Who can explain how BIP-39 phrases work?

[King of Gods]

What is checksum used in BIP-39 and what is it for? I don’t trust programs that generate 12 words, since I don’t know what algorithm they are working on, and for this I wanted to take 12 words from the total 2048 bip-39 word list, but if I do, and after that I want to get using my words to access my wallets, for example using this script https://github.com/iancoleman/bip39 I get an error Invalid mnemonic.

I'm in a dead end, I'm afraid if I use the 12 words that I chose from the general list, because of the checksum error, I will lose my bitcoins in the future, please clarify. I'm at a dead end, I'm afraid if I use the 12 words that I chose myself from the general list of words, I will lose my bitcoins in the future because the programs will not want to accept my words, because of the checksum error. You can help me? How can I convert my 12 words that I chose myself, from a list of 2048 words, into a wallet?

At the moment I can choose any 12 words at my discretion, and Electrum will accept them, but with an unkown wordlist error.

Can you explain to me how the checksum check works, and what is it for in BIP-39?

[xbtcl]

You can use https://github.com/iancoleman/bip39/releases/latest on offline computer and write down generated seed to paper

[bob123]

The last 7 bit of a 12 word seed are the checksum.

A checksum is to prevent typos. It is a way to easily know whether your seed is a valid one or not.

The probably fastest way would be to choose 11 words from the list, and then try out the 12th word. You need to try out 16 different words for the last spot ON AVERAGE to receive a valid checksum.


But.. please note that a human brain choosing those words from the list can NEVER be as random as a random number generator. You are giving away quite some bits of strength.

[HCP]

You're doing BIP39 wrong... the process is explained quite clearly within the BIP39 documentation here: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#generating-the-mnemonic

You don't START with 12(/15/18/21/24) words... you start with the necessary amount of ENTROPY... ie. a very large random number.

We refer to the initial entropy length as ENT. The allowed size of ENT is 128-256 bits.

First, an initial entropy of ENT bits is generated.

So, you can use dice or whatever other RNG process you prefer to create your 128-256 bits worth of ENT (ie. 128 coin flips)... then you calculate the checksum:

A checksum is generated by taking the first ENT / 32 bits of its SHA256 hash. This checksum is appended to the end of the initial entropy.

So, you SHA256 your ENT... then take the first bits of this hash and append it to the end...

The following table describes the relation between the initial entropy length (ENT), the checksum length (CS) and the length of the generated mnemonic sentence (MS) in words.

CS = ENT / 32
MS = (ENT + CS) / 11

|  ENT  | CS | ENT+CS |  MS  |
+-------+----+--------+------+
|  128  |  4 |   132  |  12  |
|  160  |  5 |   165  |  15  |
|  192  |  6 |   198  |  18  |
|  224  |  7 |   231  |  21  |
|  256  |  8 |   264  |  24  |

To get from this very large number to the actual mnemonic... you then convert your ENT+CHECKSUM into words by chopping it into 11bit chunks... each 11bit chunk represents a number from 0-2047... you use this to lookup the words in the 2048 word list.

For instance... say that you generated ENT+CHECKSUM (converted to binary) started out with the following binary sequence:
10010110111011011011100010110001011101010110.....

this would split into 11 bit chunks as:
10010110111 01101101110 00101100010 11101010110....

which converts to decimals as:
1207 878 354 1878....

Which converts to the words from the BIP39 English Wordlist:
notice horse clump turn....

(note: you have to add 1... as the bit range values are 0-2047, but the wordlist as shown on github is indexed from 1-2048)

You can help me? How can I convert my 12 words that I chose myself, from a list of 2048 words, into a wallet?

If you want to choose your own (a really bad idea btw)... you will be able to choose 11... and then the 12th word you'll need to find through trial and error to find the one or two that generate the correct checksum.

Also, note that Electrum does NOT use BIP39 unless you select the "Options" button and check the "BIP39 Seed" option. It uses it's own custom (NON-BIP39) method for calculating seed checksums etc.

The last 7 bit of a 12 word seed are the checksum.

It's not... it's only 4 bits for a 12 word seed, as per the table above from the BIP39 docs

[pooya87]

(note: you have to add 1... as the bit range values are 0-2047, but the wordlist as shown on github is indexed from 1-2048)

be careful that you have to add that 1 only if you are choosing the words manually by looking at that list, as in (1207=1208^th word).
but you never do that since you would be using a programming language and these words are placed in an array and AFAIK in all language arrays start from index 0. so in your array the word at index 1207 is the same as 1208^th word in that list.

[bitmover]

What is checksum used in BIP-39 and what is it for? I don’t trust programs that generate 12 words,

Everywhere I read about cryptography , all those smart guys say that humans are a terrible source of randomness. We are always trying to make a pattern or something like that.

If you want security, and don't want someone to brute Force or to somehow discover your keys, you definitely should try some reliable program to generate your seed/keys. That's the most common advice i see out there. As I am not a genius, I just follow it

You can help me? How can I convert my 12 words that I chose myself, from a list of 2048 words, into a wallet?

https://iancoleman.io/bip39/

In this website you can put any 12 words ant it will generate thousands of addresses and privatekey for them
Use it only of you have an airgapped (offline) computer, otherwise there is a small risk that someone may be watching (if infected computer).

For educational purposes, try your words there  ... If checksum fails, it will Tell you.

[HCP]

be careful that you have to add that 1 only if you are choosing the words manually by looking at that list, as in (1207=1208^th word).
but you never do that ...

OP wants to manually choose his own words... so that is EXACTLY what he is trying to do

... since you would be using a programming language and these words are placed in an array and AFAIK in all language arrays start from index 0.

While most of the popular languages do index from 0, off the top of my head LUA and XPath/XQuery both index from 1. Turns out there are also a few others... (refer: "Default Base Index" column)