Author: Steven Hatzakis 2018-12-04 12:42:42
Published on: 2018-12-04T12:42:42+00:00
Steven Hatzakis has developed a method to check if a mnemonic is also valid when the words are put into reverse order, where a given 12 or 24-word mnemonic could be valid both in little endian and big endian format. These are called "Palindromic Mnemonics." A checksum-valid reversible mnemonic allows two separate vaults to be connected to the same mnemonic string of words, where all a users must do is enter the words in reverse order to access the secondary (reversed words) vault. This utility could provide multiple use-cases, including related to combinations with passphrases and plausible deniability, as well as conveniences for those wishing to use a separate vault tied to the same string of words. For any randomly generated 12-word mnemonic (128-bits of security) the chances of it also being reversible are 1/16. For a 24-word mnemonic, those values increase to 8 bits which need to match 8 bits from the reversed string, leading to about 1 in every 256 mnemonics also being reversible. While the message space of valid reversible mnemonics should be 2^124 for 12 words, that search must still be conducted over a field of 2^128, as the hash-derived checksum values otherwise prevent a way to deterministically find valid reversible mnemonics without first going through invalid reversible ones to check. Steven estimates at most it would be 4-bits of loss for a 12-word mnemonic, but only if an attacker had a way to search only the space of valid reversible mnemonics (2^124) which he doesn't think is feasible. James MacWhyte agrees with Joseph that if one wants plausible deniability, it might make sense to just have the single mnemonic seed lead to a single xprv key (as usual) and then do a private key derivation from that based on a password string. The password can be simple, as it is based on the security of the seed. A simple reverse scheme like Steven describes would just be another thing a person would know to check if given some seed so he doesn't see it as providing much value. Steven believes that having a mnemonic that is also reversible could be useful for other reasons - convenience related perhaps. He notes that plausible deniability was not the motive but just an example use-case, there are perhaps other use-cases that would be on the user to decide.
Updated on: 2023-06-13T16:07:37.185559+00:00