<div dir="ltr"><div dir="ltr">Hi Everyone,<div><br></div><div>Thank you very much in this thanks giving day for the detailed and well thought out responses. :)</div><div><br></div><div><pre style="white-space:pre-wrap;color:rgb(0,0,0)">Steven Hatzakis via bitcoin-dev <<a href="https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev">bitcoin-dev at lists.linuxfoundation.org</a>>:</pre></div><div><pre style="white-space:pre-wrap;color:rgb(0,0,0)">><i> *Option 2*: Perhaps a revision is needed to how the BIP39 seed is
</i>><i> generated in the first place, such as by hashing the entropy instead of the
</i>><i> words. Any thoughts on how viable that could be where the initial entropy
</i>><i> is fed into the PBKDF2 function and not the words?</i></pre>If we go this direction, I'd suggest that we pull Shamir's Secret Sharing into the game. Trezor's </div><div>SLIP-0039 proposal is great and has many security aspects already covered. However, it does </div><div>not allow any language other than English and Trezor team clearly stated that no other language </div><div>will be supported.</div><div><br></div><div>While I really want to keep the language independent design. So in the revision, I'd like to see </div><div>a language id (allocated to each one having a defined wordlist) in the SSS share, as well as</div><div>share id, threshold, index, share value, checksum etc. </div><div><br></div><div>Regarding checksum scheme, SLIP-0039 proposals a 3-word Reed-Solomon design. It has a very</div><div>good error checking capability but not very good at providing hints to error recovery. Trezor team </div><div>opposes to the idea of providing hints to users regarding how to fix an error. This could lead to</div><div>difficulties for some vendors, and in small probability, confusions to users (when there is a 2-word</div><div>error)</div><div><br></div><div>I do agree with Trezor team that it should be users' responsibility to recover from a detected error.</div><div>However, there is a better way than solely rely on checksum. That is, as in our revision, we can </div><div>support mnemonic in multiple languages simultaneously, why don't we use two languages, or one </div><div>language + numbers to check each other? In Steven's example (language id, share id, etc. skipped) </div><div>we could record a SSS share (assuming it is one of the shares just for the sake of example) like:</div><div><br></div><pre style="white-space:pre-wrap;color:rgb(0,0,0)">><i> *In English*: minimum fee sure ticket faculty banana gate purse caught
</i>><i> valley globe shift
</i>><i> *In Spanish*: mercado faja soledad tarea evadir aries gafas peine búho
</i>><i> tumor gerente reja</i></pre><pre style="caret-color: rgb(0, 0, 0); text-size-adjust: auto;">Or<i style="color:rgb(0,0,0);white-space:pre-wrap">
</i><pre style="color:rgb(0,0,0);white-space:pre-wrap">><i> *In English*: minimum fee sure ticket faculty banana gate purse caught
</i>><i> valley globe shift</i></pre><font color="#000000"><span style="white-space:pre-wrap">></span></font><i style="color:rgb(0,0,0);white-space:pre-wrap"> Word Indexes: 1128, 676, 1744, 1805, 653, 145, 770, 1396, 291, 1927, 794, 1582</i></pre><div><br><pre style="white-space:pre-wrap;color:rgb(0,0,0)"></pre>Then software will have to check checksum as well as to check if words match each other. For </div><div>example, "minimum"'s index value in English wordlist should equal to "<i style="color:rgb(0,0,0);white-space:pre-wrap">mercado</i>"'s in Spanish,</div><div>or should equal to 1128. </div><div><br></div><div>If any error is detected, combining the checksum value and dual-encoding information, it is much</div><div>easier to figure out which word was handprinted incorrectly. </div><div><br></div><div>BTW, it is very error prone to handprint. Some study suggests about 0.9% per word rate. See</div><div><a href="http://panko.shidler.hawaii.edu/HumanErr/Basic.htm">http://panko.shidler.hawaii.edu/HumanErr/Basic.htm</a><br></div><div><table cellspacing="1" cellpadding="2" class="gmail-style2" style="border-style:solid;border-width:1px;font-family:-webkit-standard;width:600px"><tbody><tr><td width="33%" valign="TOP" height="25"><p><font face="Arial">Hotopf [1980]</font></p></td><td valign="TOP" height="25" style="width:298.953px"><p><font face="Arial">W sample (written exam). Per word</font></p></td><td valign="TOP" height="25" class="gmail-style1" style="text-align:right;width:91.0469px"><p class="gmail-style1"><font face="Arial">0.9%</font></p></td></tr></tbody></table></div><div><br></div><div>It is important to have an error recovery mechanism easy to understand and implement. </div><div><br></div><div>Thanks,</div><div>Weiji</div></div></div>