This is an opinion editorial by Wartime Microchad, a contributor to Bitcoin Magazine.
Since the introduction of Bitcoin Improvement Proposal (BIP) 39, Bitcoiners have had the ability to recall the information necessary to recover bitcoin funds stored on-chain using plaintext words. But it’s not easy to memorize – and then reliably recall at a later time – 12 or 24 unrelated, non-contiguous words, which means that most people make and store physical backups of those words instead of committing them to memory.
While this well-established approach is good for those who are confident in their physical security setup, it can be a big challenge for others, e.g. persons without permanent residence; those who need to travel or who live in areas of conflict/war zones; or those living in other settings where the storage of physical seed sets may be subject to safety, loss, damage or confiscation risk.
Running The Numbers
To put the scale of this problem into context:
- According to the UN refugee agency UNHCR, by the end of 2021, 89.3 million people had been forcibly displaced worldwide. For a large number of these people who fled their homes, they would have been able to take little more than the clothes on their backs and the personal belongings they could carry. Transporting any wealth along with personal belongings may have been an impossible challenge, and fraught with risk.
- According to the Nomade Embassy, nearly 5 million Americans identify as digital nomads and another 17 million aspire to this lifestyle. That’s 6.5% of the US population either currently or aspires to live a roving lifestyle. Frequent border crossings and living in rented accommodation can make it difficult to protect private keys.
- An estimated 35% of Americans rent their homes, and home sharing is increasing as home ownership collapses, especially among younger generations. It is not uncommon for personal belongings to disappear in shared housing.
So we wanted to create a way for bitcoiners facing these difficulties to more easily and reliably transport bitcoin across borders. We called the solution Border Wallets.
Patterns versus words
Imagine having five seconds to remember either (A) or (B) from the choices below.
The Science (™)
Some previous studies have shown that we are far more able to remember patterns compared to words after a longer period of time.
Being able to recognize shapes more easily than words also lends itself anecdotally—we tend to remember faces more easily than names (which makes sense, given that our vision and face recognition abilities predate our use of language).
This phenomenon is known as the “image superiority effect.”
The litmus test
Let’s see if this works.
Try to recall the missing words and the missing pattern from the example we showed above in the spaces. No cheating!
Memorization using border wallets and entropy nets
Border Wallets provide a method to remember seed sentences using three components:
- Entropy Grid: A randomized grid with all 2048 seed words.
- Pattern: User generated pattern(s) or cell coordinates.
- Final word “Number”: The last (checksum) seed word.
Combined, these three components make up your Border Wallet.
Entropy Grid Generator
Using our offline, browser-based entropy grid generator (EGG), users can generate their own entropy-secured, randomized grid of all 2048 BIP39-compliant seed words, and then apply a memorable pattern or set of cell coordinates to it – known only to them – to make a wallet.
While EGG is browser-based, it is designed to work offline on a PC, Mac, or Linux machine with airholes (or even using Tails) and runs locally in the browser. To use it, users download it, transfer it to the machine of their choice and start generating entropy nets.
Since each unique entropy net contains a complete list of all BIP39 seed words in randomized format, and users’ patterns exist only in their heads, users will store the entropy net (or its recovery phrase) physically or digitally. Since entropy nets include all 2048 Bitcoin seed words in a random format, all evil maid attacks are met with an upward difficulty adjustment significantly higher than if backups of plain text seed sentences were discovered. You can think of it as a firewall between your seed words and potential attackers.
Last word calculator and last word “Number”
EGG allows users to import the relevant 11 or 23 words from their entropy net to calculate the final checksum word. Besides the user’s pattern, the checksum is the only thing that needs to be remembered.
But to make this even easier, EGG includes a unique “final word number” feature. With this, instead of having to remember the word “pair”, users can only remember the number “5” – they can even write this number down on their entropy grid since it is itself meaningless and gives no clues about last word without the other words being known.
Users can also change the final word number to something more meaningful to them, although this also changes the final word itself. Therefore, if users change the number, the new checksum displayed must be used to set up the Border Wallet. We do not recommend users to change the number (since it is generated with entropy by the tool), but the option is there if desired.
Deterministic grid regeneration
When creating an entropy mesh, EGG provides the option to select deterministic entropy. By using 128 bits of entropy in the creation of these grids, we have the ability to generate 12-word recovery phrases that provide a plain text backup. Recovery phrases are automatically added to the bottom of deterministic entropy nets during generation.
At first glance, the provision of a 12-word recovery phrase may seem counterintuitive to the concept of Border Wallets – after all, we’re giving users the ability to remember seed words, not find new ways to write new ones down! However, some users may find value in having the ability to make handwritten or digital copies of regeneration words in some circumstances: for example, if they wish to store a copy of an entropy net with a third party (sibling, parent, child, etc..) for safekeeping .
Since all 12-word recovery phrases are valid BIP39 mnemonic phrases, this provides more options for deploying decoys on the resulting wallet or just having none at all. In the latter case, an attacker can spend money and resources trying to brute force a passphrase on a seed phrase that looks like it should have the means, but only unlocks an entropy net.
Gridception and the art of obfuscation
Since there is essentially zero cost to generate entropy grids, users can choose to generate dozens (or even hundreds) of individually numbered grids, saving their preferred grids among significant “noise”. Imagine having 100 unique and individually numbered entropy grids, where the user is the only person who knows which boards may have been used to generate the Border Wallet.
In fact, there is no reason why a user cannot generate multiple patterns – or even multiple entropy networks – to create a multisig wallet that they can carry in their head. Deterministic grids also unlock the possibility of introducing multigrid solutions where a primary entropy grid is encoded within other entropy grids. We call this gridception.
To do this, users would generate a grid and then construct a 12-word pattern to apply to that grid. They then take these 12 words and enter them into the “grid regeneration” tab of the EGG, producing a second grid. This can then be repeated to create new grids ad infinitum.
For entropy nets stored digitally, i.e. on one’s personal computer, USB flash drive or secure cloud storage, EGG has an option for users to encrypt and decrypt their entropy nets in the tool’s interface. Once users have created a secure password, they drag and drop the entropinet into the encryption tool, producing an encrypted .json file that they can then store more securely in digital format. To decrypt, the .json file is imported back into the tool and unlocked with the same secure password.
Handle randomization of seed words
For the “maximum” entropy grid – which uses a truly cosmic 19,580-bit entropy – EGG uses the Fisher-Yates shuffle algorithm and the browser’s cryptographically strong pseudo-random number generator seeded with truly random values to generate a random permutation of all BIP339 seed words.
The option to reproduce deterministic entropy grids using 12 words – created using 128-bit entropy – uses Gibson Research Corporation’s ultra-high entropy pseudo-random number generator.
Applications for Bitcoin and beyond
For Bitcoin, Border Wallets and entropy networks offer new applications and solutions for bitcoin cold storage and transport, legacy planning, gifts, third party custody assistance as well as, most obviously, border crossings.
Looking beyond Bitcoin, however, we envision that the idea could be applied to other decentralized protocols where seed words are used to back up user accounts, i.e. Nostr, Web5, and other decentralized identification systems.
This is a guest post by Wartime Microchad. Opinions expressed are entirely their own and do not necessarily reflect the opinions of BTC Inc. or Bitcoin Magazine.