# [bitcoin-dev] Fortune Cookies to Bitcoin Seed

Trey Del Bonis j.delbonis.3 at gmail.com
Thu Feb 28 03:48:57 UTC 2019

```Hello all,

This might be another proto-BIP similar to the post about using a card
shuffle as a wallet seed that was posted here a few weeks back:
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016645.html

This is an idea I had to deriving a wallet seed from the lucky numbers
on a fortunes from fortune cookies [1].

On one side is some silly fortune, which we don't really care about
here.  But depending on the brand, on the other side there's 2 parts:

* "Learn Chinese", with a word in English and its translation into
Chinese characters and the (probably) pinyin.

* "Lucky Numbers", followed by usually 6 or 7 numbers, presumably in
the range of 1 to 99.  Someone can correct me on this if I'm wrong.

So each number should have around ~6.6 bits of entropy, which means
you could generate a "very secure" wallet seed with about 7 fortunes.
We can remember the order of the numbers on these fortunes based on
the English words, which we can commit to memory.

It's considered a rule of thumb that you can remember "7 things" at
once, which is pretty convenient for this.  Sometimes the numbers are
sorted, which decreases the entropy a bit, but that can be remedied
with just more fortunes.  This also splits up the information required
to reconstruct the seed into both something physical and something
remembered, and there isn't any particular ordering that someone can
mess up by, say, shuffling the card deck.  Although someone is
arguably more likely to throw away random fortunes than they are to
throw away a deck of cards which is a weakness of this scheme.

It also arguably has better deniability.  If you keep a pile of 20
fortunes (with different "Learn Chinese" words) and remember which 7
of them are for your key, but pick another 7 you can use to make a
decoy wallet to use if being forced to reveal a wallet.  Keeping 20
around is a little excessive but it gives 390700800 possible wallets.
So security can be trivially parameterized based on how secure you