Topic: Could the BIP39 word list be completely replaced? - page 2. (Read 414 times)

Thank you.

Just a clarification. Please let me know if I correctly argue.  

The device generates 128 bits and the output is 12 words (128 digits, 0 or 1), or 256 bits and the output is 24 words (256 digits, 0 or 1), and so on.
So the entropy's output is always a binary number, that can be 128 digit long or 256 digit long.
After this phase, the binary number has to be hashed, and the output will add 4 digits (128 becomes 132, 256 become 260), always taken between 0 and 1.


Am i right?

the following points


and


are a little bit confusing to me.

Please, can you let me know: BIP39 wordlist is an univocal list or not?

Thank you for your patience.

Correct.

However, my key point is that BIP39, will not change and its key feature on being reliant on that seed phrase will always be a feature of BIP39. Whilst we have different implementations of Mnemonic seeds, it is not formally standardised as a standard for all to follow. Armory, Electrum seeds, etc are not part of any finalised BIP proposals.

We already have electrum seed phrase which doesn't rely on any fixed wordlist.
Unlike BIP39 seed phrase, you can always derive the correct private keys from an electrum seed phrase even without knowing the wordlist used for generating the seed phrase.

A desired feature of a defined wordlist is interoperability. All wallets that understand BIP39 have to stick to its well defined fixed wordlist. I don't see a need to change the words as every word just represents an unique 11-bit-sequence (as already explained above you can only have 2048 unique and distinct 11-bit sequences).

All wallets that know the correct wordlist and what it represents can convert a mnemonic recovery backup to the same wallet seed.



Maybe OP can explain, why he asks his questions?

@ranochigo may have already point these out, but I think there are some important points to be emphasized.

1. The purpose of a word list in BIP 39 is to enable validation of a checksum.
2. If a seed phrase doesn't come from a standard word list or it is not compatible with BIP 39, most wallets will complain and some will reject it. But, some wallets will accept any phrase.
3. There are many BIP-39 word lists. Here is a list of the common ones: BIP-0039 Word Lists

Furthermore, any arbitrary word list will work with BIP-39 as long as there is a wallet that supports it. And it doesn't have to be associated with a language. It could be a list of anime characters, for example.

Which is a whole other can of worms. There is no versioning system within BIP39, if you have a different wordlist of the same language, there is no telling of which wordlist the wallet should use. If the wallet chooses the wrong wordlist, then the checksum can't be calculated accurately.

Subsequent implementations would deviate from BIP39. Hence, BIP39 seeds will always be BIP39 seeds and BIPXXX seed will be BIPXXX, if we were to come up with another. Calling it BIP39 would be misnomer; BIP39 has its own set of standard and will always come with that set of wordlist. Regardless, I do not expect an expansion of the number of words in the BIP39 wordlist under any foreseeable circumstances.

Thank you for your answers.


So, I understand what follows:
A) BIP39 could potentially be replaced, but....
B) ...in any case, the subsequent implementation will still consider BIP39 wordlist as correct, to avoid invalidating every seed generated according to BIP39 wordlist;
C) consequently, the new wordlist will be named "the BIPXXX wordlist", to prevent confusion with the previous list.

So, "the BIP39 wordlist" will be ever "the BIP39 wordlist".

Please, let me know if I am right.

Thank you again

As mentioned before, you can. For BIP39, likely not.

The key thing about BIP39 is that it relies on the wordlist to be able to calculate the checksum. If you modify the original word-list even a little, then you run the risk of invalidating everyone's seed phrase because the appropriate checksum word for everyone would be completely different. Hence, it is likely that the English wordlist is final.

That is also the key flaw of BIP39, having a fixed wordlist for everyone. I would think that the next implementation of a mnemonic seed phrase would ditch its dependency on a fixed list of words and allow as many as possible. However, also do consider that the phrases should ideally conform to the following, as specified in the current BIP:
1) Unambiguous in the selection of the words
2) Derivatives of a word should not be included

Yes. There is nothing stopping this from happening. There would be no way to convert "old" seed phrases to "new" ones, however.

When you use the BIP39 process, you use entropy to calculate your seed phrase, then you use the actual words in the seed phrase to generate your master keys and subsequent child keys. So even if you had two different seed phrases which were generated from identical entropy, they would both generate different wallets since it is the words themselves which generate the wallet, not the underlying entropy. If you encoded the same entropy as an English and a French seed phrase, for example, then you would have two different wallets. So if you turned an "old" seed phrase in to one using the new wordlist, you would generate a completely different wallet. And so, if you did update the BIP39 wordlist, most wallets would continue to support the old wordlist as well, as otherwise old seed phrase would become unrecoverable by that software (or at least, they could not verify the checksum on old seed phrase).

I don't think there is any point in replacing the wordlist, however. It does what it needs to do probably as well as can be done. A better solution rather than changing the wordlist would be to change the entire seed phrase generation process so it does not depend on a fixed wordlist at all and specifies what script type to use (as Electrum seed phrases do), and that it also encodes a wallet birthday.

Hi.

Let's examine how BIP39 works.

So, your device generates 128 bits of entropy (assuming you want 12 words seed phrase). Then the entropy looks like this:


Then the entropy is hashed with SHA256. From the output, you will hold only the first 4 bits.

So now you have 128 bits of entropy + 4 bits that are called "checksum".

We will split these 132 bits into 12 segments of 11-bits each.

Imagine something like:


Now we will convert those binaries to decimals:


Let's go to the BIP39 wordlist and check where these numbers correspond to:


Now, following this process you realise that the max decimal you can get with 11 bits is 2047 (index starts at 0). So the max number of words you can have is 2048.

What would be needed if we wanted more words? Larger initial entropy (more bits) or the same amount of bits but less segments to be split into.

Is it necessary, or is it better? No! the fact that your seed phrase is selected from a set of 2048 words makes it super secure, so anything higher is an overkill.

But, higher entropy doesn't mean more secure? Yes, it does, but when we talk about bitcoin private keys, you can only get a maximum of 128 bits of security. This means that even if you create an entropy of 2000 bits to produce a private key, there can be someone who will generate the same key by solving the ECDSA algorithm, without messing with the size of the seed phrase at all.

Therefore, I believe there is no need for larger seed phrases or more english words in them. We must focus on securing the backups properly and not on trying to increase security in this regard.

BIP39 word lists are also in other languages

https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md

I do not think this will be possible in the future. I do not think it is worth speculating on. But no one knows what will happen in the future.

Hi everyone.

I have a question.

The BIP39 provides the word list in many languages, right? (see https://github.com/bitcoin/bips/blob/master/bip-0039/bip-0039-wordlists.md)
There are just 2048 records.
However, English has more than 20.000 words (ChatGPT says around 30.000.....).

My question is:

In the future, can the entire word list be completely replaced by a more comprehensive and agreed-upon BIP?
Or is it mathematically impossible to proceed with that substitution?


Thank you in advance