Published on: 2018-12-04T21:39:17+00:00
Steven Hatzakis has developed a method to check if a mnemonic is also valid when the words are put into reverse order, where a given 12 or 24-word mnemonic could be valid both in little endian and big endian format. These are called "Palindromic Mnemonics." A checksum-valid reversible mnemonic allows two separate vaults to be connected to the same mnemonic string of words, where all a users must do is enter the words in reverse order to access the secondary (reversed words) vault.This utility could provide multiple use-cases, including related to combinations with passphrases and plausible deniability, as well as conveniences for those wishing to use a separate vault tied to the same string of words. For any randomly generated 12-word mnemonic (128-bits of security) the chances of it also being reversible are 1/16. For a 24-word mnemonic, those values increase to 8 bits which need to match 8 bits from the reversed string, leading to about 1 in every 256 mnemonics also being reversible.While the message space of valid reversible mnemonics should be 2^124 for 12 words, that search must still be conducted over a field of 2 ^128, as the hash-derived checksum values otherwise prevent a way to deterministically find valid reversible mnemonics without first going through invalid reversible ones to check. Some users suggest that if someone is concerned about plausible deniability, then it might make sense to just have the single mnemonic seed lead to a single xprv key (as usual) and then do a private key derivation from that based on a password string. A simple reverse scheme like this would just be another thing a person would know to check if given some seed so they don't see it as providing much value.While others found it interesting, they don't believe there is any security loss, in terms of entropy bits (assuming the initial 128 bits were generated securely). Steven Hatzakis believes that having a mnemonic that is also reversible could be useful for other reasons - convenience related perhaps. He notes that plausible deniability was not the motive but just an example use-case, there are perhaps other use-cases that would be on the user to decide.Steven Hatzakis has already written the code that can be used for testing (on GitHub user @hatgit), and when run from terminal/command prompt it is pretty fast to find a valid reversible mnemonic. However, on IDLE in Python on a 32-bit and 64-bit machine, it could take a few seconds for 12 words and sometimes 10 minutes to find a valid 24-word reversible mnemonic. Steven Hatzakis has two questions: 1) How useful could this be for users/devs/service providers etc.? and 2) Is any security loss occurring and whether it is negligible or not?
Updated on: 2023-08-02T00:16:45.725822+00:00