First of all, thanks for your effort.
I have a few questions as well:
Question 1: You suggest that VF is a 32-bit field that is concatenated with the initial entropy. I assume something like this:
ENT = 0010101...110 (128 bits long)
VF = 00001...101 (32 bits long).
I am not sure whether the VF will be appended or prepended to the entropy. Because you said "prepending" but the quote below looks like the input to the hash function will be ENT + VF, not VF + ENT.
A checksum is generated following the BIP39 method: taking the first (ENT + VF ) / 32 bits of the SHA256 hash of the combined entropy (initial entropy plus the 32-bit version field). This checksum is then appended to the combined entropy.
Question 2: The VF is split in 2 parts where:
part A = arbitrary bits (24 bits long)
part B = the version 00001101 (8 bits long).
So in part A, we can include any data we want? Because it looks like this adds 24 bits of "protection" against malicious activities. Isn't it? Supposing the 8 bits have a standard set of values, the total "protection" of the seed phrase will be:
128 bits of entropy + 24 arbitrary bits + 8 version bits (the latter will be somewhat standard)
Question 3:Using a passphrase on top of that, will it work symmetrically to the existing BIP39 pattern?