How to safely split mnemonic seed

[hobbes]

If I wanted to split the seed in two parts would this procedure make sense for split cold storage:

* Generate two normal seeds by starting Electrum without datadir or via -w (part1 and part2)
* concatenate the two parts with a single space in between
* use concatenated parts as input to "restore from seeds"
* put one part to a safe place (bank locker); keep the other one safe, too
* restore from concatenated parts whenever necessary

edit: the parts should be nice words like the mnemonic electrum seed

[atweiden]

You may want to give Shamir's Secret Sharing Scheme a look.

Code:

$ electrum getseed
{
    "mnemonic": "flicker determine hand lot slowly world busy find character vain roam gift", 
    "seed": "168c6cdde03ce18aebc73e139b10b0b7", 
    "version": 4
}

Code:

$ ssss-split -t 2 -n 2
Generating shares using a (2,2) scheme with dynamic security level.
Enter the secret, at most 128 ASCII characters: flicker determine hand lot slowly world busy find character vain roam gift
Using a 592 bit security level.
1-c13342dec5abc18db404094767c9e4900a0c28e4792e3e8f3af3227159af1bcb7df38e7e74a638293fd0b644a1515c477c25451b152bf9ffaa192f52620f19949db9b2a82b6617726340
2-4c41df29db5f35d873039d71983b67b96b9a856fbc83ba23c9f9b33980ebf804f791edcb955e23a6aa8f8cdd8f4e887da4a56caa0b02f4bafff38d26b4e60b18cdc50210c81d03497586

Code:

ssss-combine -t 2
Enter 2 shares separated by newlines:
Share [1/2]: 1-c13342dec5abc18db404094767c9e4900a0c28e4792e3e8f3af3227159af1bcb7df38e7e74a638293fd0b644a1515c477c25451b152bf9ffaa192f52620f19949db9b2a82b6617726340
Share [2/2]: 2-4c41df29db5f35d873039d71983b67b96b9a856fbc83ba23c9f9b33980ebf804f791edcb955e23a6aa8f8cdd8f4e887da4a56caa0b02f4bafff38d26b4e60b18cdc50210c81d03497586
Resulting secret: flicker determine hand lot slowly world busy find character vain roam gift

Make some QR codes.

Code:

function qrshow() { qrencode -s 10 "$1" -o - | display - ; }

Code:

qrshow 1-c13342dec5abc18db404094767c9e4900a0c28e4792e3e8f3af3227159af1bcb7df38e7e74a638293fd0b644a1515c477c25451b152bf9ffaa192f52620f19949db9b2a82b6617726340

Code:

qrshow 2-4c41df29db5f35d873039d71983b67b96b9a856fbc83ba23c9f9b33980ebf804f791edcb955e23a6aa8f8cdd8f4e887da4a56caa0b02f4bafff38d26b4e60b18cdc50210c81d03497586

[hobbes]

Thanks but I would like the seed parts to be nice words like the mnemonic electrum seed...

Abdussamad helpfully noted ssss, too, in the other thread I posted. I found there is a whole electrum forum so I thought I would create an extra thread.

I had hoped one of the electrum devs could easily tell if my procedure is safe or not. ?

[Abdussamad]

If I wanted to split the seed in two parts would this procedure make sense for split cold storage:

* Generate two normal seeds by starting Electrum without datadir or via -w (part1 and part2)
* concatenate the two parts with a single space in between
* use concatenated parts as input to "restore from seeds"

A seed is supposed to be 12 words so I don't think a 24 word seed is going to work.

edit: Oh wow I just tried it and 24 word seeds work too! Amazing 

[Abdussamad]

Hobbes you should see this:

On a related question, will seeds that are more than 12 words (and multiples of 3) always be supported? It came up in this thread where hobbes talks about concatenating 2 wallet seeds to create a 24 word seed:

https://bitcointalk.org/index.php?topic=354261.0

in version 2.0, the seed phrase will be hashed in order to generate the master public key.
thus, any phrase length will be supported.

However, in order to recognize seeds from version < 2, I plan to check if the number of words is 12.
so it's probably not a good idea to create 24 words seeds now.

[hobbes]

Hobbes you should see this:

On a related question, will seeds that are more than 12 words (and multiples of 3) always be supported? It came up in this thread where hobbes talks about concatenating 2 wallet seeds to create a 24 word seed:

https://bitcointalk.org/index.php?topic=354261.0

in version 2.0, the seed phrase will be hashed in order to generate the master public key.
thus, any phrase length will be supported.

However, in order to recognize seeds from version < 2, I plan to check if the number of words is 12.
so it's probably not a good idea to create 24 words seeds now.

Thank you! Will answer over there.

[BkkCoins]

You should be able to use N number of 12 word seeds and combine them using the hex representations to give you a single 12 word actual wallet seed. The only thing you need for this is a way to generate 12 word seeds and sum them.

In my github misc repo I have a collection of seed utilities that allow you to do this and more.

Like this,

for x in 1 2; do ./seed; done | ./addseeds

seed is my util for generating a seed (it uses code extracted from Electrum)
addseeds will read stdin and sum the seeds (whether hex or 12-words) and output sum

The line above generates and prints 2 seeds and then the sum seed.

You can use the same addseeds to re-combine later like this,

echo -e "first 12 words\n2nd 12 words" | ./addseeds

or can read from a file,

cat myseeds.txt |./addseeds

(prints both inputs and output sum)

-----

I would also note I have a simple util there called b2b that converts bases using alphabets for each base. With this you can roll dice and output hex values to create seeds using hexseeds. eg. with dice rolls (need something like 99 rolls, not just a few as here), base 6 to hex,

./b2b 1624351  123456  0123456789abcdef

[dmcdad]

Hi Bkk,

Thanks for sharing your utilities on github. I tried using the mkseeds script but I don't believe I understand the results. Here is an example:

curtain explain between grey wrote class climb creep tumble home engine long
1NYbAH5G51SFzL6QCtL2raZGQKU66KaUTw
1K4WMG9GhVdJiXaJdyboivaycB1Rvczh88
1PPTztU3SpiWKG26Vjyc8naU6jrmieJG65
19Dg2qFuXYDgBJ1Tr6cRViT4hGEj74JdWM
1KRomai4uBuMiV2CRu14YyA8B6aTH1HKHx

However, if I input the seed (curtain explain between grey wrote class climb creep tumble home engine long) into Electrum to restore a wallet then I don't get any of those addresses. Instead I get these receiving addresses:

144qz67Nocpm2iaqfJXP4Q4aj8cCuYbGmE
15T7K5X7kfLabSHriFx1dWK8VV17prmPhp
12rZg9dD8gHpQejNMSWRQva5jwwzAu6Twg
1FPFBu4ZsnZSWRQyjsXsMNLDHiGTa5cW4u
14K47NZPBVMTRFcsnJjUEpiLdvdot84wWp

Shouldn't those public addresses match the ones generated by mkseeds, or am I confused?

-dmc