More of a shower-thought than a BIP, but it's something I've long wish
(hardware) wallets supported:
Abstract: Bitcoin Wallets generally ask us to trust their seed generation is
both correct and honest. Especially for hardware and air gapped wallets, this
is both a big ask and more or less impossible to practically verify. So we
propose a bring-your-own-entropy approach in which the wallet can function
completely deterministically. Our method is based on shuffling physical deck of
cards. There are 52! (2^219.88) different shuffle order, which is a big enough
space to be secure against collision and brute force attacks. Conveniently a
shuffled deck of cards also can serve as a physical backup which is easy to
hide in plain sight with great plausible deniability.
Each card has a suit which can be represented by one of SCHD (spades, clubs,
hearts, diamonds) and a value of one of 23456789TJQKA where the numbers are
obvious and (T=ten, J=jack, Q=queen, K=king, A=ace) so "7 of clubs" would be
represented by "7C" and a "Ten of Hearts" would be represented with "TH".
An deck of cards looks like:
And can be verified by making sure that every one of the 52 cards appears
Step 1. Shuffle your deck of cards
This is a lot harder than you'd imagine, so do it quite a few times, with quite
a few different techniques. It is advised to do at *least* 7 good quality
shuffles to achieve a true cryptographically secure shuffle. Do not look at the
cards while shuffling (to avoid biasing) and don't be afraid to also shuffle
them face down on the table. Err on the side over over-shuffling.
See also: https://en.wikipedia.org/wiki/Shuffling#Sufficient_number_of_shuffles
Step 2. Write out the order (comma separated)
And example shuffle is:
Step 3. Sha512 it to create a seed
In the example above you should get:
Step 4. Interpret it
e.g. For bip32 you would treat the first 32 bytes as the private key, and the
second 32 bytes as as the extension code.
bitcoin-dev mailing list