When miner encountering a fork, one fork has less difficulty but longer in length, while the other fork is more difficult but short. Which fork should miners choose ?

We can create a simple off-line GUI for user. When they write the words, the GUI will suggest the words in the word list using prefix match. They need to make sure the words they write. And yes, when they forget the phase(for example, actor or actors), they need to try several times to get the seed.


AES is a safe algorithm, but store the 128 bits private key is a difficult thing. My aim is to keep it as safe as AES, but user can memorize the password easily.

Hi, for the encryption algorithm problem, I really suggest you to try the algorithm. It's a very easy encryption algorithm. And we cannot stop trying just because of the possible risks, right? I would be very appreciated it, if anyone find the loophole on it.

For the storage problem, I think it's a trade off. There's no absolutely safe space to store the seed(including paper). The customized phrase is stored in your brain(that's very important.). The word list file can be stored in cloud or hard disk. If you set a strong customized seed phrase, it's would very hard to get the seed just using the word list file(cause it's just a random file, and don't contain any informations). There's no general way to crack the file, the only general way is brute force. And I keep brute force difficulty same as 2^128. For now, it's impossible.

Hi, different people have different opinions on it.
Actually, in my opinion, "write it down on paper" is idealism. I think it is not the best way. To be honest, for now, fewer and fewer people use paper. I think we need to find a new solution to help people store their seed.

Hi, thanks for your explain.

In BIP39, all the seed using same word list. So, this cause every backup phase is random.

The idea of the algorithm is every seed has its own word list. So, we can customize our own backup phase to it. And we can prove the word list related to the seed and customized backup phase is fully randomized. And this means, all the information of the seed is just stored in customized backup phase.

The decryption method is same as the BIP39, just mapping the customized backup phase to the word list(related) to get the seed.  The decryption method is sample, straightforward, easy.

If this algorithm has the side channel attack problem, the BIP39 also has.(Cause they use same process.)

Hi,

1. 64k word list is same for every seed. But the order of the words in it is randomized for every seed.

2. "secret", you mean secret key? The customized phrase is the secret key(like password). You need to memorize it.

3. It's  more secure than the standard encryption methods. Because, the encrypt file always contains the information of the content in it. When you try to decrypt it, you can always find some clues. Because, you need to use the encrypted file to recover the information you store in it. But the password you set don't contain the information in the file. So, the encrypted file must store the information in it.

But this method is very different. Just like BIP39, the customized words you set contains all the informations of the seed. And there's no information in the encrypted file. This can be understood as each seed has its corresponding word list.(BIP39 all the seed using same word list)

The whole encryption process for this algorithm is just swapping the order of the words in 64k word list. Before the encryption you have a randomized word list, and after encryption you get a randomized word list(same words but in different order). And we can also prove that the word list we get using this method is a fully randomized file.

This algorithm is designed for encrypting the seed. Because the length of the seed is fixed. So, you cannot use it to encrypt other file. The decryption process is same as the BIP39, just mapping the words(you customized) to the word list(related).

Hi, the algorithm doesn't store the seed(as I said, there's no information in the crypto file). I don't actually find the vulnerability of side channels attack. I would appreciate if you can point out the vulnerability.

For now, the mnemonic words is totally random which is hard for people to memorize.
So，how to store the seed?

I think it would be convenient to store the seed in Cloud. Just apply some encrypt methods to encrypt the seed using a customized password and then upload the encrypt file into Cloud. If you need the seed, just download the file, and use your password to decrypt it.

But it's unsafe. Because, the encrypt file actually contains the information of the seed. And hacker can crack the encrypt file easily.

I design an algorithm for user to encrypt their seed using customized words while the encrypt file wouldn't contain any informations(just totally random words in it). And this algorithm will help user store their seed in the cloud.


Here's the idea:

We have a word list contains words larger than 65536.(Almost all the words we are using in daily life). And the order of the words in the word list is fully random.

Encrypt process:

1. Get the wallet seed which is 128 bits.

2. Users choose 8 - 20 words from the word list. Suppose user choose n words.

3. Then it will use SHA256 to hash the entropy and get a hash string(256bit).

4. Combine the first m bits of the hash string(256 bits) and the seed(128 bits) to get the new entropy(128 + m bits).
the relationship for m and n :
(128 + m) % n = 0

5. Split the new entropy(128 + m bits) into n segments which means there are (128 + m)/n bits for each segment.
 
6. Each segment is corresponding to a word which the user choose. Change each segment(binary number) into decimal number. And this decimal number is the index of the word the user choose.

7. Switch word which the user choose in the word list with the word which the index refer to. And get a new word list file.

The new word list file is the result of encrypted algorithm. And the file doesn't contain any informations. Also, only the customized words user set can get the result. There's no collision in it.

The hacker just have two way to crack it.
1. Brute force. (But the difficulty is as same as brute force the public key).
2. Guessing the password(Hard).

Decrypt process:
1. Get the customized words(n words) and the word list file.
2. Calculate the length of each segment.(m bits each segment).
3. Get the index of each customized word in word list.
4. Change the index to binary number and combine them together.
5. Remove the part which longer than 128 bits(we add it before).
6. Get the seed.


Some problems:
1. People may frequently just using small part of the wordlist(maybe 8k words are frequently used), and this makes the entropy for customized words very small.
We can change the content of the wordlist. Adding more things people like to use. For example, we can add emoji, common Chinese words, common Japanese words,.. etc. We can have a discussion in community. And make all the stuffs in the word list are people frequently use in their life. And this will make the hacker more difficult to guess the password.

I have a github implement with Golang：
https://github.com/Adamlixi/encrypt-wallet-seed