So let's check/proove by example to see if I got this right, to see if the plausible deniability of BIP39 is really broken:
Via "http://bip32jp.github.io/english/" and "https://dcpos.github.io/bip39/" I created the following HD wallets:
HD Wallet 1 (let's assume this is what the "Ninjas" found out):
- Mnemonics: secret blame broken hundred bid express effort snow bike category wonder wrist
- Optional password:
(i.e. no password at all!)
Pub.Key: 0341931E073869EE4DFC769D14D35A1451E80CF3B44F1BB01EAB0FC970A5E6CC6D
1 14x3Z5HV4e6VfGMpJTENkP4abyQz1HqCrN L2kD3HXTfL7F6nkUAxwX8hWeFMx7ssbpHijYVNJFq18xyfe9ABm3
Pub.Key: 02BF3FD42086E624FC1684F99B35CC16BD02BF1E70AEC34BD017D8A7D266D789B3
2 14X2ypUStaG8nYsWaQHTsGhXrMVkieQtjG KwciLYshfsAzLgpd2kJjeZD3tta7Fbwevz6Heayzugmw37P4Eunh
Pub.Key: 03F1B8473B5781940E3B1036F572A64C7E6B4718D1A33FE2DD1A0CC6292335A0D0
3 1Nn46XR98hDWaX6mqeqdcQcyBrQPDPNCrN L4WFgLKPSoCZHLwoSZKv76hAyziCmbACLDyWgXRz9RZc19RBcJMV
Pub.Key: 023D529949196D46AF39147AF5021ED0DA64BB2C14405F3DBE25CDF94DB8C5D86A
4 12v88JPgLJ2dMKunUySA74hvBTS47FEvHG KyXYjjTAmu1vW1umNG4FedrBMTqJXu5G4NBdkfbcDRYNCEvLZZXB
Pub.Key: 029C2CFD4D65D18E9C5FA8E056D66BAB80D6CF933A6E6680B8C2B6BFAC352EC3A5
HD Wallet 2 (let's assume that the "Ninjas" found this out, too):
- Mnemonics: secret blame broken hundred bid express effort snow bike category wonder wrist (same as above)
- Optional password: simpletestpw
Pub.Key: 038D24199DFCAE21879C7849FFFCBB5D5DA16416B7B7EB88945ECF53D293238099
1 1GjB3CEDdrbeSxgFJ4DesvgzBidxg6REwv KxHGxoMuWBFh2pq7mdeprDwYHjyi2UwDuS6vXiUdnAwHCWMmU8Ur
Pub.Key: 03ED97088DF8B193AD74B81747CE89B21A0535344CDA6E12A3C52AA3038060C8FF
2 12K2vAaSYWMApRuq7HUNszyfuPgzkbvjjc L5SL1akFNR59cY5Yr3VG6uXheq9sfoc1QYTQ7vS1DEGzzgaDRR2S
Pub.Key: 02BF29E7C2BC14948E7F4ED6DA6930C80E339AFF2351939FA2A2C2C0A14452E729
3 19FxPD5VqskxYDgqoZDNkftaTZFAPhGuFC KyJmkryHDFTWWtgR1peGscwx4oJugBcrcqKsoGtpFsNvn716gf5p
Pub.Key: 02BBF1E25FF57155BA747389AE493ECA019D6275AF6C98459AC3F3F70543E309DB
4 1eC5dJBakJSNjZj8g4SKyyhexoZUTBPSY L3zgDkNCpqSrVR24AFvVMJmzxna5nJZZSEQe53aYWXiwSZxJtEcd
Pub.Key: 020D634A935814F574565EA921D711440A6AEF611E594EBD263A5EB33F45CE9149
Now let's assume that there EXISTS a third HD-Wallet with the same mnemonics but yet another, more complicated, password (>>50 quasi-random alpha-numerical characters).
The Ninjas don't know this password and the victim is denying its existence, although the first 5 keys of that HD wallet have already been used in the blockchain, such that their pub keys are published.
The question: Can the "Ninja-attackers" find out that I lied when denying the existence of that wallet?
So I am asking gmaxwell or any other "advocatus attackeris":
Which of the following sequences of 5 public keys is the one that belongs to a HD wallet generated with:
- Mnemonics: secret blame broken hundred bid express effort snow bike category wonder wrist (same as above!)
- Optional password:
Out of the following 10 lists (A-J) below...
- Exactly one list is generated from a BIP39 HD wallet generated with the same mnemonics as above, plus a complicated password. The question is: Which one? (out of A-J)
- At least 3 lists are generated from other BIP39 HD Wallets with different mnemonics and with or without optional password.
- At least 3 lists are just random independently generated "standalone" keys.
Option A:
Pub.Key: 027E4B1EC307A3B80070A2E2E22657A591D17293D4DE5F29CC8F24F04430181734
1 1D7C9jQNoaHMvMgQSDpAqkBa3e7eaxgoVg
Pub.Key: 034C75E5BE62DC4FEE402809D34CA30C5292090AED620D52BDDFC8D5C3C7E0022D
2 1QDCbJSdKunDECwVkTA8AeZ9Mt2cA9rowb
Pub.Key: 02F2F101E432204C4A32DE32E757413E351FE642FDC707184223FBBB5466579C04
3 17SuCFUbV2g83BPthzkmhFod91VeyyYpRM
Pub.Key: 02A4FB6AFBBB1DF29AB17F9519EEC77E47E7662E8399158C83F7B35501D36ECD83
4 1HHbDh3zif851finurUphR1fF6TcyqatoA
Pub.Key: 02C82A90DBB6E1DB6CDC2EDCB2081833C7C85D83254167CAA4C46A5D1C5119764E
Option B:
Pub.Key: 02FDC70A76434C3A8F44729866F714188E9FA25BCE0A5C93482CDC306CAFF3E4F1
1 15zdQ2wkXntrMKgs7Pkwq7D4sLVdSjJDPr
Pub.Key: 032BCD23D0CEA5FDFE622080F9C3BF2680F1D7EEAE8FC56DA64FC2ED536B630E53
2 1J81WVVNjfmoxHSqHgKUzv1aW8gwyX4R9E
Pub.Key: 023680424FEE801DBBD626D5248189D179C67976D2C9934EEDDB8A8B04FE63E192
3 1LrbvPQQ8yiG5SKnsCAVHbnwHkwKw1hURB
Pub.Key: 024F69025CF3768AFBB28D03AA9CD90D16BD8382AE021B8719809408C36C8A2401
4 1B88w1HNW6cwRmYSRM32HdX7gtQzWJy4Us
Pub.Key: 0268E345CD29D1D4FAA9652BE0F47B72170D510655552B56AAB2BEFBAE859BC44E
Option C:
Pub.Key: 02425F50BA0E0238528F03FE40FA1BA375DB30092739BC8ED48BB3EA917190CAA4
1 19SubykBdAGChGJV7qzractUuHchv2TGV9
Pub.Key: 039CE488557C3C72A7FFDE7E81314808516AE2CD227E96A60E1A47814E2413C9D5
2 1MSJu8cv1LFJbvXkVmg2GcB95sjJQv8uS7
Pub.Key: 030EA81265DCF94528D1A3AB0FF28EEC2A6E2E752A8D4E753B05943D6B82398534
3 1MhXzhgwtviqqx4KtFQTu2eoSLjcEJrPFz
Pub.Key: 026B68C00DC1EDA7886BB42DD859E58F412E5AC7C7FD25BC99C08C47F16B6CC2D4
4 1FbLCfrHLtgwc9iVaMTWCxPjVDogWbMQyY
Pub.Key: 036EC441E65F573DFC5B2659D3821575C0044E4C489690C36F77CD84DE6F815D97
Option D:
Pub.Key: 026CB7302696C9CB5EBE1AFDDBFBE15809E544210EDA0C9307D46AE4311A8593CC
1 18UQk41j7DQbnAjSHvghF4XT7xQcB144Bj
Pub.Key: 03ECCE5D50902B27BFB99E3C1B3A10F5777CC7118025630D18BA20FD0DEA51F688
2 1CuqcG2Bk2UkffM5xGCrLjADaXQtCvzKrm
Pub.Key: 0396614D44AB0AD96F348CFA7A1B8C04710819A2C80BB506A801CB239D8B9F7632
3 18LbxdoySf7EHJS1NrCb9yo4UrX8RwoZ2t
Pub.Key: 02BADC6EF32A885CA1A375CF96BC66002DBE881FF3DC2EC345420689F7CCDC5A66
4 1CoiEc8859xJSEH3dHQWqBL6fczkqo4RQb
Pub.Key: 03A46B6691853F69E8319720B725A17A83BC55136E43195010DF5DF758BC46A655
Option E:
Pub.Key: 03355E414BC4247A5E50C4F2678C3780BD3076926BE80371C841B43989FEA1096D
1 12af3bd7x7BcwpnAK4vJT6WvZgFwzFt2rP
Pub.Key: 038DB17B8890CD4A8049DBD2D3C9BF8307AFD6567714A71F1B22AF7154BB8316FE
2 1EF6zrRSdm94HjdUdRqLCguoMZab7PHyJf
Pub.Key: 03721B8BBEDDDD18B218466787E2F072A269DA6D8AD8D181DCB0FFFAD13AF25DDA
3 1EL36j33b4tTUGN5pEBajFttXvM18i9zem
Pub.Key: 03A633239EE71C05689AAE62BF4C286E4386DB88236A638CD51D9E3E393783AA1A
4 1LYCWdxxrystURtWz9mjnDssomSbkTvkJq
Pub.Key: 025E77B059394E38F5B44B8FE96FD47F3C9A2A1FA557D3B48F5E58CF30C8008804
Option F:
Pub.Key: 029F66217714A8AA2CF5493F9B52898EAAA19466CD70CB390032FE2D4DB2158FD1
1 16uSekTBuMrYavo9iQiJV1MNeay8H3UarH
Pub.Key: 033A58073D43870A2F112CCDE2ECCDD19F55B90A8B885ACDD60242E773C29707CD
2 1EmGFtfUeQNfNb3EnaVLGAjP6bshimghXy
Pub.Key: 03A2938B76D31C594E3526868F72BD18FFCEC588234156E4DF7B4593A843767A77
3 1PJyhCszxcN8gV8xRvEiVogQUjJhA3Ji4F
Pub.Key: 024044CBA5BB113669B7350C8FD41691F8E9F26F6EDFFB1E2C4A7416E23D2EB2AF
4 19jxSLZCUeG5u65baNtAEbTqjtuDP1NvQo
Pub.Key: 02C278BF4DB75E52019B7EA5FEAF1C541EAFEB87605BD1200F2ECE77C4DF552E3F
Option G:
Pub.Key: 039735DB6B669EF85E0F8883E97C7EEFE5244679CF1B793117050EBA47608ADAD4
1 1BqpuGvqsSBHa5pvsuefxsFQnqXZUH5B4f
Pub.Key: 03C13515B42DD13CFD5670CF82674AE0299FB01E900A9038E41E2146F73B8395B2
2 13Z8MgJ4bcCzeaK2j5Enezr92CjFgFaNcw
Pub.Key: 031E2F6B238F26826505CD2407FDAD9BE6B84359A47DA6954A70F78F0A7C5371E3
3 1MyaVy9CciMyMc1KSUCLJfxQUR5WFZYKjD
Pub.Key: 02FECDED98734080F40042920C6C945ACD91832A3095EDAC78427549B8EA3134D2
4 1EpzR2feGgyweejJWoPeERcbf3jCb3LBDt
Pub.Key: 02E968FCB36A23C9AE61E789EB57720F610E642C65BB174D7A6994E2456A9DCFD9
Option H:
Pub.Key: 02240C4D5E91E8A161CAA4C92139E1D037DCBEB800DF3C6913FB2798EF291E9735
1 19cdF1u9GdgrJUshJTCVvgdvaeathwTaHx
Pub.Key: 0331A6EBAE0279ED545A24FCDDDAF28BB59FB505C6D6E7E4B34038C838473625C8
2 1BFvirWvd7e2zVNR2pQeyQrFZjquK95xav
Pub.Key: 02E6E6AB43B08EB0E244EE043F49DBFE1AB21D174396C8AF6F058216F866BDCEAC
3 1NDQbzuYLrkbKSV6r1gNTWQkcBoAeTDoDU
Pub.Key: 02184CE4C6591A1BADBA9676E325DA3DE76A14CF9A8172A11BE9B5259CC2B8E736
4 1Cnf8NaHDnbYjMeE4TxvDF61DANRvUNJoR
Pub.Key: 030DE58B172B08A89AEA7C0F7F1380205F2557CA82EB50D271C82676C108107760
Option I:
Pub.Key: 02C4234923632972E51297A9A8333F44FEE1D7A0B51A3C5EE8BF9D8EC497BE55D8
1 19jJ5kTXwmKR15Dg2zb2BtUgRX42uL5Y9Z
Pub.Key: 033C17C742C8E1164C8654A8B485C046D13F8FD20B66F6E08E17A94187D379F89F
2 1PRwoPu9NyZyHy1M1HySmSjWhWnHV3Q3GS
Pub.Key: 03D5508D6CF212C43BD1581417D399C0373C1DDAE0BCF7A98AC5114FFB35F0D5AE
3 1HCjrSnPcEy1PXFX7sa9QPXTyQF5KJTs3A
Pub.Key: 0323D2D6EC89F30401B569AA1684F2F2E0251F4EC2CD135351C2124D33C07C8C87
4 18oJDyHNvdmN4g9x84rnv5e4b5Qg3769QR
Pub.Key: 02939A94E558B1F40E2415D2F6BB019BD349D6E5B869A4A9CDF7D851025B614945
Option J:
Pub.Key: 034F4A5B215077512A91C05AF8AEB787ECAC586A5E05E60ED121709AC224DF5691
1 1JAFeaKgKiTMKf6eDMFyTdhWsKFDSdjxEj
Pub.Key: 03E7853E8F5FE607410C3DF43ABF71050C2ED8C16B1FBC1BA90D93C4EF6681F0D3
2 1K746TgpUHNbxxAd1EwKMh2SBMBMaoqG4r
Pub.Key: 02DE4A2C0A46505D99B86EE41EFDA6DDB2731E5821119C12414C7EDE1C7DCD305B
3 1Gn8torjmDdtXx8DZMpnuYBXZWotAwwq6y
Pub.Key: 031B81A9B99EA06900A8E3530A8732F77ACE30E916733FDFEEDDAF3BD80C509CE7
4 1NQYJ5ZaJZwVn1KkPcdye4Ytu4xYYRkFYL
Pub.Key: 03BEDECD9AC2916BE4E6012E2936901B1CC0F4A4D44F658757E10140CB75E54FDA
Now I am very curious: Can you tell, which of the public key sequences A-J above is derived from the same mnemonics HD wallet as above (plus a different password)?
If yes, you have proven by example that the plausible deniability of "BIP39+password" is in fact attackable.
Otherwise, it yet needs to be proven - or I completely missed something.