Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Electrum
Re: Why is electrum seed have small entropy?
by
RealBitcoin
on 23/06/2016, 21:51:17 UTC
Quote from: Abdussamad on June 23, 2016, 05:33:51 AM
I'm not a cryptologist so I'm starting to regret posting in this thread Smiley I quoted this bit below because I thought it would answer your question about a larger size seed:

Quote from: DeathAndTaxes on April 21, 2014, 01:26:27 AM
In either case brute forcing the seed would allow you to gain access to all the private keys, where as brute forcing a single private key only gives you access to that key.  It is generally speaking academic if the seed has sufficient entropy because keys with 128 bit key strength are considered beyond brute force anyways.

I've highlighted the relevant bit. DeathandTaxes is someone who knows what he's talking about.



Ok I have asked around a few experts and you can see the whole conversation here:

https://bitcointalk.org/index.php?topic=1523431.0

But to sum up, here is the info:

Unspent bitcoin address -> private key =160 bit entropy + other intensive crypto operations to calculate

Spent bitcoin address (revealed pubkey)  -> private key = 128 bit entropy (naked)

Solve the ECDLP to guess priv key -> 128 bit + intensive database operations, memory, etc


Now this is all good and fine and seems the lowest common denominator is 128 bit. I would still like to know how this applies to electrum.

Specifically how is the electrum seed linked to this, and how much entropy is lost in the wallet generation.

Especially an answer to my Point 1) would satisfy me:

Quote from: RealBitcoin on June 22, 2016, 06:43:27 PM

1) Ok so I read the documentation it shows that the electrum seed has only 128 bit entropy , how?
http://docs.electrum.org/en/latest/faq.html#how-secure-is-the-seed

It also says:
Quote
The seed generation requires to find a seed that has a legal version prefix. That constraint results in a loss of entropy. This loss is compensated by adding extra bits of entropy during the seed generation.

So does this mean that the searching for seeds actually loses 16 bit entropy which is then compensated by the 16 bit added in the key stretch? So actually the default seed has only 128 bit?  How much entropy is lost exactly in the seed generation/searching process, 16 bit?