Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Pages:
Author

Topic: What is BIP39 (Read 435 times)

Saint-loup
legendary
Activity: 2590
Merit: 2348
What is BIP39
March 12, 2023, 07:05:26 PM
#32
Quote from: hosseinimr93 on March 12, 2023, 06:17:35 PM
Quote from: Saint-loup on March 12, 2023, 05:54:03 PM
Backing up your modified wordlist is not mandatory, you just need to add the words belonging to your seed into the english.txt file, as explained above, to let Electrum accepting your own mnemonic seed.
But according to the post made by o_e_l_e_o before, you don't even need to add the words to your wordlist file.
I could generate a wallet successfully with the seed phrase posted by o_e_l_e_o  in that post, while I didn't have any of the words in my wordlist.
As you see in the following image, the next button is clickable.



You're right I thought Electrum was checking if words belonged to the dictionary before trying to generate the wallet because Electrum uses a completion feature when you enter each word. But you just need to modify the wordlist for generating an Electrum seed with your own words in reality. My bad.
hosseinimr93
legendary
Activity: 2380
Merit: 5213
Re: What is BIP39
March 12, 2023, 06:17:35 PM
#31
Quote from: Saint-loup on March 12, 2023, 05:54:03 PM
Backing up your modified wordlist is not mandatory, you just need to add the words belonging to your seed into the english.txt file, as explained above, to let Electrum accepting your own mnemonic seed.
But according to the post made by o_e_l_e_o before, you don't even need to add the words to your wordlist file.
I could generate a wallet successfully with the seed phrase posted by o_e_l_e_o  in that post, while I didn't have any of the words in my wordlist.
As you see in the following image, the next button is clickable.


Saint-loup
legendary
Activity: 2590
Merit: 2348
Re: What is BIP39
March 12, 2023, 05:54:03 PM
#30
Quote from: hosseinimr93 on March 12, 2023, 06:13:27 AM
Quote from: o_e_l_e_o on March 12, 2023, 04:38:59 AM
Anyone who doesn't speak English can very easily import their own native language wordlist in to Electrum if they so choose and use it to generate a seed phrase. That seed phrase will be compatible with every copy of Electrum in the world, even if they lose their original wordlist.
Doesn't BIP39 also have its standard wordlists for some languages?
If I generate a non-english BIP39 seed phrase using these standard wordlists and not my invented wordlist, there shouldn't be any problem.

That's the same in electrum. If I use the standard wordlist, I will be able to recover my wallet easily. But in the case I use a modified version of wordlist, I won't be able to recover my wallet if I lose the modified version of wordlist.

Is there anything I am missing?
Backing up your modified wordlist is not mandatory, you just need to add the words belonging to your seed into the english.txt file, as explained above, to let Electrum accepting your own mnemonic seed. And if you use the BIP39 import feature, you won't even need to make any hack. Because Electrum accepts so-called BIP39 seeds from any language real or unreal, even from one word languages  Roll Eyes.
Your wordlist will only be needed if some characters or words are missing from your seed actually.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18509
Re: What is BIP39
March 12, 2023, 06:21:11 AM
#29
Quote from: hosseinimr93 on March 12, 2023, 06:13:27 AM
Are you saying the possibility of having your own wordlist in electrum is an advantage while that's a disadvantage in BIP39?
The difference comes from how that wordlist is used.

With BIP39, the wallet must know your wordlist in order to verify your checksum. If it does not know your wordlist, then it does not know what bits the words represent, so it cannot calculate the checksum, nor compare it to the bit string to see if it is correct.
With Electrum, the wallet does not need to know your wordlist at all. The versioning system is based on a hash of the words, not the original entropy that those words encode, so even without knowing the wordlist Electrum can hash your seed phrase, check the version number, and tell you if that seed phrase is valid (as well as whether it is a legacy or a segwit wallet).

Quote from: hosseinimr93 on March 12, 2023, 06:13:27 AM
If I generate a non-english BIP39 seed phrase using these standard wordlists and not my invented wordlist, there shouldn't be any problem.
It depends on your software. Electrum will import it just fine, but many wallets will only accept English words.

Quote from: hosseinimr93 on March 12, 2023, 06:13:27 AM
That's the same in electrum. If I use the standard wordlist, I will be able to recover my wallet easily. But in the case I use a modified version of wordlist, I won't be able to recover my wallet if I lose the modified version of wordlist.
It's not. Electrum will quite happily restore a seed phrase generated using any wordlist, even one it does not know.

Here's a post I made several years ago, in which I share an Electrum seed phrase using a non-standard wordlist which I have long deleted, on a much older version of Electrum. You can still import that seed phrase without any issues in to your version of Electrum and arrive at the same address I did back then.
hosseinimr93
legendary
Activity: 2380
Merit: 5213
Re: What is BIP39
March 12, 2023, 06:13:27 AM
#28
Quote from: o_e_l_e_o on March 11, 2023, 08:10:02 AM
Which is clearly a weakness. If I import a BIP39 seed phrase generated with an incorrect wordlist, a foreign language wordlist, an edited wordlist, etc., then my wallet software cannot tell me whether or not it is accurate. The dependence on a known wordlist is a weakness, because now I don't know whether my seed phrase is correct or not, and I have to go searching for some software which will allow me to attempt to import it.
It seems that, there's something I don't understand here.
BIP39 seed phrase is created using a known algorithm and anyone can make any change to the algorithm and the wordlist. Electrum is also open-source and and anyone can change the source code.
I can use my own wordlist in electrum as I can use my own wordlist when creating a BIP39 seed phrase.
Are you saying the possibility of having your own wordlist in electrum is an advantage while that's a disadvantage in BIP39?


Quote from: o_e_l_e_o on March 12, 2023, 04:38:59 AM
Anyone who doesn't speak English can very easily import their own native language wordlist in to Electrum if they so choose and use it to generate a seed phrase. That seed phrase will be compatible with every copy of Electrum in the world, even if they lose their original wordlist.
Doesn't BIP39 also have its standard wordlists for some languages?
If I generate a non-english BIP39 seed phrase using these standard wordlists and not my invented wordlist, there shouldn't be any problem.

That's the same in electrum. If I use the standard wordlist, I will be able to recover my wallet easily. But in the case I use a modified version of wordlist, I won't be able to recover my wallet if I lose the modified version of wordlist.

Is there anything I am missing?
o_e_l_e_o
legendary
Activity: 2268
Merit: 18509
Re: What is BIP39
March 12, 2023, 04:38:59 AM
#27
Quote from: Saint-loup on March 11, 2023, 06:26:16 PM
It would be more user-friendly if wallets were clearly indicating which languages they are supporting for seeds, but I don't think it's a big deal though.
I agree, but there are plenty of bad wallets out there which do all kinds of weird and non-standard things with seed phrases, derivation paths, and so on.

Quote from: Saint-loup on March 11, 2023, 06:26:16 PM
So finally you think using a wordlist is a good thing? If this wordlist exists in english, why it couldn't exist in other languages?
Of course a wordlist is a good thing. I've never said otherwise.

The difference is in how that wordlist is used. With BIP39, if you use a non-English wordlist, then most wallets have no idea if your seed phrase is valid or not, many will not yet you import it, and if they do import it will have no idea which script type or derivation path to use to generate a wallet. With Electrum, if you use an non-English wordlist, then Electrum will verify it just fine, import it just fine, and generate the exactly correct script type and derivation path without any further input from you. This is clearly a superior system.

Anyone who doesn't speak English can very easily import their own native language wordlist in to Electrum if they so choose and use it to generate a seed phrase. That seed phrase will be compatible with every copy of Electrum in the world, even if they lose their original wordlist.
Saint-loup
legendary
Activity: 2590
Merit: 2348
Re: What is BIP39
March 11, 2023, 06:26:16 PM
#26
Quote from: o_e_l_e_o on March 11, 2023, 08:10:02 AM
Quote from: Saint-loup on March 10, 2023, 06:45:53 PM
Because if a BIP39 wallet doesn't support one language, it will just reject the seed because it won't be able to compute and verify the checksum, that's it.
Which is clearly a weakness. If I import a BIP39 seed phrase generated with an incorrect wordlist, a foreign language wordlist, an edited wordlist, etc., then my wallet software cannot tell me whether or not it is accurate. The dependence on a known wordlist is a weakness, because now I don't know whether my seed phrase is correct or not, and I have to go searching for some software which will allow me to attempt to import it.
If the wallet doesn't generate any wrong key/address, I don't call that a weakness, I call that a matter of unavailability. It would be more user-friendly if wallets were clearly indicating which languages they are supporting for seeds, but I don't think it's a big deal though.

Quote from: o_e_l_e_o on March 11, 2023, 08:10:02 AM
Quote from: Saint-loup on March 10, 2023, 06:45:53 PM
The purpose of a mnemonic seed is to be easily usable by a human, but if the user doesn't know English, it will be as difficult for him as using an hexadecimal seed.
Not at all. I don't speak Portuguese, but if I had a Portuguese seed phrase with one or two character errors in it, then it is trivial for me to start looking up words in a Portuguese dictionary to see which one might be spelt incorrectly. I can't do that with raw hex.
So finally you think using a wordlist is a good thing? If this wordlist exists in english, why it couldn't exist in other languages? And if only one language should be used for the seeds why it should be the english language? You really think that poor Salvadorians have no other things to do than trying to decipher their mnemonic seed in order to be able to use BTC? BTC is not enough difficult to use for the average Jose, he needs to learn english on top of that? A child of 4 years can spend fiat money, Bitcoin is far away from that.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18509
Re: What is BIP39
March 11, 2023, 08:10:02 AM
#25
Quote from: Saint-loup on March 10, 2023, 06:45:53 PM
Because if a BIP39 wallet doesn't support one language, it will just reject the seed because it won't be able to compute and verify the checksum, that's it.
Which is clearly a weakness. If I import a BIP39 seed phrase generated with an incorrect wordlist, a foreign language wordlist, an edited wordlist, etc., then my wallet software cannot tell me whether or not it is accurate. The dependence on a known wordlist is a weakness, because now I don't know whether my seed phrase is correct or not, and I have to go searching for some software which will allow me to attempt to import it.

Quote from: Saint-loup on March 10, 2023, 06:45:53 PM
The purpose of a mnemonic seed is to be easily usable by a human, but if the user doesn't know English, it will be as difficult for him as using an hexadecimal seed.
Not at all. I don't speak Portuguese, but if I had a Portuguese seed phrase with one or two character errors in it, then it is trivial for me to start looking up words in a Portuguese dictionary to see which one might be spelt incorrectly. I can't do that with raw hex.
Saint-loup
legendary
Activity: 2590
Merit: 2348
Re: What is BIP39
March 10, 2023, 06:45:53 PM
#24
Quote from: Sarah Azhari on March 06, 2023, 02:17:35 AM
Quote from: Saint-loup on March 05, 2023, 05:57:10 PM
Actually before BIP39 there was BIP32 https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
BIP32 has been created in February 2012 while BIP39 has been created in September 2013 precisely. And it's BIP32 which introduced/standardized Hierarchical Deterministic Wallets, BIP39 only allowed them to be more easily usable and memorizable by humans. But Bitcoin Core still doesn't use BIP39 seeds for example, only BIP32 ones in WIF format.
is BIP39 is a development from BIP32?, if yes, why they don't continue their development about vulnerability or weakness which was shown by electrum?.

Quote
A fixed wordlist is still required. Following our recommendation, BIP39 authors decided to derive keys and addresses in a way that does not depend on the wordlist. However, BIP39 still requires the wordlist in order to compute its checksum, which is plainly inconsistent, and defeats the purpose of our recommendation. This problem is exacerbated by the fact that BIP39 proposes to create one wordlist per language. This threatens the portability of BIP39 seed phrases.

BIP39 seed phrases do not include a version number. This means that software should always know how to generate keys and addresses. BIP43 suggests that wallet software will try various existing derivation schemes within the BIP32 framework. This is extremely inefficient and rests on the assumption that future wallets will support all previously accepted derivation methods. If, in the future, a wallet developer decides not to implement a particular derivation method because it is deprecated, then the software will not be able to detect that the corresponding seed phrases are not supported, and it will return an empty wallet instead. This threatens users funds.

https://electrum.readthedocs.io/en/latest/seedphrase.html
Calling that weakness or vulnerability is just a point of view. Because if a BIP39 wallet doesn't support one language, it will just reject the seed because it won't be able to compute and verify the checksum, that's it.
So what's the problem? The purpose of a mnemonic seed is to be easily usable by a human, but if the user doesn't know English, it will be as difficult for him as using an hexadecimal seed. Electrum still only supports english language for seeds currently (except by doing some hacks as told above), while being localizable in many languages, that's neither consistent nor convenient for those users.  
For the version number, each time a new format is created like Taproot now, they have to update their system and to hope it wont make bugs when new seeds will be used on older wallets. So I'm not sure it's more safe and convenient.
nc50lc
legendary
Activity: 2394
Merit: 5531
Self-proclaimed Genius
Re: What is BIP39
March 10, 2023, 04:13:51 AM
#23
Quote from: NotATether on March 09, 2023, 02:34:15 AM
I imagine, for the purpose of privacy, you could replace the wordlist to one which contains alphanumeric gibberish or even grammatically-correct text but with the wordlist in a scrambled order, so that in the event that people find your phrase and try to recover it, they would be confounded by its inability to be imported into normal Electrum builds.
o_e_l_e_o is correct.
If fact, as I noted, you can import that phrase to Electrum without issues.

Quote from: o_e_l_e_o on March 09, 2023, 11:32:25 AM
You can take the bunch of bananas (pun intended Tongue) nc50lc has posted above
As the standard unit of scale, I used "banana" to count the number of words in my custom word list.

To newbie readers: do not use it, it's only for testing purposes.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18509
Re: What is BIP39
March 09, 2023, 11:32:25 AM
#22
Quote from: NotATether on March 09, 2023, 02:34:15 AM
so that in the event that people find your phrase and try to recover it, they would be confounded by its inability to be imported into normal Electrum builds.
You do not need to have access to the original wordlist in order to recover an Electrum seed phrase. You can take the bunch of bananas (pun intended Tongue) nc50lc has posted above and use them to recover the original wallet in your Electrum client, without ever knowing the original wordlist he used. The same is true for alphanumeric gibberish or any other wordlist. If an attacker attempts to import it in to any recent version of Electrum, it will work just fine.
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: What is BIP39
March 09, 2023, 02:34:15 AM
#21
Quote from: nc50lc on March 07, 2023, 11:57:26 PM
Electrum's seed doesn't actually need a fixed wordlist, you can even edit the english.txt with your own set of words
and it will produce a valid seed (given that there's enough to produce a valid one).
e.g. (SegWit - Can be imported to Electrum):
Code:
banana110206 banana110312 banana021413 banana061112 banana030713 banana130608 banana020311 banana010311 banana010306 banana101112 banana020705 banana091106

I imagine, for the purpose of privacy, you could replace the wordlist to one which contains alphanumeric gibberish or even grammatically-correct text but with the wordlist in a scrambled order, so that in the event that people find your phrase and try to recover it, they would be confounded by its inability to be imported into normal Electrum builds.

It cannot be changed at runtime though, right?
nc50lc
legendary
Activity: 2394
Merit: 5531
Self-proclaimed Genius
Re: What is BIP39
March 07, 2023, 11:57:26 PM
#20
Quote from: bitmover on March 07, 2023, 02:05:18 PM
-snip-
Curiously, there are some different wordlists in electrum repo.
...and to satisfy that curiosity, it'll still work if they decided to use it even if the words aren't included in BIP39 wordlist nor for having 1626 words.

Electrum's seed doesn't actually need a fixed wordlist, you can even edit the english.txt with your own set of words
and it will produce a valid seed (given that there's enough to produce a valid one).
e.g. (SegWit - Can be imported to Electrum):
Code:
banana110206 banana110312 banana021413 banana061112 banana030713 banana130608 banana020311 banana010311 banana010306 banana101112 banana020705 banana091106
o_e_l_e_o
legendary
Activity: 2268
Merit: 18509
Re: What is BIP39
March 07, 2023, 03:56:40 PM
#19
Quote from: bitmover on March 07, 2023, 02:05:18 PM
Curiously, there are some different wordlists in electrum repo.
You can see why here: https://github.com/spesmilo/electrum/issues/7956. They are not used.

Quote from: bitmover on March 07, 2023, 02:05:18 PM
Some of them are somehow related to Monero Projects (like the portuguese one, which has a text in the start "# Copyright (c) 2014, The Monero Project")
The Portuguese one is a good example - you'll notice it has 1626 words. This is the same number of words as old style Electrum seed phrases, which also used an English word list with 1626 words: https://github.com/spesmilo/electrum/blob/18cf546aab7d1a4d122a85ae2b49935cf64c9510/electrum/old_mnemonic.py#L31

Such phrases have not been used in many years, however.
bitmover
legendary
Activity: 2212
Merit: 5622
Non-custodial BTC Wallet
Re: What is BIP39
March 07, 2023, 02:05:18 PM
#18
Quote from: o_e_l_e_o on March 07, 2023, 04:58:12 AM
Quote from: Sarah Azhari on March 07, 2023, 03:24:39 AM
Seem like, Electrum wallet is supported for that 10 BIP39 different language lists ( I tried it and got the correct address). so we haven't to worry about using the local language list.
Again, that's not how it works.

If you import a non-English BIP39 seed phrase in to Electrum, it will show the error "Unknown wordlist". Because the wordlist is unknown, Electrum is unable to tell you if any of the words are incorrect or if the checksum is invalid. Since it is the words themselves which are fed in to PBKDF2, then if everything is correct then yes, you will still generate the same wallet. But you lose all the safety of unique words and a checksum, since these things cannot be checked without knowing the wordlist being used.

And, as always, Electrum have never offered any guarantee that they will continue to support BIP39 seed phrases.

Curiously, there are some different wordlists in electrum repo.

They are not the same in the BIP39 wordlists, but there are many languages.
https://github.com/spesmilo/electrum/tree/master/electrum/wordlist

Some of them are somehow related to Monero Projects (like the portuguese one, which has a text in the start "# Copyright (c) 2014, The Monero Project")
o_e_l_e_o
legendary
Activity: 2268
Merit: 18509
Re: What is BIP39
March 07, 2023, 04:58:12 AM
#17
Quote from: Sarah Azhari on March 07, 2023, 03:24:39 AM
Seem like, Electrum wallet is supported for that 10 BIP39 different language lists ( I tried it and got the correct address). so we haven't to worry about using the local language list.
Again, that's not how it works.

If you import a non-English BIP39 seed phrase in to Electrum, it will show the error "Unknown wordlist". Because the wordlist is unknown, Electrum is unable to tell you if any of the words are incorrect or if the checksum is invalid. Since it is the words themselves which are fed in to PBKDF2, then if everything is correct then yes, you will still generate the same wallet. But you lose all the safety of unique words and a checksum, since these things cannot be checked without knowing the wordlist being used.

And, as always, Electrum have never offered any guarantee that they will continue to support BIP39 seed phrases.
NotATether
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Re: What is BIP39
March 07, 2023, 04:05:12 AM
#16
Quote from: Sarah Azhari on March 07, 2023, 03:24:39 AM
Quote from: o_e_l_e_o on March 06, 2023, 08:27:34 AM
Quote from: bitmover on March 05, 2023, 09:11:08 PM
Just to add to this answer,  there are many bip 39 translations which can be seen here:
It is highly recommend not to use a local wordlist since the majority of wallets only support the English wordlist.
Seem like, Electrum wallet is supported for that 10 BIP39 different language lists ( I tried it and got the correct address). so we haven't to worry about using the local language list.

I just watch my local list - https://github.com/bitcoin/bips/pull/621
that isn't updated.


Wordlists don't go inside BIP39 anymore. They go into a separate standard that is called "WLIPs" (WordList Improvement Proposals).

Quote from: https://github.com/bitcoin/bips/pull/1129#issuecomment-873267328
For now, the author(s) of BIP 39 have decided not to accept any further word lists into BIP 39 itself, and encourage adding new ones to the WLIPs repo here: https://github.com/p2w34/wlips

That repo seems to have only english and polish lists for now, but a lot of the proposed wordlists are missing from there, and they can be seen in the pull request I linked.
Sarah Azhari
hero member
Activity: 854
Merit: 737
Re: What is BIP39
March 07, 2023, 03:24:39 AM
#15
Quote from: o_e_l_e_o on March 06, 2023, 08:27:34 AM
Quote from: bitmover on March 05, 2023, 09:11:08 PM
Just to add to this answer,  there are many bip 39 translations which can be seen here:
It is highly recommend not to use a local wordlist since the majority of wallets only support the English wordlist.
Seem like, Electrum wallet is supported for that 10 BIP39 different language lists ( I tried it and got the correct address). so we haven't to worry about using the local language list.

I just watch my local list - https://github.com/bitcoin/bips/pull/621
that isn't updated.
o_e_l_e_o
legendary
Activity: 2268
Merit: 18509
Re: What is BIP39
March 06, 2023, 10:05:16 AM
#14
Quote from: bitmover on March 06, 2023, 09:45:41 AM
However,  any keyword list from any language can just be "translated" to english just by converting the respective word number to the english equivalent.
That's not how it works.

It is the words themselves, not the bit string they represent, which is fed in to PBKDF2 in order to generate your seed number, master keys, and entire wallet. Translating the words will result in an entirely different wallet being generated, even if the words represent the same underlying entropy.

You can try this yourself in Ian Coleman. Open it up and generate a seed phrase in any language. Then click "Show entropy details". Then choose a different language. It will "translate" your seed phrase while keeping the same word index numbers, but the resulting keys and addresses will be completely different.
bitmover
legendary
Activity: 2212
Merit: 5622
Non-custodial BTC Wallet
Re: What is BIP39
March 06, 2023, 09:45:41 AM
#13
Quote from: o_e_l_e_o on March 06, 2023, 08:27:34 AM
Quote from: bitmover on March 05, 2023, 09:11:08 PM
Just to add to this answer,  there are many bip 39 translations which can be seen here:
It is highly recommend not to use a local wordlist since the majority of wallets only support the English wordlist.

I understand your point of view, and I use english keywords as well.

However,  any keyword list from any language can just be "translated" to english just by converting the respective word number to the english equivalent.

some good tools such as ian coleman use it was well.
https://iancoleman.io/bip39/#portuguese
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software
Jump to: