardware store have those too? but still i would imagine 2 metal plates $10, the tools to do the stamping maybe $50.

Quote

I would put that under the heading of "random chance". All my back up locations are physical secured - someone would need to physically break in, either to the building itself, a locked safe or similar, or both, in order to compromise them. They will not be randomly stumbled across.

https://www.nytimes.com/2019/07/19/business/safe-deposit-box-theft.html

dude lost $10 million. not to theft but the bank just made a mistake. not sure if he got reimbursed or not.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: larry_vw_1955 on December 22, 2022, 08:13:13 PM

that's how they have been led to believe is all they have to do. plus these metal plate systems are not cheap which discourages them from doing additional backups.

Completely agree. It's akin to how centralized exchanges have convinced people that they are too stupid to write down 12 words and need to leave their coins in the custody of a third party. Now these metal plate manufacturers convince people that paper isn't safe, when in reality two pieces of paper in separate locations is exponentially more robust (and cheaper) than one metal plate kept at home.

Nothing wrong with using metal plates, but you still need redundancy in your set up. And you can buy a stainless steel plate for 5 bucks at a hardware store. No need to pay upwards of $100 for the same thing.

Quote from: larry_vw_1955 on December 22, 2022, 08:13:13 PM

not impossible to do but you'll need a good memory.

True. I also have a wife who knows about the back ups too. More redundancy.

Quote from: larry_vw_1955 on December 22, 2022, 08:13:13 PM

unless you have some special software for doing that it doesn't sound like it would be very userfriendly to actually use a wallet setup like that. unless you just plan to use the same bitcoin address over and over ignoring best use practices.

It's fairly easily done. You could do it on your main computer using Electrum and two different hardware wallets, for example. Or if you've got two old laptops/computers/devices which you can airgap.

Quote from: larry_vw_1955 on December 22, 2022, 08:13:13 PM

so you go and hide your metal plate in some hole in the ground somewhere and you think that is safe. what happens if someone comes along with a metal detector? hopefully you dug your hole deep enough. Shocked

I would put that under the heading of "random chance". All my back up locations are physical secured - someone would need to physically break in, either to the building itself, a locked safe or similar, or both, in order to compromise them. They will not be randomly stumbled across.

larry_vw_1955

sr. member

Activity: 1036

Merit: 350

Quote from: o_e_l_e_o on December 22, 2022, 05:58:42 AM

Regardless of what medium your seed phrase is on, a single back up in the same location as your wallets themselves (i.e. at home) is not safe.

ok i'm not going to disagree with that. based on the argument you provided yet we know most people don't do that. they have one metal plate and call it a day. just the reality of things. that's how they have been led to believe is all they have to do. plus these metal plate systems are not cheap which discourages them from doing additional backups.

Quote

On a separate piece of paper in a separate location to my seed phrase.

your protocol is getting complicated now. lets see, you have to store the seed phrase in at least 2 different physical locations and then you need to store the passphrase in 2 additional physical locations. so that's 4 different physical locations at the very least. then you have to have a way to remember where all those locations are. not impossible to do but you'll need a good memory.

Quote

Me. I'm the other party. I can set up a 2-of-2 multi-sig and back up my two seed phrases separately. An attacker would need to find both to compromise by wallet.

unless you have some special software for doing that it doesn't sound like it would be very userfriendly to actually use a wallet setup like that. unless you just plan to use the same bitcoin address over and over ignoring best use practices.

Quote

I'd prefer if the security of my wallets was not based on random chance and hoping that someone doesn't stumble across a seed phrase that I've hidden in plain sight.

so you go and hide your metal plate in some hole in the ground somewhere and you think that is safe. what happens if someone comes along with a metal detector? hopefully you dug your hole deep enough. Shocked

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: larry_vw_1955 on December 21, 2022, 08:25:12 PM

I understand the importance of general data backups but I thought one backup for a bitcoin seed phrase on a durable medium like a metal plate was sufficient. Maybe I got brainwashed by all this people that are using metal plates who seem to think that. Bet they dont have a second backup.

So a metal plate is obviously more durable than a piece of paper, but it is not indestructible and it is not immune to loss either. What if there is a gas explosion at your house? You are going to spend weeks manually sifting through the rubble looking for a tiny metal plate? Would your local authority even permit you to do that? What if there is a flood or a hurricane? Your metal plate could now be anywhere in a 20 kilometer radius? Good luck finding that. Regardless of what medium your seed phrase is on, a single back up in the same location as your wallets themselves (i.e. at home) is not safe.

Quote from: larry_vw_1955 on December 21, 2022, 08:25:12 PM

and where are you going to store your passphrase?

On a separate piece of paper in a separate location to my seed phrase.

Quote from: larry_vw_1955 on December 21, 2022, 08:25:12 PM

and who is the other party/parties? how do we know they can be trusted?

Me. I'm the other party. I can set up a 2-of-2 multi-sig and back up my two seed phrases separately. An attacker would need to find both to compromise by wallet.

Quote from: larry_vw_1955 on December 21, 2022, 08:25:12 PM

if you happen to forget where you put a few of them, no big deal. not like anyone else is going to be able to take advantage...

I'd prefer if the security of my wallets was not based on random chance and hoping that someone doesn't stumble across a seed phrase that I've hidden in plain sight.

larry_vw_1955

sr. member

Activity: 1036

Merit: 350

Quote from: o_e_l_e_o on December 21, 2022, 05:01:10 AM

Yes, you have to balance protection against loss versus risk of discovery, but two back ups in different locations should be the minimum.

I understand the importance of general data backups but I thought one backup for a bitcoin seed phrase on a durable medium like a metal plate was sufficient. Maybe I got brainwashed by all this people that are using metal plates who seem to think that. Bet they dont have a second backup.

Quote

Then you use a system in which compromise of one back up does not lead to loss of funds, such as an additional passphrase

and where are you going to store your passphrase? a multi-step system has a weakness in that it requires more than one part to be able to recover the whole. so you just made recovery efforts harder for yourself.

Quote

or multi-sig.

and who is the other party/parties? how do we know they can be trusted?

Quote

That's a separate problem and is common to every back up system.

it's really not common to every backup system just the ones you are used to using. consider a backup system where the seed phrase was not visible to the naked eye. with something like that, seems like you could store it in alot of places. if you happen to forget where you put a few of them, no big deal. not like anyone else is going to be able to take advantage...

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: larry_vw_1955 on December 20, 2022, 07:32:25 PM

that's the first time i ever heard someone say "you should always have more than one back up".

That's pretty standard advice, not just in bitcoin but in general. The problem with creating only a single back up is you have zero redundancy in your system. One mistake or event is all it takes for you to lose everything, especially considering the majority of people who create a single back up store it in the same location as their wallets themselves - at home.

Yes, you have to balance protection against loss versus risk of discovery, but two back ups in different locations should be the minimum.

Quote from: larry_vw_1955 on December 20, 2022, 07:32:25 PM

now you just opened yourself up to an entirely new attack vector: someone getting into your bank deposit box and stealing your bitcoin.

Then you use a system in which compromise of one back up does not lead to loss of funds, such as an additional passphrase or multi-sig.

Quote from: larry_vw_1955 on December 20, 2022, 07:32:25 PM

the problem is, people don't necessarily always realize they have "lost" a backup do they?

That's a separate problem and is common to every back up system. If you have a standard approach to all your wallets, then this issue is minimized.

Quote from: Lida93 on December 21, 2022, 03:56:50 AM

Another thing which I find risky in hiding a seed phrase in the house could end up becoming a bad idea in the event of a natural disaster like earthquakes or man-made disaster like fire engulfing the whole building maybe out of carelessness while cooking.

Correct. Hence my point about always having more than one back up in separate physical locations.

Lida93

hero member

Activity: 728

Merit: 512

Quote from: larry_vw_1955 on December 18, 2022, 09:15:49 PM

Quote from: o_e_l_e_o on December 18, 2022, 07:37:19 AM

This is an interesting idea, but very few people have the equipment or expertise needed to do this.

there's a movie where they microprinted some information into the eyeball of some person on a postage stamp. there was like 4 or 5 stamps on the envelope but only one of the eyeballs had the microprinting in it. Grin

Quote

And of course you should never even considering asking a professional or other third party service to do it for you.

yeah, that would be very dumb indeed.

Quote

There are plenty of ways to hide a seed phrase in your house which would make it near impossible to be found.

Me crossing off all of those ways since they are now public knowledge... Angry

The first place someone is going to be looking now that you've mentioned it not only here but probably elsewhere.

Quote

A favorite of mine that I've talked about before is ...

Well and here's the thing. Those are all fine and dandy ways of hiding somethhing IF

#1) you don't end up forgetting about what things you have hidden and where. if you end up forgetting where you hid it, then you are pretty much never going to want to move out of your house! so what you'll have to do is record where you hid it. and then keep that record safe as you would your own private key which kind of defeats the entire purpose of the entire thing in the first place since just record your private key instead of its location.
#2) say you move out of the house and forget to bring it with you and maybe someone is doing some home maintenance then they find what you hid. your private key has now been revealed. there's a much greater chance of that than someone brute forcing it using a computer.

Like the saying goes, " where a man's treasure is, that's where his heart lies", so for someone to forget to move out with his private key then he must be moving out with something 3times bigger than what his private keys hold access to else why will you forget except maybe such a person is suffering from a memory loss issues.
Another thing which I find risky in hiding a seed phrase in the house could end up becoming a bad idea in the event of a natural disaster like earthquakes or man-made disaster like fire engulfing the whole building maybe out of carelessness while cooking.

larry_vw_1955

sr. member

Activity: 1036

Merit: 350

Quote from: o_e_l_e_o on December 20, 2022, 05:33:01 AM

If you've lost one of your back ups, then you simply retrieve a different one (since you should always have more than one back up) and move the coins within to a new wallet. Simple.

that's the first time i ever heard someone say "you should always have more than one back up". if that were the case then why not make 1000 backups. more is better right? obviously not. every additional backup opens up a new possibility that your backup could be discovered by someone without your knowledge. example: you store a backup seed phrase in your bank deposit box even though you already have one at your home. now you just opened yourself up to an entirely new attack vector: someone getting into your bank deposit box and stealing your bitcoin. how many more additional backups like that do you want?

Quote

Losing a back up and then failing to move the coins within is a problem with any and every back up and is not unique to my method in any way.

the problem is, people don't necessarily always realize they have "lost" a backup do they? if they're not even keeping track of how many different places they stored it, how are they going to know one of them is lost? how are they going to keep track of everywhere they stored the backup? using google docs?

Quote

If you can't find a back up or aren't sure if you've found them all because you can't remember how many you made, then obviously you should assume the worst (an attacker now has access to that back up) and move your coins to a fresh set of wallets. This is just common sense.

i'm not sure anything is common sense when it comes to being organized and keeping information organized so that you can manage all your information. Shocked

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: larry_vw_1955 on December 19, 2022, 09:21:56 PM

"honey, what are you looking for?"

"oh nothing much but i might need to tear the house down to find it because if it's not in one of these electrical sockets then somehow it must have gotten moved into one of the wall spaces..."

If you've lost one of your back ups, then you simply retrieve a different one (since you should always have more than one back up) and move the coins within to a new wallet. Simple.

Quote from: larry_vw_1955 on December 19, 2022, 09:21:56 PM

so you thought you had found all your hidden private keys so you didn't move anything to new wallets.

Losing a back up and then failing to move the coins within is a problem with any and every back up and is not unique to my method in any way. If you can't find a back up or aren't sure if you've found them all because you can't remember how many you made, then obviously you should assume the worst (an attacker now has access to that back up) and move your coins to a fresh set of wallets. This is just common sense.

larry_vw_1955

sr. member

Activity: 1036

Merit: 350

Quote from: o_e_l_e_o on December 19, 2022, 04:55:22 AM

I would imagine that such tiny printing would be incredibly fragile. A microscopic tear in the paper or even a smudged fingerprint could render the writing illegible.

actually a better way would be to put it on film that way it is pretty durable and you could still hide it underneath the postage stamp which is probably a better location for it anyway.

Quote from: larry_vw_1955 on December 18, 2022, 09:15:49 PM

So don't use a system where compromise of a single back up can lead to loss of coins. And simply move all your coins to new wallets when you move house.

so you thought you had found all your hidden private keys so you didn't move anything to new wallets. just so happens the new tenants didn't like the color of your old carpet so they had someone come and replace it. and guess what they found underneath your old carpet? a way to get your money. Shocked

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: larry_vw_1955 on December 18, 2022, 09:15:49 PM

there's a movie where they microprinted some information into the eyeball of some person on a postage stamp. there was like 4 or 5 stamps on the envelope but only one of the eyeballs had the microprinting in it. Grin

I would imagine that such tiny printing would be incredibly fragile. A microscopic tear in the paper or even a smudged fingerprint could render the writing illegible.

Quote from: larry_vw_1955 on December 18, 2022, 09:15:49 PM

Me crossing off all of those ways since they are now public knowledge... Angry

The first place someone is going to be looking now that you've mentioned it not only here but probably elsewhere.

If an attacker breaks in to your home and the first thing they do is start unscrewing all your electrical sockets and taking your doors off their hinges, instead of helping themselves to your other valuables, then you have suffered a complete failure of your opsec and your privacy. There are countless TV shows and movies where people hide things under floor boards or inside walls. This is not a new concept. For an attacker to start doing this to your house, then they must already know that you own a large amount of bitcoin, your address, you have it in a wallet which only requires one back up to compromise (as opposed to an additional passphrase or a multi-sig), and that you have said back up stored on site. And if an attacker already knows all that, then you have already lost all your security.

Quote from: larry_vw_1955 on December 18, 2022, 09:15:49 PM

#1) you don't end up forgetting about what things you have hidden and where.

If you forget which outlet you've hidden it in, you could probably unscrew and check every outlet in your house in under an hour. Not a huge issue.

Quote from: larry_vw_1955 on December 18, 2022, 09:15:49 PM

#2) say you move out of the house and forget to bring it with you and maybe someone is doing some home maintenance then they find what you hid. your private key has now been revealed. there's a much greater chance of that than someone brute forcing it using a computer.

So don't use a system where compromise of a single back up can lead to loss of coins. And simply move all your coins to new wallets when you move house.

Topic: Are dices for generating seed words fair? - page 5. (Read 3342 times)