Posts

Proof-of-Brain BIPS Master-Seed Generator

avatar of @edicted
25
@edicted
·
0 views
·
16 min read

At the end of this post I have copy/pasted BIPS.txt:

  • A 14.8KB file containing all the words used for creating master-seeds.
  • 2048 words (2^11)
  • 11068 characters

At any time feel free to scroll down and take a look at it.

I was going to paste it at the beginning here but I figured 2048 lines would be annoying.

In any case

These words are very important. They are used on many many different networks to secure cryptocurrency. To give the extent of how much we trust these words, let me plug in my Trezor.

As we can see, even the old version of the Trezor hardware wallet supports dozens of coins. In fact, because it supports Ethereum via MyEtherWallet, it in turn supports hundreds of ERC-20 tokens.

My point here is that these 12, 18, or 24 words are all that stand in the way of anyone looking to gain access to our funds. They can be used as the foundation to create a secure wallet across hundreds of chains. I view this BIPS standard as the first widespread example of crypto interoperability. It's a pretty big deal.

Graphene

We can even use these BIPS words to generate seeds on Graphene based technologies (Bitshares/EOS/Steem/Golos/Hive/Blurt). Graphene allows us to use any string of characters as a master seed, therefore, we could pick the same seed for our Graphene accounts as we have for our Bitcoin/Ethereum accounts.

Why is this important?

Account security will be the prevailing top-priority issue going forward as we head into mainstream adoption. I can't tell you how many times I've been nervous about losing my money.

  • If you lose your keys, your money is gone.
  • If you send money to the wrong address: gone.
  • If your security fails: gone.

When you are your own bank, security is the number one priority. The best way to secure decentralized digital assets is unironically using decentralized tactics. This means you have to delegate trust to as many places as possible for a maximum hedge factor. This means trusting centralized exchanges with a small amount, having funds secured by physical paper/metal; some of your money should be secured on the cloud encrypted; and some keys should even be memorized by heart.

Memorization

This is the focus of my post. I believe we can create a system that makes it much easier to straight up memorize a BIPS seed so it never appears anywhere except inside your own memory banks (brain). Would I recommend storing all your money using a seed you've memorized? Of course not! However, this tool would have several advantages to anyone who achieved it.

Imagine being able to sit down at any computer with an internet connection or even pick up anyone's phone and being able to have access to your own bank instantly! This is the advantage to memorizing a BIPS seed. If you were ever in a bind and needed money on demand, you'd have it. Anytime, anywhere. Borderless. In addition, if you were never in such a bind, your key would never be exposed to the internet ever, making it way more secure.

I've been thinking about ways to achieve this.

Not only would this be a good way to decentralize assets and have access to funds anywhere, but it could also get around our need to trust a "random" algorithm to generate our master seed for us.

What happens when you download a crypto wallet and start using it? A seemingly random key pops up on the screen and we just assume that is a trustworthy secure source for our own personal bank. Is it really though?

I would say it isn't.

So not only is my goal to help people memorize BIPS master-seeds, it is also to generate that master-seed without the use of an algorithm that could be compromised. How do we accomplish this?

Logistics for memorization

The more ways you experience information, the easier it is to memorize. This means hearing the words, saying them aloud, looking at them, writing them down. Unfortunately you can't smell or taste words... I guess you could touch them if you knew braille :D

Which words we use also matter. Certain words will be easier to remember for certain people. Certain combinations of words will also be easier to remember for certain people. Take this master seed for example that I just came up with off the top of my head while scrolling through the BIPS list:

miracle acid melt unfair social media
unhappy mother move supreme neural network

I created this master-seed with @acidyo in mind.
I imagine this would be a pretty easy one to remember for him (and anyone really).

Reduced security?

What we are doing here is obviously reducing the security of BIPS by creating certain combinations of words, but I don't think it matters that much. Considering Trezor thinks it's okay to just scramble the order and add fake words on potentially compromised machines, the security that I'm proposing here is far better than that.

Worst case scenario

Someone creates an AI that's really good and guessing common words and combinations people use during this process of proof-of-brain master-seed creation. It manages to hack a few passwords of extremely weak accounts. What we have to remember here, is that it's also harder to hack an account like this depending on how one uses the master-seed.

Master-seed usage relative to security.

If you happened to create an easily guessable 12-word master seed, would it get hacked? Maybe not. It depends on how you use that seed. If you used that seed to create a Hive account, the AI probably wouldn't figure it out, because the seed is used in combination with the username. What are the odds that the AI happens to check this master-seed in combination with your Hive username and generates the public key and tries to match it to your public key?

That's a lot of processing power to try to hack an account that might not have much money to steal in the first place (considering powering up and account recovery). Also it implies that this AI has access to a Hive node (and every other node it is hacking). And I'm not talking normal access, I'm talking about the kind of unfettered access one would need to have all the information on site without having to ask for data over a laggy internet connection. They'd have to be running their own nodes and have their brute force algorithm connected directly to them physically on-site.

On the flipside, say you are using the master-seed to store Bitcoin. However, you know your master-seed might be a little bit easier to guess, so you don't use the first 10 wallets generated by the seed. Instead, you leave the first 10 wallets blank with no money and no transactions on the chain. Now the AI that cracked your code would have to check 11 addresses in to even realize it had hacked you.

This is extra processing power would probably never be implemented because it would make the brute-forcing much slower. 10 addresses not enough? Use the 1000th address; use the 10000th address. See what I'm saying? If you do it right, even an easily guessable master-seed will not be cracked. In fact, instead of picking the number, you could just tell your offline device to spend all processing power for say 100 seconds and to use that wallet. Then a brute force algorithm that was trying to hack you would have to use that much processing power for every combination they think you might be using.

That security tangent took way too long!

But I guess it's an important preface to include for why I think we can trust what comes next. I want to get all these 2048 words into a database. I want to categorize every word, and create a frontend app for offline Raspberry-Pi devices that help users create their own seed phrase in a proof-of-brain style manner so they can be easily memorized. This way of generating master-seeds would make it impossible to hack the 'random' algorithm (because the algorithm is your brain).

Example Categories

  • noun, verb, adjective
  • relationships, plant, animal, violence
  • time, emotion, product, machine
  • positive, negative, sound
  • number, food, weapon, sneaky
  • valuable, fantasy, etc.

These are possible keywords I could add to the BIPS words in order to create a frontend that helps us find words and word-combinations that we would remember. Do you like weapons and hate your mother in law?

execute mother law knife gun hospital

It's quite easy to remember clusters of 6 words strung out in a certain way. Once we memorize 2 of these word clusters we have enough to create a full 12-word master key. Once we memorize 4 word clusters we could use them to create a monster 24-word key and even use them to create six (4 choose 2) 12-word key combinations. In this context, once you memorized 4 clusters your main cold-storage wallet would be all 24 words, while you could make several hot-wallets using other combinations. More likely you'd just create one hot-wallet as to not expose your other 12 words.


It's also important to note that even if you can't remember the order of the words, as long as you can remember what they are you could easily use this program to hack your own key and figure it out (because 12! factorial is only half a billion combinations for a 12 word seed). Computers are fast.


Acronym option

Need more help remembering your master-seed or afraid you'll forget it if you don't write it down? Acronyms can be a great tool. By using a 6-letter word to represent your 6-word cluster it will be easier to remember. Take this acronym for example:

SANTAS HELPER

save amazing noble tribe another solution hero exist lock police enemy rebel

Now you can write the words santa's helper wherever knowing full well no one is going to realize that is actually the key to you remembering how you store your assets. Even if they did, hacking the correct word combination is highly unlikely. What are the odds that someone who finds clues to your key actually has the resources to crack the code? Spoiler alert: It's near zero; even for law-enforcement.


The Problem

The biggest issue I've run into on this front is that you aren't allowed to use any combination of 12 words you want. The vast majority of word combinations seem to produce an invalid seed. I don't know what the rules are for creating these seeds, so I'll have to figure it out eventually and adjust accordingly. If anyone has any information on this front, do tell. I'll go ahead and put a 10 Hive bounty on it. Higher roller.

Take the above SANTAS HELPER key above.

I just downloaded MyEtherWallet to my phone just to test it out... Let's type in the words and see if it works. 90%+ chance that it doesn't.... and it doesn't work. So again, I'm not really sure how the rules for these master keys fully operate yet, but I'll figure it out and modify my strategy accordingly. It probably has something to do with the word's order in the list, as these words might not actually technically be words, but rather converted into their associated index value:

For example: "trip" might not be "trip" on the technical side of things.

It might just be "1863" (technically position [1862] if they are stored in a hash starting at 0). This would be represented by 0x746 in hexadecimal, so perhaps it has something to do with that.

Conclusion

While not an acceptable form of security to trust with 100% of our assets, I believe memorizing BIPS keys will become common-place and hope to be a part of the standard of how this is achieved. The obvious solution will be to use an offline device that can be wiped later that helps the user not only create a valid Master-seed but also remember it using various techniques. It should even be able to help users hack their own key should they forget it exactly but still have a lot of the pertinent information (like acronyms, knowing all words, associated public key, etc). Should be interesting.

BIPS.txt

abandon ability able about above absent absorb abstract absurd abuse access accident account accuse achieve acid acoustic acquire across act action actor actress actual adapt add addict address adjust admit adult advance advice aerobic affair afford afraid again age agent agree ahead aim air airport aisle alarm album alcohol alert alien all alley allow almost alone alpha already also alter always amateur amazing among amount amused analyst anchor ancient anger angle angry animal ankle announce annual another answer antenna antique anxiety any apart apology appear apple approve april arch arctic area arena argue arm armed armor army around arrange arrest arrive arrow art artefact artist artwork ask aspect assault asset assist assume asthma athlete atom attack attend attitude attract auction audit august aunt author auto autumn average avocado avoid awake aware away awesome awful awkward axis baby bachelor bacon badge bag balance balcony ball bamboo banana banner bar barely bargain barrel base basic basket battle beach bean beauty because become beef before begin behave behind believe below belt bench benefit best betray better between beyond bicycle bid bike bind biology bird birth bitter black blade blame blanket blast bleak bless blind blood blossom blouse blue blur blush board boat body boil bomb bone bonus book boost border boring borrow boss bottom bounce box boy bracket brain brand brass brave bread breeze brick bridge brief bright bring brisk broccoli broken bronze broom brother brown brush bubble buddy budget buffalo build bulb bulk bullet bundle bunker burden burger burst bus business busy butter buyer buzz cabbage cabin cable cactus cage cake call calm camera camp can canal cancel candy cannon canoe canvas canyon capable capital captain car carbon card cargo carpet carry cart case cash casino castle casual cat catalog catch category cattle caught cause caution cave ceiling celery cement census century cereal certain chair chalk champion change chaos chapter charge chase chat cheap check cheese chef cherry chest chicken chief child chimney choice choose chronic chuckle chunk churn cigar cinnamon circle citizen city civil claim clap clarify claw clay clean clerk clever click client cliff climb clinic clip clock clog close cloth cloud clown club clump cluster clutch coach coast coconut code coffee coil coin collect color column combine come comfort comic common company concert conduct confirm congress connect consider control convince cook cool copper copy coral core corn correct cost cotton couch country couple course cousin cover coyote crack cradle craft cram crane crash crater crawl crazy cream credit creek crew cricket crime crisp critic crop cross crouch crowd crucial cruel cruise crumble crunch crush cry crystal cube culture cup cupboard curious current curtain curve cushion custom cute cycle dad damage damp dance danger daring dash daughter dawn day deal debate debris decade december decide decline decorate decrease deer defense define defy degree delay deliver demand demise denial dentist deny depart depend deposit depth deputy derive describe desert design desk despair destroy detail detect develop device devote diagram dial diamond diary dice diesel diet differ digital dignity dilemma dinner dinosaur direct dirt disagree discover disease dish dismiss disorder display distance divert divide divorce dizzy doctor document dog doll dolphin domain donate donkey donor door dose double dove draft dragon drama drastic draw dream dress drift drill drink drip drive drop drum dry duck dumb dune during dust dutch duty dwarf dynamic eager eagle early earn earth easily east easy echo ecology economy edge edit educate effort egg eight either elbow elder electric elegant element elephant elevator elite else embark embody embrace emerge emotion employ empower empty enable enact end endless endorse enemy energy enforce engage engine enhance enjoy enlist enough enrich enroll ensure enter entire entry envelope episode equal equip era erase erode erosion error erupt escape essay essence estate eternal ethics evidence evil evoke evolve exact example excess exchange excite exclude excuse execute exercise exhaust exhibit exile exist exit exotic expand expect expire explain expose express extend extra eye eyebrow fabric face faculty fade faint faith fall false fame family famous fan fancy fantasy farm fashion fat fatal father fatigue fault favorite feature february federal fee feed feel female fence festival fetch fever few fiber fiction field figure file film filter final find fine finger finish fire firm first fiscal fish fit fitness fix flag flame flash flat flavor flee flight flip float flock floor flower fluid flush fly foam focus fog foil fold follow food foot force forest forget fork fortune forum forward fossil foster found fox fragile frame frequent fresh friend fringe frog front frost frown frozen fruit fuel fun funny furnace fury future gadget gain galaxy gallery game gap garage garbage garden garlic garment gas gasp gate gather gauge gaze general genius genre gentle genuine gesture ghost giant gift giggle ginger giraffe girl give glad glance glare glass glide glimpse globe gloom glory glove glow glue goat goddess gold good goose gorilla gospel gossip govern gown grab grace grain grant grape grass gravity great green grid grief grit grocery group grow grunt guard guess guide guilt guitar gun gym habit hair half hammer hamster hand happy harbor hard harsh harvest hat have hawk hazard head health heart heavy hedgehog height hello helmet help hen hero hidden high hill hint hip hire history hobby hockey hold hole holiday hollow home honey hood hope horn horror horse hospital host hotel hour hover hub huge human humble humor hundred hungry hunt hurdle hurry hurt husband hybrid ice icon idea identify idle ignore ill illegal illness image imitate immense immune impact impose improve impulse inch include income increase index indicate indoor industry infant inflict inform inhale inherit initial inject injury inmate inner innocent input inquiry insane insect inside inspire install intact interest into invest invite involve iron island isolate issue item ivory jacket jaguar jar jazz jealous jeans jelly jewel job join joke journey joy judge juice jump jungle junior junk just kangaroo keen keep ketchup key kick kid kidney kind kingdom kiss kit kitchen kite kitten kiwi knee knife knock know lab label labor ladder lady lake lamp language laptop large later latin laugh laundry lava law lawn lawsuit layer lazy leader leaf learn leave lecture left leg legal legend leisure lemon lend length lens leopard lesson letter level liar liberty library license life lift light like limb limit link lion liquid list little live lizard load loan lobster local lock logic lonely long loop lottery loud lounge love loyal lucky luggage lumber lunar lunch luxury lyrics machine mad magic magnet maid mail main major make mammal man manage mandate mango mansion manual maple marble march margin marine market marriage mask mass master match material math matrix matter maximum maze meadow mean measure meat mechanic medal media melody melt member memory mention menu mercy merge merit merry mesh message metal method middle midnight milk million mimic mind minimum minor minute miracle mirror misery miss mistake mix mixed mixture mobile model modify mom moment monitor monkey monster month moon moral more morning mosquito mother motion motor mountain mouse move movie much muffin mule multiply muscle museum mushroom music must mutual myself mystery myth naive name napkin narrow nasty nation nature near neck need negative neglect neither nephew nerve nest net network neutral never news next nice night noble noise nominee noodle normal north nose notable note nothing notice novel now nuclear number nurse nut oak obey object oblige obscure observe obtain obvious occur ocean october odor off offer office often oil okay old olive olympic omit once one onion online only open opera opinion oppose option orange orbit orchard order ordinary organ orient original orphan ostrich other outdoor outer output outside oval oven over own owner oxygen oyster ozone pact paddle page pair palace palm panda panel panic panther paper parade parent park parrot party pass patch path patient patrol pattern pause pave payment peace peanut pear peasant pelican pen penalty pencil people pepper perfect permit person pet phone photo phrase physical piano picnic picture piece pig pigeon pill pilot pink pioneer pipe pistol pitch pizza place planet plastic plate play please pledge pluck plug plunge poem poet point polar pole police pond pony pool popular portion position possible post potato pottery poverty powder power practice praise predict prefer prepare present pretty prevent price pride primary print priority prison private prize problem process produce profit program project promote proof property prosper protect proud provide public pudding pull pulp pulse pumpkin punch pupil puppy purchase purity purpose purse push put puzzle pyramid quality quantum quarter question quick quit quiz quote rabbit raccoon race rack radar radio rail rain raise rally ramp ranch random range rapid rare rate rather raven raw razor ready real reason rebel rebuild recall receive recipe record recycle reduce reflect reform refuse region regret regular reject relax release relief rely remain remember remind remove render renew rent reopen repair repeat replace report require rescue resemble resist resource response result retire retreat return reunion reveal review reward rhythm rib ribbon rice rich ride ridge rifle right rigid ring riot ripple risk ritual rival river road roast robot robust rocket romance roof rookie room rose rotate rough round route royal rubber rude rug rule run runway rural sad saddle sadness safe sail salad salmon salon salt salute same sample sand satisfy satoshi sauce sausage save say scale scan scare scatter scene scheme school science scissors scorpion scout scrap screen script scrub sea search season seat second secret section security seed seek segment select sell seminar senior sense sentence series service session settle setup seven shadow shaft shallow share shed shell sheriff shield shift shine ship shiver shock shoe shoot shop short shoulder shove shrimp shrug shuffle shy sibling sick side siege sight sign silent silk silly silver similar simple since sing siren sister situate six size skate sketch ski skill skin skirt skull slab slam sleep slender slice slide slight slim slogan slot slow slush small smart smile smoke smooth snack snake snap sniff snow soap soccer social sock soda soft solar soldier solid solution solve someone song soon sorry sort soul sound soup source south space spare spatial spawn speak special speed spell spend sphere spice spider spike spin spirit split spoil sponsor spoon sport spot spray spread spring spy square squeeze squirrel stable stadium staff stage stairs stamp stand start state stay steak steel stem step stereo stick still sting stock stomach stone stool story stove strategy street strike strong struggle student stuff stumble style subject submit subway success such sudden suffer sugar suggest suit summer sun sunny sunset super supply supreme sure surface surge surprise surround survey suspect sustain swallow swamp swap swarm swear sweet swift swim swing switch sword symbol symptom syrup system table tackle tag tail talent talk tank tape target task taste tattoo taxi teach team tell ten tenant tennis tent term test text thank that theme then theory there they thing this thought three thrive throw thumb thunder ticket tide tiger tilt timber time tiny tip tired tissue title toast tobacco today toddler toe together toilet token tomato tomorrow tone tongue tonight tool tooth top topic topple torch tornado tortoise toss total tourist toward tower town toy track trade traffic tragic train transfer trap trash travel tray treat tree trend trial tribe trick trigger trim trip trophy trouble truck true truly trumpet trust truth try tube tuition tumble tuna tunnel turkey turn turtle twelve twenty twice twin twist two type typical ugly umbrella unable unaware uncle uncover under undo unfair unfold unhappy uniform unique unit universe unknown unlock until unusual unveil update upgrade uphold upon upper upset urban urge usage use used useful useless usual utility vacant vacuum vague valid valley valve van vanish vapor various vast vault vehicle velvet vendor venture venue verb verify version very vessel veteran viable vibrant vicious victory video view village vintage violin virtual virus visa visit visual vital vivid vocal voice void volcano volume vote voyage wage wagon wait walk wall walnut want warfare warm warrior wash wasp waste water wave way wealth weapon wear weasel weather web wedding weekend weird welcome west wet whale what wheat wheel when where whip whisper wide width wife wild will win window wine wing wink winner winter wire wisdom wise wish witness wolf woman wonder wood wool word work world worry worth wrap wreck wrestle wrist write wrong yard year yellow you young youth zebra zero zone zoo

Ha, check out word 1532

satoshi

Talk about words that don't belong :D That's a bit on the nose. Every other word is a basic one from the dictionary.
I'll let it slide.