"micro-seed" for a single address | Bitcointalksearch.org

Abdussamad

legendary

Activity: 3710

Merit: 1586

Quote from: reee on July 21, 2017, 04:25:14 PM

mmh, i read that the number of possible private keys is 2^256 (because bitcoin keys are 256bit long).
So we have:
1626^x=2^256
solution is: x = 23.99899907
so 24 words for a single private key.
Electrum uses only 13 words for many keys
Huh

Electrum used to have a dictionary that size in the past. Now the dictionary is of 2048 words and typical seed size is 12 words. However 1 of those 12 words is used to encode meta data such as the seed version, wallet type and a checksum. The 11 words that you have available allow you to encode a 124 bit random number. However the author believes that even the meta data cannot be guessed and an attacker would have to brute force it just like the rest of the seed so he believes in reality its more than 124 bits.

You're fundamental point that the seed has less entropy than the private key is correct. But 124 bits is considered secure so it doesn't matter much.

If you want a smaller or larger seed you can actually generate one using electrum command line options:

Code:

electrum help make_seed

will tell you more.

Abdussamad

legendary

Activity: 3710

Merit: 1586

Quote from: reee on July 21, 2017, 11:54:15 AM

Would it be feasible to generate a "micro-seed" to "memorize" the private key of a single address?
Now there is a seed of 12 words that can be use to recover a wallet with many addresses.
So I thought, with 2-3 words it would be possibile to recover a single address? Or it would need more words?
Are there some services that do this? I know there was "brainwallet" but it wasn't secure.

A single private key is 256bits and you can't represent that in 2-3 words. You can't even represent it in 12 words. The 12 words of an electrum seed only gets you 124bits of entropy.

HCP

legendary

Activity: 2086

Merit: 4363

They may not be easier to memorise, but they do offer some protection from mistakes when transcribing... Given a normal English word like "finally" and a random string like "De0itl5" which one do you think you might get wrong when writing it down?

Additionally, by attempting to use non-similar words, it also tries to enable recovery from minor errors in transcribing. Granted the current word list isn't exactly great for this with word like kit, kid, kite etc...

But still... If you write down "finaly" instead of "finally" you're likely to be able to fix that by looking at the word list... However, if your random string is "De0itl5" and it isn't working when you try and type it in... What are you options for figuring out which character is wrong... Or missing?

HI-TEC99

legendary

Activity: 2772

Merit: 2846

Quote from: reee on July 21, 2017, 04:39:20 PM

So the 20 generated addresses are not "independent", but they have a link each other, so there aren't 2^256^20 possible wallets but a lower number, that however is probably still safe for normal use.

The addresses electrum generates are all part of a deterministic wallet. They are perfectly safe to use unless an attacker finds out your wallet's master public key and one private key from a singe address. It's possible to calculate all the other private keys in your wallet using those two pieces of information. Bitcoinmagazine explains all about deterministic wallets, and that exploit.

https://bitcoinmagazine.com/articles/deterministic-wallets-advantages-flaw-1385450276/

Quote

The problem is this: although you certainly can securely hand out child keys with no risk to the parent key, and you can hand out master public keys with no risk to the master private key, you cannot do both at the same time. The exploit for when that situation does arise is actually quite simple, and can be done with two lines of pybitcointools code.

That bitcoinmagazine article also points out that electrum's seed words are as difficult to memorise as random strings of characters.

Quote

the standard (Electrum) implementation of the second approach is too difficult to memorize – studies show that passphrases like “glow date cost bloody curve wheel cousin picture ring finally bubble press” are no easier to memorize than random strings of characters of an equal security level.

reee

sr. member

Activity: 439

Merit: 252

Get Paid to Play your Media on Current

So the 20 generated addresses are not "independent", but they have a link each other, so there aren't 2^256^20 possible wallets but a lower number, that however is probably still safe for normal use.

HI-TEC99

legendary

Activity: 2772

Merit: 2846

Quote from: reee on July 21, 2017, 04:25:14 PM

mmh, i read that the number of possible private keys is 2^256 (because bitcoin keys are 256bit long).
So we have:
1626^x=2^256
solution is: x = 23.99899907
so 24 words for a single private key.
Electrum uses only 13 words for many keys
Huh

It doesn't use the words to generate a private key, it uses the words to generate a very long random number, then uses that number to generate private keys. The number has 135 bits of entropy.

This page explains how secure the electrum seed is.

http://docs.electrum.org/en/latest/seedphrase.html

reee

sr. member

Activity: 439

Merit: 252

Get Paid to Play your Media on Current

mmh, i read that the number of possible private keys is 2^256 (because bitcoin keys are 256bit long).
So we have:
1626^x=2^256
solution is: x = 23.99899907
so 24 words for a single private key.
Electrum uses only 13 words for many keys
Huh

reee

sr. member

Activity: 439

Merit: 252

Get Paid to Play your Media on Current

I don't really want to memorize a private key, I was just curious.
I still don't understand why 12 words are good for encode many private keys, and 3 are not enough to memorize a single private key.
Probably it's because also the order matters.
The article you linked says electrum uses a dictionary of 1626 words.
How many private keys are there in bitcoin? If we know this, we can find how many word are necessary by solving:
1626^x=numer_of_possible_private_keys

HI-TEC99

legendary

Activity: 2772

Merit: 2846

Quote from: reee on July 21, 2017, 03:51:47 PM

I was asking a way like the electrum seed, not memorizing the entire alphanumeric sequence

You could try the method of loci. People use it to memorise a shuffled pack of cards among other things. Apparently it works, but I don't know if it's good for memorising things for years, and I would be very cautious about trusting my coins to it even it's reliable in the long term.

https://en.wikipedia.org/wiki/Method_of_loci

What if you have an accident that affects your memory, or a health condition affects it? No memorisation technique can secure your coins in that situation.

reee

sr. member

Activity: 439

Merit: 252

Get Paid to Play your Media on Current

I was asking a way like the electrum seed, not memorizing the entire alphanumeric sequence

HI-TEC99

legendary

Activity: 2772

Merit: 2846

Quote from: kolloh on July 21, 2017, 03:45:17 PM

Quote from: HI-TEC99 on July 21, 2017, 02:04:45 PM

Quote from: reee on July 21, 2017, 01:38:39 PM

So, what is an easy way to memorize a single private key?

I doubt it's possible for most people to memorise a single private key. Maybe someone with a photographic memory could do it, but I doubt many normal people could.

I'm sure it is possible with enough practice. People memorize 100s to 1000s of digits of Pi, so certainly it could be done. It isn't very practical though and wouldn't be worth the time commitment it would take to memorize it. There is also too much at risk if you forget the key and don't have it backed up somewhere else.

Maybe it's possible to do it for a short time, but it would be very hard to be sure of memorising a key for years. I can easily remember passwords I use every day, but I often find myself at a loss when trying to remember one I haven't used in years.

kolloh

legendary

Activity: 1736

Merit: 1023

Quote from: HI-TEC99 on July 21, 2017, 02:04:45 PM

Quote from: reee on July 21, 2017, 01:38:39 PM

So, what is an easy way to memorize a single private key?

I doubt it's possible for most people to memorise a single private key. Maybe someone with a photographic memory could do it, but I doubt many normal people could.

I'm sure it is possible with enough practice. People memorize 100s to 1000s of digits of Pi, so certainly it could be done. It isn't very practical though and wouldn't be worth the time commitment it would take to memorize it. There is also too much at risk if you forget the key and don't have it backed up somewhere else.

HI-TEC99

legendary

Activity: 2772

Merit: 2846

Quote from: reee on July 21, 2017, 01:38:39 PM

Quote from: HI-TEC99 on July 21, 2017, 12:30:29 PM

No it wouldn't be possible using electrum's default word list because using three words wouldn't result in enough entropy. A three word seed would result in an address associated with a low entropy private key that would be fairly easy for an attacker to calculate. Any coins sent to that address could be stolen by an attacker.

It's strange that 12 words can "encode" safely many keys, and 3 keys can't "encode" a single address.

This stackexchange page explains how 12 words are just used to derive an extremely long random number. That extremely long number is what is used to create an almost limitless number of private keys. Three words from the electrum word list couldn't be used to derive a random number long enough to securely create a single private key.

https://bitcoin.stackexchange.com/questions/44272/electrum-seed-length

Quote from: reee on July 21, 2017, 01:38:39 PM

So, what is an easy way to memorize a single private key?

I doubt it's possible for most people to memorise a single private key. Maybe someone with a photographic memory could do it, but I doubt many normal people could.

reee

sr. member

Activity: 439

Merit: 252

Get Paid to Play your Media on Current

Quote from: HI-TEC99 on July 21, 2017, 12:30:29 PM

No it wouldn't be possible using electrum's default word list because using three words wouldn't result in enough entropy. A three word seed would result in an address associated with a low entropy private key that would be fairly easy for an attacker to calculate. Any coins sent to that address could be stolen by an attacker.

It's strange that 12 words can "encode" safely many keys, and 3 keys can't "encode" a single address.
So, what is an easy way to memorize a single private key?

HI-TEC99

legendary

Activity: 2772

Merit: 2846

Quote from: reee on July 21, 2017, 12:18:27 PM

Quote from: bL4nkcode on July 21, 2017, 12:02:46 PM

I guess no, it cannot recover only one or two address out of 2-3 words in a recovery seed. Only you can generate the private keys of this address from your wallet using the 12 seed to the mnemonic converter, and choose the address you want to recover and copying the address's private key them simply import it to any client.

I know that electrum hasn't this functionality, i was asking if it would be feasible to create a stand-alone "micro-seed" to recover a single address.
I was curious about the amount of words needed to memorize a single private key.

No it wouldn't be possible using electrum's default word list because using three words wouldn't result in enough entropy. A three word seed would result in an address associated with a low entropy private key that would be fairly easy for an attacker to calculate. Any coins sent to that address could be stolen by an attacker.

reee

sr. member

Activity: 439

Merit: 252

Get Paid to Play your Media on Current

Quote from: bL4nkcode on July 21, 2017, 12:02:46 PM

I guess no, it cannot recover only one or two address out of 2-3 words in a recovery seed. Only you can generate the private keys of this address from your wallet using the 12 seed to the mnemonic converter, and choose the address you want to recover and copying the address's private key them simply import it to any client.

I know that electrum hasn't this functionality, i was asking if it would be feasible to create a stand-alone "micro-seed" to recover a single address.
I was curious about the amount of words needed to memorize a single private key.

bL4nkcode

copper member

Activity: 2142

Merit: 1305

Limited in number. Limitless in potential.

I guess no, it cannot recover only one or two address out of 2-3 words in a recovery seed. Only you can generate the private keys of this address from your wallet using the 12 seed to the mnemonic converter, and choose the address you want to recover and copying the address's private key them simply import it to any client.

reee

sr. member

Activity: 439

Merit: 252

Get Paid to Play your Media on Current

Would it be feasible to generate a "micro-seed" to "memorize" the private key of a single address?
Now there is a seed of 12 words that can be use to recover a wallet with many addresses.
So I thought, with 2-3 words it would be possibile to recover a single address? Or it would need more words?
Are there some services that do this? I know there was "brainwallet" but it wasn't secure.

Topic: "micro-seed" for a single address (Read 452 times)