Hi Breno, There has been discussion on various ways to improve multilingual usage of BIP39. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/ 2018-January/015500.html My takeaway is that we should be implementing a standard way to convert any words into a hex string, regardless of language or character encoding. In that discussion there was some notion of "who needs anything but English words anyway?" rhetoric, so I'm happy to see yet again that there exists an obvious need to support all languages for a standard in wallet seed generation. I realise that doesn't help you today considering there is no such multilingual standard or official Portuguese wordlist, but I wanted to express that this is an ongoing topic of discussion and it's clear we need to start choosing/codifying a standard in this regard. That said, here's somebody who has started a Portuguese wordlist so maybe you can start from there. https://github.com/bitpay/bitcore-mnemonic/issues/52 Regards, AJ On Tue, Jun 26, 2018 at 11:58 AM, Breno Brito via bitcoin-dev < firstname.lastname@example.org> wrote: > Hello, > > Since Portuguese is considered the 6th most spoken language in the world > and is an official language in 10 countries, I'd like to propose the > expansion of the BIP039 wordlist to Portuguese or help if someone had > already proposed it. What should I do? > > Regards, > Breno > > ___ > bitcoin-dev mailing list > email@example.com > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > ___ bitcoin-dev mailing list firstname.lastname@example.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
Greg yes, there were already examples in this very thread of people explaining how they use languages other than English. I'm shocked that so many people are resisting the idea that just *maybe* there could be people in other parts of the world who do not want to use or cannot use the strict set of latin characters and words from the English language. I agree with Sjors and maybe I'm simplifying too much, but can't we just map an existing ISO/UTF language character standard to the seeds? Why is there a word list at all? Choose a flexible encoding standard, create a clever map to the bytes, make sure to include a checksum. As an aside, I know there are some conventions which add space for error correction but I personally don't love the idea of somebody inputting what they think is the proper seed, only to have it auto-corrected and thus reinforcing their erroneously saved/written seed backup. Pavol, why do you say "I learned that it was something I should've been more persistently against?" I still can't see any good arguments as to why we should limit this to English other than "It's easier to support a single language" which comes at the cost of "It's hard for me to backup my seed" for those who don't speak English. On Mon, Jan 8, 2018 at 10:23 AM, Matias Alejo Garcia via bitcoin-dev < email@example.com> wrote: > > Let me re-phrase: Is it a known thing for users to actually use it? > > yes. Based on language stats from the app stores, roughly 30% to 40% of > Copay users have their backup on a language > other than English, and we constantly get requests to support new > languages in BIP39. > > On Mon, Jan 8, 2018 at 11:54 AM, Greg Sanders
> wrote: > >> Let me re-phrase: Is it a known thing for users to actually use it? >> >> On Mon, Jan 8, 2018 at 9:52 AM, Matias Alejo Garcia >> wrote: >> >>> >>> >>> On Mon, Jan 8, 2018 at 11:34 AM, Greg Sanders via bitcoin-dev < >>> firstname.lastname@example.org> wrote: >>> Has anyone actually used the multilingual support in bip39? >>> >>> >>> Copay (and all its clones) use it. >>> >>> >>> >>> >>> If a feature of the standard has not been(widely?) used in years, and isn't supported in any major wallet(?), it seems indicative it was a mistake to add it in the first place, since it's a footgun in the making for some poor sap who can't even read English letters when almost all documentation is written in English. On Mon, Jan 8, 2018 at 6:13 AM, nullius via bitcoin-dev < email@example.com> wrote: > On 2018-01-08 at 07:35:52 +, 木ノ下じょな > wrote: > >> This is very sad. >> >> The number one problem in Japan with BIP39 seeds is with English >> words. >> >> I have seen a 60 year old Japanese man writing down his phrase >> (because he kept on failing recovery), and watched him write down >> "aneter" >> for "amateur"... >> >> [...] >> >> If you understand English and can spell, you read a word, your brain >> processes the word, and you can spell it on your own when writing down. >> Not many Japanese people can do that, so they need to copy letter for >> letter, taking a long time, and still messing up on occasion. >> >> [...] >> >> Defining "everyone should only use English, because ASCII is easier >> to plan for" is not a good way to move forward as a currency. >> > > Well said. Thank you for telling of these experiences. Now please, > let’s put the shoe on the other foot. > > I ask everybody who wants an English-only mnemonic standard to entrust > *their own money* to their abilities to very, very carefully write this > down—then later, type it back in: > > すさん たんろ りゆう しもん ていおん しとう > とこや はやい おうさま ほくろ けちゃっふ たもつ > > (Approximate translation: “Whatever would you do if Bitcoin had been > invented by somebody named Satoshi Nakamoto?”) > > No, wait: That is only a 12-word mnemonic. We are probably talking > about a Trezor; so now, hey you there, stake the backup of your life’s > savings on your ability to handwrite *this*: > > にあう しひょう にんすう ひえる かいこう いのる ねんし はあさん ひこく > とうく きもためし そなた こなこな にさんかたんそ ろんき めいあん みわく > へこむ すひょう おやゆひ ふせく けさき めいきょく こんまけ > > Ready to bet your money on *that* as a backup phrase in your own > hands? No? Then please, stop demanding that others risk *their* money on > the inverse case. > > > > If you cheat here by having studied Japanese, then remember that many > Japanese people know English and other European languages, too. Then > think > of how much money would be lost by your non-Japanese-literate family and > friends—if BIP 39 had only Japanese wordlists, and your folks needed to > wrestle with the above phrases as their “mnemonics”.
Hello, I would like to refer to these BIPs in other contexts and conversations. Regardless of the pitfalls or benefits, the discussion and technical review happening in this thread (and the ones before) are well-formed ideas with an active champion. The point of BIP numbers/conventions are so we're all on the same page about what we're talking about. Please assign these BIP numbers so discussion may continue in a controlled, tagged, linear manner, instead of "the first BIP" and "the second BIP." Thank you AJ West On Tue, Dec 5, 2017 at 1:05 PM, Paul Sztorc via bitcoin-dev < firstname.lastname@example.org> wrote: > Hello Chris, > > 1. Marginal Cost > > There actually is a very small cost to casting a malicious vote, relative > to an honest vote. This is because the software (when run as-is), will > automatically vote correctly. But to vote fraudulently you must decide on > what to do instead, and configure that! This might not be as easy as it > seems (see collective action part, below). > > It is true that there is no *marginal* cost to creating a bad vote, in the > fraudulent withdrawal case. But then again there is no marginal cost to > creating a good vote either -- in fact there is no cost at all. In fact, > there is no marginal cost to creating a bad block either, in the 51% > hashrate reorganization case. Epistemologically, the protocol has no way of > differentiating a "bad" block/vote from a good one. So one cannot "cost" > more than the other, in a narrow sense. > > I suppose in the reorganization case there is the risk of lost mining > effort on a chain that actually does *not* have 51% and therefore won't > catch up. But this only encourages conformity to the longest chain, > including fraudulent chains. For example, imagine that the reorganization > is done via secretly mining a longer chain -- once that chain is published, > it will be the longest. Then, according to your framework, there will be a > "marginal cost" to doing the *right* thing (trying to preserve the honest, > transparent chain). So I'm afraid I don't understand what you mean. > > 2. Repercussions > > As for there being no repercussions, that is incorrect. The miner's choice > to engage in a fraudulent withdraw is one that has several negative > consequences. They take a variety of forms and likelihoods, but they > definitely exist and are very relevant. > > The first repercussion is the loss of victim-sidechain future tx-fees. A > second is the loss of all future tx fees on all sidechains. A third is that > the Bitcoin super-network is changed from being a "sidechain enabled" > network to a "sidechain disabled" network. > > The impact of these repercussions is still unclear and open to > interpretation. On one hand, the impact may be small and therefore not very > persuasive (as in the case where a sidechain has few tx-fees, few > sidechains are used, few are expected to be created/used, and so little is > lost by attacking). On the other hand, a single fraudulent withdrawal might > motivate the creation of a new spinoff network that is exactly the same as > the old network, but with merely two changes: the fraudulent withdrawal > surgically removed (as if it were never attempted) AND a new proof of work > algorithm. Since the withdrawals are so slow, there would be plenty of time > to organize such an option (and people who already want a pow-change would > jump at this glaring opportunity). Will the repercussions be small or > large? Even if there is only a *risk* of large repercussions, it can be > very persuasive. (Just as the IRS is very persuasive to tax-paying > Americans, even though only a tiny proportion of tax returns are audited.) > > 0. Useless Sidechain Fallacy > > Finally, you are joining the long list of people who are committing the > "useless sidechain fallacy". You are saying that because you believe the > sidechain is useless, therefore everyone must believe as you do, and > therefore the option to use a sidechain must be one that has zero value. > However, in the real world people are heterogeneous. They may decide that > your interpretation contains errors, or else their circumstances might > incline them towards a different risk-reward tradeoff. Finally, this > fallacy obfuscates the main benefit of sidechains, which is that they are > optional -- the sidechain-designer must convince users to deposit funds > there. > > 3. Collective Action Problem > > There actually is a collective action problem inherent to fraudulent > withdrawals. > > If miners wish to fraudulently withdraw from the sidechain, they need to > choose the destination addresses (on mainchain Bitcoin Core) months in > advance. Then they need to upvote/downvote this destination, despite that > fact that --during this time-- new hashpower might be coming > online/offline, and/or hashers might be joining/leaving specific pools. I > bring this up to demonstrate that even the most straightforward attack (of > "a 51% hashrate group
Hi I have a small interjection about the point on error correction (excuse me if it seems elementary). Isn't there an argument to be made where a wallet software should never attempt to figure out the 'correct' address, or in this case private key? I don't think it's crazy to suggest somebody could import a slightly erroneous WIF, the software gracefully error-corrects any problem, but then the user copies that error onward such as in their backup processes like a paper wallet. I always hate to advocate against a feature, I'm just worried too much error correcting removes the burden of exactitude and attention of the user (eg. "I know I can have up to 4 errors"). I'm pretty sure I read those arguments somewhere in a documentation or issue tracker/forum post. Maybe I'm misunderstanding the bigger picture in this particular case, but I was just reminded of that concept (even if it only applies generally). Thanks, AJ West On Sun, Sep 17, 2017 at 4:10 AM, Thomas Voegtlin via bitcoin-dev < email@example.com> wrote: > On 17.09.2017 04:29, Pieter Wuille wrote: > > > > This has been a low-priority thing for me, though, and the computation > work > > to find a good checksum is significant. > > > > Thanks for the info. I guess this means that a bech32 format for private > keys is not going to happen soon. Even if such a format was available, > the issue would remain for segwit-in-p2sh addresses, which use base58. > > The ambiguity of the WIF format is currently holding me from releasing a > segwit-capable version of Electrum. I believe it is not acceptable to > use the current WIF format with segwit scripts; that would just create > technological debt, forcing wallets to try all possible scripts. There > is a good reason why WIF adds a 0x01 byte for compressed pubkeys; it > makes it unambiguous. > > I see only two options: > 1. Disable private keys export in Electrum Segwit wallets, until a > common WIF extension has been agreed on. > 2. Define my own WIF extension for Electrum, and go ahead with it. > > Defining my own format does make sense for the xpub/xprv format, because > Electrum users need to share master public keys across Electrum wallets. > It makes much less sense for WIF, though, because WIF is mostly used to > import/sweep keys from other wallets. > > I would love to know what other wallet developers are going to do, > especially Core. Are you going to export private keys used in segwit > scripts in the current WIF format? > > ___ > bitcoin-dev mailing list > firstname.lastname@example.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > ___ bitcoin-dev mailing list email@example.com https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev