Author: James MacWhyte 2018-12-04 12:16:12
Published on: 2018-12-04T12:16:12+00:00
A new method has been developed to check if a mnemonic is valid when the words are in reverse order, where a given 12 or 24-word mnemonic could be valid both in little endian and big endian format. These "Palindromic Mnemonics" or "reversible mnemonics" allow two separate wallets to be connected to the same mnemonic string of words. The purpose is to provide multiple use-cases, including related to combinations with passphrases and plausible deniability, as well as conveniences for those wishing to use a separate wallet tied to the same string of words. For any randomly generated 12-word mnemonic (128-bits of security) the chances of it also being reversible are 1/16, and for a 24-word mnemonic, the values increase to 8 bits which need to match 8 bits from the reversed string. While the message space of valid reversible mnemonics should be 2^124 for 12 words, that search must still be conducted over a field of 2 ^128, as the hash-derived checksum values otherwise prevent a way to deterministically find valid reversible mnemonics without first going through invalid reversible ones to check. Some users suggest that if someone is concerned about plausible deniability, then it might make sense to just have the single mnemonic seed lead to a single xprv key (as usual) and then do a private key derivation from that based on a password string. A simple reverse scheme like this would just be another thing a person would know to check if given some seed so they don't see it as providing much value. While others found it interesting, they don't believe there is any security loss, in terms of entropy bits (assuming the initial 128 bits were generated securely).
Updated on: 2023-06-13T16:08:49.718081+00:00