Topic: Console make_seed() and vscode environment (Read 94 times)

If quantum computers eventually become practical with sufficient qubits, many classical cryptographic problems could be solved much faster. For instance:

- Shor’s algorithm, quantum computers can break ECC and RSA in polynomial time, dramatically reducing their effective security.
-Grover’s algorithm, the security of symmetric encryption schemes would effectively be halved, meaning a 128-bit symmetric key would provide only 64 bits of security against quantum attacks.


I am theorising  how you get to the specific key from 2048 known words must be easier than unknown words to get to a specific key in a key space, the entropy might be the same, but the your looking at a different sector of the key space.

The process of deriving a specific key from a constrained set of inputs, such as the 2048 known words in the BIP39 word list used for cryptocurrency wallets, may reduce the practical difficulty of a brute-force attack. Although the theoretical entropy of the system remains unchanged, the search space is effectively constrained.

Think of it like using a lightouse searchlight. If you’re looking for a target in a completely dark area, the light could shine in any direction, covering the entire 360-degree field. However, if you know the target can only be located within a specific arc—let’s say between points A and B—the searchlight doesn’t have to scan the whole field. Even though the target is still hidden, the process becomes more efficient because you’re focusing on a smaller, defined area.

Similarly, knowing that a key is derived from a deterministic process, like a BIP39 word list, limits the search to a specific subset of the key space.

Why did you halve that?

On elliptic curve, a 256-bit private key provides half the security meaning 128 bits of security. But when you have an entropy for key derivation, that entropy is providing the same amount of security as its size. Meaning a 128 bit entropy provides 128 bits of security not 64.

The clue in hosseinimr93's reply is in the second sentence.

The private keys that it generates have a security of 128-bit due to ECDLP. (explained in this topic by nullius)
The logic is: since the derived private keys have 128-bit of security, there's no major advantage of using a seed with higher security because the wallet will end up utilizing keys with lower security anyways.

And I don't know if there's an argument with the vulnerability of "unhardened derivation" which when a child private key is compromised together with its parent 'extended master public key' (which isn't usually kept safe in the wallet), its pair 'extended master private key' can be easily computed, that will compromise the entire wallet's private keys.

My high level thinking - as I don't quite grok the detail is this

The known 2048 words at 128 = 2^128 and IF (and its a big if) there was a sufficently large qbit computuer, becomes  2^64 problem that is a lot more crackabble.

A 24 brings this back to 128 in these conditions.

haveing 2048 know words mean the map to a particular key space -

if you have say 1 unkown word in the mix, then the attacker is really stuck, as they have a much larger dictionary to choose from and you dont have to use a word.

So it seems to me that the space of of the private key is larger than the space of the 2048 word dictionary versions as I can map to a private key that is not int he 2048 space by using my own words or strings

look forward to being shown the error of my thinking

If you want to import the 24 or 48 word seed on different wallet software or library, it may not be supported or buggy even though they claim they support word seed created by Electrum. And while theoretically 24 words could be more secure than 12 words due to larger search space (2048^12 compared with 2048^24), there's almost no practical security benefit when brute-forcing 2048^12 search space is impossible.

Yes.
Reference: github.com/spesmilo/electrum/blob/master/electrum/wallet.py#L3978-L3986

Given how Electrum generate its mnemonic, the correct entropy for 12 word mnemonic is 132 bits.
So a 24-word mnemonic should be make_seed(264)

Reference: github.com/spesmilo/electrum/blob/master/electrum/mnemonic.py#L205-L206

Yes, but longer mnemonics are more prone to human error.

Yes.
When you select "Create a new seed" and click on "Next" in electrum GUI, you actually call the make_seed command with default arguments.


As I said above, whether you generate a seed phrase in electrum GUI or using the console, you call the same function.

When you use make_seed(256), you change the nbits from the default value (128) to 256.
When you generate a seed on electrum GUI, you run the same function with the default nbits and it's like that you call seed_type().


Yes.

It may worth mentioning that you don't really increase your security with increasing the number words to more than 12.
A 12 word seed phrase provides the same security as a bitcoin private key.

I just tested it, and it seems to work.  I was able to create a wallet from a 48-word and a 96-word seed.  As long as the checksums are calculated correctly, Electrum will be able to use the seed to create a wallet.  As for the risks, I don't know if there are any other than giving yourself ample opportunities to make errors when creating a written paper backup, or when restoring from a paper backup.

Still, I'm not a coder, so I don't know what's going on in the back end, and if having that many words really increases the wallet's entropy in any way that makes it harder to crack.

A few questions about electrum .... I love the product

[1] is the console Consol make_seed(xxx) the same fuction and security as going through the GUI when makeing a new wallet to generate a seed?

[2] does make_seed(256) for a 24 words seed, is that as robust and safe as the defualt GUI 12 word at the begining gui for a new wallet

[3] could you use a make_seed(512) for a 48 word seed if you wanted? what are the risks


also


make_seed(1024)
tape crime ankle smile ranch return tip zone idea salt inflict retreat misery vessel settle nephew seat velvet wet appear silk raw will job tragic trade wave jump depth panther divert denial index coin spare ride umbrella express manual outdoor pitch devote cram village cake expand senior harbor bachelor dismiss income couple object mosquito curtain step squirrel soda erupt peanut rate pencil grant rifle tilt shy gesture mistake agree cart orchard fortune zebra easily convince caught rookie become visit canvas cash target since item coffee area turtle inside outdoor solve awesome vapor warrior afford


Many thanks in advance