https://img.inleo.io/DQmPGqf1UBPaCe95FxCDRVyQ9Wp9DhqgELA33JUSX9bxVPS/image.png
Bought some D8 dice.
On November 7th, 2023 I wrote this post detailing how to generate a 12-word seed phrase using physical dice. It is arguably one of the most important posts I have ever written. Ironically it was downvoted for more than half the original payout. Good thing downvotes aren't censorship. A little bird told me that Google's Search-Engine-Optimization algorithms down care how much I got paid. It's on the blockchain forever. Good stuff.
In any case
We have officially entered the 5th epoch (cycle) of Bitcoin.
- 50 BTC
- 25 BTC
- 12.5 BTC
- 6.25 BTC
- 3.125 BTC
It's a big milestone
We are heading towards the bull market year of 2025, and I have every reason to believe that this could be the biggest explosion of adoption crypto has and will ever see in history. All we have to do is not fuckup. Surprisingly this will likely much easier be said than done. The FOMO monster has a way of getting inside one's head.
Biggest Vulnerability?
Every once and a while I'll see someone's biggest fear materialize. They basically lose everything from a single hack, rugpull, or bankruptcy filing. It really sucks to watch helpless as this fate is bestowed seemingly randomly onto members of the crypto community. Of course there are ways to mitigate losses like these and beef up security, but there will always be some who go full YOLO and subsequently FAFO.
https://img.inleo.io/DQmRUoEp7AkQiJn2yA1Tv62PQRWMvvAUvzdpsTaANaEydTx/hacker-security-rugpull-attack-vector.jpg
So what can we do?
There comes a certain point in this journey where we are going to need to jack up our security by exponential margins. What are you going to do when you've got access to 7 figures worth of wealth? What about 8 figures? 9? 10? Some of us are going to be billionaires. Can you imagine just walking around in broad daylight with everyone around you publicly knowing you're a billionaire with all the funds be accessible off the grid? Sounds like a wrench-attack nightmare to me honestly. No thanks. And yet still I don't have a great solution to that problem... yet.
What I am prepared for is generating my most important passwords offline while making sure they stay offline using various air-gap strategies. At this point I've decided that anyone being serious about security would never allow their keys to be generated by software that was mailed to them by the post office or downloaded online. In fact creating keys digitally in any way is a significant security risk no matter how knowledgeable the user happens to be. There can always be some unknown unknown that pops up to ruin someone's day.
The analog solution is best.
And at a certain point there's really no excuse to not do it this way. If we are the bank then we can't outsource our security to some random piece of code that we didn't even vet. Verify; don't trust... as they say. This is especially relevant sentiment considering we might only have to deal with this process of creating an ultra-secure password one time. If that password does the job it was meant to do and never gets exposed to the Internet then it never needs to be replaced.
https://img.inleo.io/DQmRPUiG5y8s6u6mHyvicXKuBythPogQXopfeSwxuvJAxbL/image.png
Bruv why is this post titled "checksum"?
Because the checksum is by far the most complicated and confusing part of generating our own 12/24-word seed phrase. This checksum exists on public keys as well. Have you ever been afraid of what would happen if you accidentally sent money to a public key in which one of the digits was incorrect because of human error? The chance of this happening is exceedingly small because the checksum prevents it.
A checksum is a value that represents the number of bits in a transmission message and is used by IT professionals to detect high-level errors within data transmissions. Prior to transmission, every piece of data or file can be assigned a checksum value after running a cryptographic hash function.
The checksum can also be used to verify entire files.
Imagine you downloaded a file from someone and wanted to make absolutely sure it didn't have any viruses on it. Once you receive the file you can hash it with an algorithm to ensure that every byte in that file is in the correct order. As long as you trust the source of the checksum itself (which Hive would be good at doing) you can be reasonably sure the file hasn't been tampered with.
A Bitcoin Improvement Proposal (BIP) is a formal proposal to change Bitcoin. The BIP process organizes the Bitcoin community in the absence of a centralized leader. BIPs can propose changes to Bitcoin's consensus layer, community standards, or the development process.
https://img.inleo.io/DQmWTziScfinHi4UiCw5UyzG8vPPyizhWPTxVkjXaiXyyQj/image.png
What is BIP-39?
Bitcoin Improvement Protocol 39 is the foundation of all seed phrases across every cryptocurrency. That's how powerful this piece of open-source code turned out to be; it's a building-block for almost every other crypto. The way it works is pretty simple[ish]. Crypto uses 128-bit encryption and each word in BIP-39 corresponds to 11 of those bits. 11 bits means 2048 (2^11) possibilities so there are 2048 different words that map to every possible combination.
Of course if one does the math on this they can see that 11 bits x 12 words = 132 bits. If we only need 128 of those bits... then what are the last 4 bits used for? The answer is the checksum. This means that if the last word of the seed is chosen randomly it only has a 1 in 16 chance of working (because 2^4 = 16). In the other 15 scenarios the checksum would fail and the 12-word seed would be invalid.
24-word seeds give even more accuracy because they can theoretically be used for 256-bit encryption (although Bitcoin doesn't have this feature). This gives us 8-bits of checksum which means if the last word in this seed is chosen randomly it only has a 1 in 256 chance of being correct.
https://docs.google.com/spreadsheets/d/1zEDR4O6jrRF_xCbmdMomHnNIBVpTeqtgThhFOjB-1ws/edit#gid=0
Hopefully the above link doesn't break, but this excel sheet allows us to map dice rolls to random words within the BIP-39 word-pool. Ideally one would have three D8 dice and one D4 die, but it's also not very hard to just buy a bunch of D8 dice for $10 and use one of them as a D4.
https://img.inleo.io/DQmRqsN4MeWaNqAX6tpLjAqDwbNfQdPvHT2155EcZCfL47C/image.png
For example, if we rolled 3, 8, 1, 4 (order matters and dice would ideally not be identical) this would map to the world fragile. However I've already done this tutorial so I'll just stick to the checksum. The dice aren't even necessary and we can pick whatever words we want. We could even repeat the same word multiple times in a row. The problem with this is that the password becomes much easier to hack when it lacks entropy (randomness). But again, that is beyond the scope of this post.
Calculating the checksum.
If I'm being honest I've forgotten how to even make sure the checksum is valid. I'll have to get confirmation from the original post. From memory I know I have to do an SHA-256 hash on the bits and some part of the hash (the first hex digit?) should match the checksum.
- fossil
- foster
- found
- fox
- fragile
- frame
- frequent
- fresh
- friend
- fringe
- frog
- frost
Is this a valid seed phrase?
Well obviously it's a TERRIBLE one in terms of security, but the real question is: will it actually work? Will the checksum fail? There's a 15/16 chance that it does. Let's find out.
fossil foster found fox fragile frame frequent fresh friend fringe frog frost
https://img.inleo.io/DQma5YCShWF1URN3hted2kfP6XuuKwMqEmgDgurkmC6pf8a/image.png
Unsurprisingly it does not work.
The word "frost" is incorrect and fails the checksum. Let's see if I remembered how to figure out the real word.
Copy/paste the bits for each word
- Delete the last 4 checksum bits.
01011011111 01011100000 01011100001 01011100010 01011100011 01011100100 01011100101 01011100110 01011100111 01011101000 01011101001 0101110
String them all together
01011011111010111000000101110000101011100010010111000110101110010001011100101010111001100101110011101011101000010111010010101110
Convert to hexadecimal
5BEB8170AE25C6B9172AE65CEBA174AE
Do an SHA-265 hash on our password
- Make sure it's a hex hash
https://img.inleo.io/DQmTm7DazRJGDPcpwFq5fgXH1u24yVgZzeA2z9riijyuvxe/image.png
Looks like the checksum we are looking for is a "C".
- "C" (12) in hex is 1100 in binary (8+4+0+0)
So the final 4 digits need to be 1100 but "FROST" is 1011. So close... it happened to be 11 instead of 12. So the real word we need to use is one below "FROST" which is "FROWN"
fossil foster found fox fragile frame frequent fresh friend fringe frog frown
https://img.inleo.io/DQmcE7eH5ZwZGteNen2y6tHnw52TvaTgTgEEhoLMtTj9DNf/image.png
"frown" at the end of the seed no longer throws an error so we know we did all the math perfectly by hand without the need for an algorithm. Unfortunately doing SHA-256 by hand is not really an option so some of this stuff needs to be done on a computer that will never have internet access. But I suppose I'll have to save that for another post on another date.
Conclusion
Creating our own 12-word seed by hand is greatly complicated by the checksum, but in the end it's worth it. If done correctly it will create a password that has not only never been exposed to any machine connected to the Internet, but also never needs to trust the RNG code that comes native on air-gap hardware wallets (which may or may not have been tampered with). The only way to truly airgap a crypto seed phrase is to do this calculation oneself and then verify the pubkeys on a completely separate offline device such as Raspberry Pi Zero. After that a good airgap hardware wallet will take care of all the heavy lifting while protecting the seed we've generated.
Return from Checksum to edicted's Web3 Blog
