diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-10-12 11:29:37 +0200 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2014-10-12 11:29:37 +0200 |
| commit | c0ca4051d548ae1fa874393c804fa20a1f5ea804 (patch) | |
| tree | 7b39dcfaa9090d95c8385e3a773ae22c8123ab49 | |
| parent | 70a9d190f3164c6b1130dc3e0d963877cc24f4da (diff) | |
| parent | 0bf935b552b25fefb9a6791bcb73bd883b1b87c7 (diff) | |
Merge pull request #87 from voisine/patch-2
BIP39 grammar
| -rw-r--r-- | bip-0039.mediawiki | 46 |
1 files changed, 23 insertions, 23 deletions
diff --git a/bip-0039.mediawiki b/bip-0039.mediawiki index 7054791..cd63e45 100644 --- a/bip-0039.mediawiki +++ b/bip-0039.mediawiki @@ -26,25 +26,25 @@ A mnemonic code or sentence is superior for human interaction compared to the handling of raw binary or hexidecimal representations of a wallet seed. The sentence could be written on paper or spoken over the telephone. -This guide meant to be as a way to transport computer-generated randomness over -human readable transcription. It's not a way how to process user-created -sentences (also known as brainwallet) to wallet seed. +This guide is meant to be a way to transport computer-generated randomness with +a human readable transcription. It's not a way to process user-created +sentences (also known as brainwallets) into a wallet seed. ==Generating the mnemonic== -The mnemonic must encode entropy in any multiple of 32 bits. With larger entropy -security is improved but the sentence length increases. We can refer to the +The mnemonic must encode entropy in a multiple of 32 bits. With more entropy +security is improved but the sentence length increases. We refer to the initial entropy length as ENT. The recommended size of ENT is 128-256 bits. First, an initial entropy of ENT bits is generated. A checksum is generated by taking the first <pre>ENT / 32</pre> bits of its SHA256 hash. This checksum is appended to the end of the initial entropy. Next, these concatenated bits are split into groups of 11 bits, each encoding a number from 0-2047, serving -as an index to a wordlist. Later, we will convert these numbers into words and +as an index into a wordlist. Finally, we convert these numbers into words and use the joined words as a mnemonic sentence. The following table describes the relation between the initial entropy -length (ENT), the checksum length (CS) and length of the generated mnemonic +length (ENT), the checksum length (CS) and the length of the generated mnemonic sentence (MS) in words. <pre> @@ -65,7 +65,7 @@ MS = (ENT + CS) / 11 An ideal wordlist has the following characteristics: a) smart selection of words - - wordlist is created in such way that it's enough to type the first four + - the wordlist is created in such way that it's enough to type the first four letters to unambiguously identify the word b) similar words avoided @@ -74,39 +74,39 @@ b) similar words avoided prone and more difficult to guess c) sorted wordlists - - wordlist is sorted which allows for more efficient lookup of the code words - (i.e. implementation can use binary search instead of linear search) - - this also allows trie (prefix tree) to be used, e.g. for better compression + - the wordlist is sorted which allows for more efficient lookup of the code words + (i.e. implementations can use binary search instead of linear search) + - this also allows trie (a prefix tree) to be used, e.g. for better compression -The wordlist can contain native characters, but they have to be encoded in UTF-8 +The wordlist can contain native characters, but they must be encoded in UTF-8 using Normalization Form Compatibility Decomposition (NFKD). ==From mnemonic to seed== -A user may decide to protect their mnemonic by passphrase. If a passphrase is not +A user may decide to protect their mnemonic with a passphrase. If a passphrase is not present, an empty string "" is used instead. -To create a binary seed from the mnemonic, we use PBKDF2 function with a mnemonic -sentence (in UTF-8 NFKD) used as a password and string "mnemonic" + passphrase (again -in UTF-8 NFKD) used as a salt. Iteration count is set to 2048 and HMAC-SHA512 is used as -a pseudo-random function. Desired length of the derived key is 512 bits (= 64 bytes). +To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic +sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again +in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as +the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes). This seed can be later used to generate deterministic wallets using BIP-0032 or similar methods. -The conversion of the mnemonic sentence to binary seed is completely independent +The conversion of the mnemonic sentence to a binary seed is completely independent from generating the sentence. This results in rather simple code; there are no constraints on sentence structure and clients are free to implement their own wordlists or even whole sentence generators, allowing for flexibility in wordlists for typo detection or other purposes. -Although using mnemonic not generated by algorithm described in "Generating the -mnemonic" section is possible, this is not advised and software must compute -checksum of the mnemonic sentence using wordlist and issue a warning if it is +Although using a mnemonic not generated by the algorithm described in "Generating the +mnemonic" section is possible, this is not advised and software must compute a +checksum for the mnemonic sentence using a wordlist and issue a warning if it is invalid. -Described method also provides plausible deniability, because every passphrase -generates a valid seed (and thus deterministic wallet) but only the correct one +The described method also provides plausible deniability, because every passphrase +generates a valid seed (and thus a deterministic wallet) but only the correct one will make the desired wallet available. ==Wordlists== |