Author: Andrew Poelstra 2023-02-19 22:12:51
Published on: 2023-02-19T22:12:51+00:00
In a discussion about the new BIP proposal, David A. Harding asked Andrew Poelstra about the benefits of the new proposal over SLIP-0039. The draft BIP states that one of the benefits is that it is simple enough for hand computation. The FAQ on the project's website lists other advantages such as a longer and slightly stronger checksum designed to be computable by hand, more compact encoding allowing room for more metadata that is readable by hand, and not supporting features like passphrases. Andrew Poelstra mentions that the ability to verify the integrity of each share independently without using a computer is a big selling point of this proposal. David A. Harding asks whether there is a way to prevent an attack where someone deliberately modifies a recovery code. For example, someone might replace shares with similar-looking ones with the same metadata and valid checksums so that the owner continues making deposits to the wallet. Unfortunately, Poelstra says that there is no way to prevent such an attack without otherwise compromising the properties of the code. He explains that Alice can flip many random tiles, then "error correct" it to get a new valid but incorrect seed. As long as we support error correction, it will be possible to wreck seeds in this way.
Updated on: 2023-06-16T15:48:59.494094+00:00