Bitcoin Forum

I don't like the idea of storing much money on my computer. My idea of sensible wallet security for a savings wallet is a paper bitcoin wallet, such as those produced by Casascius (http://www.casascius.com).

As I understand it, using one of his paper wallet key-pairs, I send money to an address and it is basically stored in the block chain. At some time in the future, I can retrieve it using the matching private key. There's no easy way for me to do that right now, but at some point I assume I'll be able to open up a bitcoin client anywhere, enter the private key, and be able to send the bitcoins stored at that address wherever I want.

The important thing is to safeguard the private key, like in a safe deposit box, my pocket, under the front door mat, etc. Some places are better than others. What I don't want to do is have "5E0FA615 F39B0CA5 99E68C40 11763580 C323E216 6919D19F A53C7C86 41F3069F" online as a string somewhere where someone might run across it, as if they do and recognise what it is they can access my money just as easily as I can.

But what if there was an easy way to hide this number in plain sight online, where no-one else is likely to find it, but I can?

Enter Spruce Codes.

My idea is to start with a private key in hex format, 16 characters 0-9 A-F, 64 characters total, like the string above.

The language is divided into 16 equal parts, using a standard dictionary. For this example, I used 3711 pages of the Shorter Oxford English Dictionary, and just picked a word every 232 pages. I invented some of the words as I'm in a mad rush right now. Result:

0 aaa - big
1 biga - common
2 commonable - disc
3 discal - fang
4 fanged - grim
5 grimace - insect
6 insecta - loan
7 loana - muck
8 mucka - pant
9 panta - prefer
A prefera - rest
B resta - sham
C shama - stem
D stema - thrill
E thrilla - urge
F urgea - zzz

Figures are ignored. Common English words are ignored, but these need to be exactly specified. For the sake of this post, I'm just using the first 50 of this Wikipedia list (http://en.wikipedia.org/wiki/Most_common_words_in_English).

So one writes an article, or blog post, or book, or whatever, containing somewhere in it the words ". . . [realization] (that) tomorrow (and) (in) all weathers, Quentin Johnson, born (in) (a) happy . . ." or whatever words one chooses from the ranges available.

One needs to remember the keyword, which is the point where the code (actually substitution cipher, I believe) starts, and be able to locate the article online. Here, "realization" is the keyword. The code words are as below. The words in parentheses are common English words that are just padding to make it possible to write something hopefully fluent.

5 always equivalent to the keyword, here "realization"
E tomorrow
0 all
F weathers
A Quentin
6 Johnson
1 born
5 happy
etc.

One can write a dozen different items using different words and aliases, if needed.

-----

To standardise it, once tweaked I would put this online. Along with instructions and a list of common words to ignore. It would be useful to have a box where someone could enter a word and it would spit out either the appropriate hex character or that it is a common word and should be ignored. However, I would not want the user to enter his entire proposed article just to make sure that the hex code that comes out matches what he has!

-----

My question is, how safe is this scheme?

Everything online could be considered to be a nearly-infinite set of Spruce Codes. So "The policy to not remove anything worked when the forum was small. Now that we have thousands of posts a day, we can't afford 50% of them being junk. The moderators are now instructed to be less tolerant of low-value posts" becomes "(The) 9 (to) (not) A 0 F F (the) 4 (was) C 8 (that) (we) (have) D (of) 9 (a) 2 (we) 1 0 (50%) (of) D 0 6 (The) 7 (are) 8 6 (to) (be) 6 E (of) 7 9" or "9A0FF4C8D9210D067866E79."

If the hacker — and there will be a large number of treasure hunters if this becomes popular! - KNOWS that a particular article contains a private key, it would be trivial to try the very limited number of possibilities and (1) see if any of the 64-character strings are possibly valid private keys, and (2) generate an address that is on the block chain. But what if he can't limit his target to one article and has to search the whole Internet, apart from things definitely in place before today? How secure is this method, without getting more complex about it?

I don't think I would want my private key to be dependent on whether stuff gets deleted or not. But possibly if it was split using shared secrets method (Shamir) first, then encoded and put in several places. Maybe then. But more likely I'd split it and place it in several known places, so people would have to know where each is to rebuild the key, and if some pieces were lost it could still be done.

Oh. And of course I would run it thru GPG first. I also like the idea of using PaperBack to print it out but that doesn't seem to be ported to Linux yet.

Thanks for the reply. I'm aiming more at the lesser end of the crypto-aware spectrum.

I don't have access to my regular computer for a few days, so can't add much right now. I will do in a few days.

To make it easier to encode, perhaps this revised scheme is better. The numbers in parentheses are the number of pages in a concise OED that the letter occupies.

0 a (61)
1 b (65)
2 c (111)
3 d (66)
4 ef (98)
5 gh (91)
6 ijk (65)
7 l (48)
8 m (65)
9 no (63)
A p (108)
B qr (76)
C sa-sn (~84)
D so-sz (~84)
E t (74)
F u-z (68)

I need to work out the best list of common words to ignore. Too short a list and it becomes hard to construct a piece of writing. Too long a list and it gets unnecessarily complicated.

Some other points too but I'll stick it all up on a website in a few days. Gotta go now.

God I hate when it is too early to grasp everything in the more detailed threads.  I am of course for this in theory, going to have to wake up more and re-read the post, but best of luck with this in concept so far lol

lol

I wrote earlier of my lack of confidence in securing my bitcoin wallet on my computer. You could say that I look discombobulatedly at trojans and assorted viruses. I need help before they focus their venom on my defenceless money. Presumably amassing my reserves in an offline fashion will mean more trust in my holdings.

Let's review the encoding arrangement that I said before. It begins with knowing the Hex display featured in the keys already requested and delivered from Casascius (http://casascius.com). Dividing one into tiny chunks best helps. Hopefully one can make some blurb meaningful. SpruceCodes.com (http://sprucecodes.com) has a businessman's massive wordlist.

But it doesn't need its famous diplomats! Really. Including people renowned like Lohan and Hilton is essential. This basic wordlist database is awaiting some guy — myself — to update it ASAP. Needless to say, it's a lot of work. Sorry, I digress. But that 10,000 word list I adapted from one online is annoying as it seems to have been compiled from a bunch of business sites and contains relatively obscure company names and terms and politicians, and very few items from popular culture like celebrities or sportspeople. Also it contains derivatives like loves and loved and loving instead of simply love. I will edit these out, but it all takes a lot of time.

Hopefully the SpruceCodes website (http://sprucecodes.com) has propagated globally by now. It contains that wordlist and full instructions and an example of encoding a private Hex key in an open message — security through obscurity. In general the message doesn't have to be online, as it could be in a letter or a report you keep in your papers at home or at the office. Or maybe in your diary or journal. It doesn't matter as long as you remember where it is! You also need to remember the KEYWORD that shows where the encoded Hex key starts.

In the example I'll give briefly here, and which is detailed on the SpruceCodes website, the keyword is DISCOMBOBULATEDLY. The encoded message is near the start of this very post, as you might have guessed from the somewhat strained language.

The decoding would start off like this, using the word list on my site. The small common words in parentheses, all of which are shown in red in the wordlist, are ignored:

discombobulatedly (KEYWORD) --> 5 (The initial 5 always represents the keyword, whatever letter it starts with)
(at) trojans --> E
(and) assorted --> 0
viruses --> F
(I) need --> A
help --> 6
before --> 1
(they) focus --> 5
(their) venom --> F
(on) (my) defenceless --> 3
money --> 9
...

The private Hex key hidden in the open message above is 5E0FA615F39. . . . As it happens, the public address connected to that key is in the block chain and contains a small amount of money. Finders keepers for whoever gets there first. :)

-----

EDIT: I was going to write a page on the website and a post in this thread about Image Steganography, or hiding bitcoins in a regular image using a simple hex editor. However, having looked into it a bit more thoroughly I don't think it's a good idea at all. For one thing it must be done using a computer, and here we are trying to avoid passing information about one's bitcoin savings through a computer. In addition, although it might be undetectable to the human eye, that an image contains additional information is detectable by a person examining the image with a computer. Finally, it is far too complicated for the kind of person I am aiming at with all this, and for me too. :)

Man, even if I could figure out the code, I've got no idea how to import private keys. I should figure that out.

Import/export of private keys may be included in bitcoin 0.4.0 (i.e. after 0.3.24).

That would be useful. Thank you Pieter. Personally, for a savings-wallet I would still obtain my private keys from a paper bitcoin wallet from Casascius, or some similar source, rather than trust the future security of one I generated from my own internet-connected computer. But I would probably have no qualms about importing a private key and then rapidly sending the bitcoins elsewhere using the regular client on my computer.

The "one-time" code is a better way to encode your paper wallet private key(s). It is somewhat similar to the famous crytographic one-time pad in terms of how you encode the plaintext.

The overall idea is to start with the private hex key, add a secret pass phrase to it, and end up with a completely different hex key. And the only way for anyone to discover the original hex key is to know the secret phrase.

The hex characters that make up the private hex key, and the alphabetical characters that make up the secret phrase, are paired together. Then each character is changed into a simple number using Table 1 and Table 2 below. For each pair, the numbers are added together to give a total. Each total is then translated into the equivalent hex number. Look at the example here to see how this works.

Table 1: Hex characters <--> Regular numbers

0 (see below)
1 <-->  1 or 17 or 33
2 <-->  2 or 18 or 34
3 <-->  3 or 19 or 35
4 <-->  4 or 20 or 36
5 <-->  5 or 21 or 37
6 <-->  6 or 22 or 38
7 <-->  7 or 23 or 39
8 <-->  8 or 24 or 40
9 <-->  9 or 25 or 41
0 <--> 10 or 26 or 42
A <--> 11 or 27
B <--> 12 or 28
C <--> 13 or 29
D <--> 14 or 30
E <--> 15 or 31
F <--> 16 or 32

Table 2: Alphabetical characters --> Regular numbers

space = 0 | a = 1 | b = 2 | c = 3 | d = 4 | e = 5 | f = 6 | g = 7 | h = 8 | i = 9 | j = 10 | k = 11 | l = 12 | m = 13 | n = 14 | o = 15 | p = 16 | q = 17 | r = 18 | s = 19 | t = 20 | u = 21 | v = 22 | w = 23 | x = 24 | y = 25 | z = 26 |

There shouldn't be any confusion among the O, 0, l, I and 1. The hex key letters stay in upper case, and the pass phrase letters stay in lower case.

Example:

Encoding

In detail, a private hex key fragment "...C09F3..." being encoded by the secret phrase "...gavin..." into "...4AE92..." follows:

1. Using Table 1, original hex character "C" is equivalent to 13. From Table 2, secret phrase character "g" is the 7th letter of the alphabet. Adding 13 and 7 gives 20. Using Table 1, 20 translates to the Hex character "4".

2. Using Table 1, original hex character "0" is equivalent to 10 (not 0). From Table 2, secret phrase character "a" is the 1st letter of the alphabet. Adding 10 and 1 gives 11. Using Table 1, 11 translates to the Hex character "A".

3. Using Table 1, original hex character "9" is equivalent to 9. From Table 2, secret phrase character "v" is the 22nd letter of the alphabet. Adding 9 and 22 gives 31. Using Table 1, 31 translates to the Hex character "E".

4. Using Table 1, original hex character "F" is equivalent to 16. From Table 2, secret phrase character "i" is the 9th letter of the alphabet. Adding 16 and 9 gives 25. Using Table 1, 25 translates to the Hex character "9".

5. Using Table 1, original hex character "3" is equivalent to 3. From Table 2, secret phrase character "n" is the 14th letter of the alphabet. Adding 3 and 14 gives 17. Using Table 1, 17 translates to the Hex character "1".

So the hex key fragment "...C09F3..." has been encoded by the secret phrase "...gavin..." into "...4AE91..." as intended.

To decode, one does the reverse. I'll just note the first two:

1. Using Table 1, encoded hex character "4" is equivalent to 4 or 20 or 36. From Table 2, secret phrase character "g" is the 7th letter of the alphabet. 20 minus 7 equals 13. Using Table 1, 13 translates to the original hex character "C".

2. Using Table 1, encoded hex character "A" is equivalent to 11 or 27. From Table 2, secret phrase character "a" is the 1st letter of the alphabet. 11 minus 1 equals 10. Using Table 1, 10 translates to the original hex character "0".

-----

Here is the start of an example of encoding a full private hex key.

The full private hex key "5E0F A615 F39B 0CA5 99E6 8C40 1176 3580 C323 E216 6919 D19F A53C 7C86 41F3 069F" being encoded by the secret phrase "my girlfriend jennifer harris loves to drink pink unicorn urine" into "5B3F 2E31 6521 ..." would start off like this:

5 --------------------------------------> 5
E --> 15   m = 13   15 + 13 = 28   28 --> B
0 --> 10   y = 25   10 + 25 = 35   35 --> 3
F --> 16   (space) = 0   16 + 0 = 16   16 --> F
            
A --> 11   g = 7   11 + 7 = 18   18 --> 2
6 --> 6   i = 9   6 + 9 = 15   15 --> E
1 --> 1   r = 18   1 + 18 = 19   19 --> 3
5 --> 5   l = 12   5 + 12 = 17   17 --> 1

etc.


To decode 5B3F 2E31 ... using "my girl..." would go like this:

5 ------------------------------------> 5
B --> 12 or 28. m = 13. 28 - 13 = 15. 15 --> E
3 --> 3 or 19 or 35. y = 25. 35 - 25 = 10. 10 --> 0
F --> 16 or 32. (space) = 0. 16 - 0 = 16. 16 --> F

2 --> 2 or 18 or 34. g = 7. 18 - 7 = 11. 11 --> A
E --> 15 or 31. i = 9. 15 - 9 = 6. 6 --> 6
3 --> 3 or 19 or 35. r = 18. 19 - 18 = 1. 1 --> 1
1 --> 1 or 17 or 33. l = 12. 17 - 12 = 5. 5 --> 5

and so on.

-----

This is all much easier to do than the full language codes I detailed earlier in this thread. However, a bitcoin private hex key encoded like this still looks like a bitcoin private key. It might be a good idea to have it look like something else. :)