Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Author

Topic: Is it possible to derive a mnemonic from a given xprv? (Read 84 times)

nc50lc
legendary
Activity: 2394
Merit: 5531
Self-proclaimed Genius
Is it possible to derive a mnemonic from a given xprv?
December 31, 2023, 01:13:22 AM
#7
Quote from: tiffy on December 30, 2023, 09:06:05 AM
Quote from: nc50lc on December 30, 2023, 07:30:21 AM
You can also just backup the master private key and your descriptors' various derivation paths if the whole descriptors are too long.
I will back up the wallet offline but digitally. Nevertheless, I would like a paper back-up in case of disaster. It should be sufficient to note the master key and the root of the path of the descriptor used (for example /84'/0'/0'/0/*), right?

The public part is stored in my watch only wallet (full node), which I use to create the unsigned transactions, which I then transfer to the cold wallet and sign there. That's how I've understood it so far.
Yes, since Bitcoin Core is using the standard BIP44, BIP84, BIP49 and BIP86 paths, the master private key should be enough as a backup.
However, you'll need at least a reminder on how to import the xprv which is the derivation paths of each descriptor to recreate them, other wallet compatibility or manual derivation.
You can't always trust your memory to distinctly remember what to do with the backup and we'll never know if the current standard will become depreciated in the future.

That's an option if the backup space is limited (e.g.: metal plate)
But if possible, backup the whole descriptors, all of them.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18509
Re: Is it possible to derive a mnemonic from a given xprv?
December 30, 2023, 10:43:28 AM
#6
Quote from: Charles-Tim on December 30, 2023, 05:21:23 AM
This is irreversible and it is an effective protection against brute force attack.
I would point out that the PBKDF2 used in bitcoin actually provides very weak protection against brute force. 2,048 rounds is a very small number. Bitcoin Core uses a minimum of 25,000 rounds, but usually much more depending on the hardware of your machine. Many other algorithms will use hundreds of thousands or even millions of iterations. The protection of seed phrases against brute force attacks stems from the 2128 bits of entropy, not from the 2,048 rounds of hashing.

Quote from: tiffy on December 30, 2023, 09:06:05 AM
Exactly, that's why I don't want to do that. With what little knowledge I have, I prefer to handle things canonically (although I am only just learning what that actually means)
If you don't want to trust any piece of hardware or software to generate your entropy and seed phrase for you, then consider generating it manually by flipping a coin to generate a binary string and then mapping that to words on the word list. You'll only need to use an (airgapped!) computer in order to generate the checksum for the final word.
tiffy
jr. member
Activity: 31
Merit: 31
Re: Is it possible to derive a mnemonic from a given xprv?
December 30, 2023, 09:06:05 AM
#5
Thank you all for putting me on the right track once again. And also for the references to the specific algorithms.

Quote from: nc50lc on December 30, 2023, 07:30:21 AM
If this is about finding an easy way to backup your Bitcoin Core wallet to a paper or metal plate,
it should be done the other way around (I've seen your thread about creating cold-storage Bitcoin Core):
Create a BIP39 mnemonic->Derive the Master Private Key->Manually create descriptors with it->Import to a blank wallet
Yes, it was a bit of a XY problem. I actually thought about creating a mnemonic from the master key, which I have now learned is impossible.

Quote from: nc50lc on December 30, 2023, 07:30:21 AM
But the obvious downside is you'll have to use a third-party to generate the entropy which could be using insecure RNG.
So try to find a safe open-source BIP39 tool/wallet that you can audit if you really have to use a mnemonic seed.
Exactly, that's why I don't want to do that. With what little knowledge I have, I prefer to handle things canonically (although I am only just learning what that actually means),

Quote from: nc50lc on December 30, 2023, 07:30:21 AM
You can also just backup the master private key and your descriptors' various derivation paths if the whole descriptors are too long.
I will back up the wallet offline but digitally. Nevertheless, I would like a paper back-up in case of disaster. It should be sufficient to note the master key and the root of the path of the descriptor used (for example /84'/0'/0'/0/*), right?

The public part is stored in my watch only wallet (full node), which I use to create the unsigned transactions, which I then transfer to the cold wallet and sign there. That's how I've understood it so far.
nc50lc
legendary
Activity: 2394
Merit: 5531
Self-proclaimed Genius
Re: Is it possible to derive a mnemonic from a given xprv?
December 30, 2023, 07:30:21 AM
#4
Quote from: tiffy on December 29, 2023, 09:47:43 PM
Is it also possible to calculate a mnemonic from a given extended private key? (For example, the extended key of a wallet created with Bitcoin Core).
If this is about finding an easy way to backup your Bitcoin Core wallet to a paper or metal plate,
it should be done the other way around (I've seen your thread about creating cold-storage Bitcoin Core):
Create a BIP39 mnemonic->Derive the Master Private Key->Manually create descriptors with it->Import to a blank wallet

But the obvious downside is you'll have to use a third-party to generate the entropy which could be using insecure RNG.
So try to find a safe open-source BIP39 tool/wallet that you can audit if you really have to use a mnemonic seed.

You can also just backup the master private key and your descriptors' various derivation paths if the whole descriptors are too long.
Charles-Tim
legendary
Activity: 1512
Merit: 4795
Re: Is it possible to derive a mnemonic from a given xprv?
December 30, 2023, 05:21:23 AM
#3
Quote from: tiffy on December 29, 2023, 09:47:43 PM
Is it also possible to calculate a mnemonic from a given extended private key?
Just as it has been explained above, it is not possible. The mnemonic is converted to seed through PBKDF2 key stretching function with 2048 rounds of hashing using HMAC-SHA12. This is irreversible and it is an effective protection against brute force attack.
Zaguru12
hero member
Activity: 672
Merit: 855
Re: Is it possible to derive a mnemonic from a given xprv?
December 30, 2023, 12:26:54 AM
#2
You cannot calculate or derive a mnemonic from an extended key or master private key (xprv) it is a one way hashing function that can’t be reversed. The mnemonic of bip 39 are used to derive the Hierarchy deterministic (HD) seed and then an extended or master private key, and since the move from Mnemonic to HD seed is created using PBKDF2 then it can be reversed.

It is

Mnemonic - HD seed - master private key. The reversal is not possible
tiffy
jr. member
Activity: 31
Merit: 31
Re: Is it possible to derive a mnemonic from a given xprv?
December 29, 2023, 09:47:43 PM
#1
I play around with Ian Coleman's Mnemonic Code Converter. A tool for converting BIP39 mnemonic phrases to addresses and private keys.

See:
https://iancoleman.io/bip39/

Standalone offline version:
https://github.com/iancoleman/bip39

Is it also possible to calculate a mnemonic from a given extended private key? (For example, the extended key of a wallet created with Bitcoin Core).
Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Jump to: