Bitcoin Forum
December 15, 2024, 06:13:28 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Seed phrase security (post-quantum)
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Seed phrase security (post-quantum)  (Read 130 times)
Adam_xx (OP)
Jr. Member
*
Offline Offline

Activity: 34
Merit: 35


View Profile
January 18, 2023, 09:56:25 AM
 #1
If a user wants to use the mnemonic seed words for his wallet even in a few years/decades/..., will the same 24word seed be safe even in the post-quantum era? According to the BIP39 standard, it is protected by the HMAC SHA-512 hash function, so we assume that it is quantum-resistant (at least 256 bits of security post-quantum?). Let's not talk if QC are a real "threat", what the PQC will look like but just discuss the safety of those 24 words.

1) Do you think that from a UX point of view it will be possible to keep the existing seed and just generate a new PQC keys with a new derivation path?

2) I assume users with 12 words (128 bits of entropy without passphrase) would have to migrate to 24 words (256 bits of entropy) as 128 bits entropy is probably reduced to only 64 bits with Grover's algorithm.
hosseinimr93
Legendary
*
Offline Offline

Activity: 2618
Merit: 5743



View Profile
January 18, 2023, 10:44:20 AM
 #2
Take note that any bitcoin private key provides 128 bits of security and with increasing number of words in your seed phrase to more than 12, you don't increase your security.
Instead of trying to brute-force your seed phrase, the attacker can try brute-forcing the private key which provides the same security as a 12 word BIP39 seed phrase.
▄▄███████▄▄
▄██████████████▄
▄██████████████████▄
▄████▀▀▀▀███▀▀▀▀█████▄
▄█████████████▄█▀████▄
███████████▄███████████
██████████▄█▀███████████
██████████▀████████████
▀█████▄█▀█████████████▀
▀████▄▄▄▄███▄▄▄▄████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀
.
 MΞTAWIN  THE FIRST WEB3 CASINO   		.
.. PLAY NOW ..
Adam_xx (OP)
Jr. Member
*
Offline Offline

Activity: 34
Merit: 35


View Profile
January 18, 2023, 10:46:35 AM
 #3
Quote from: hosseinimr93 on January 18, 2023, 10:44:20 AM
Take note that since any bitcoin private key provides 128 bits of security, with increasing number of words in your seed phrase to more than 12, you don't increase your security.
Instead of trying to brute-force your seed phrase, the attacker can try brute-forcing the private key which provides the same security as a 12 word BIP39 seed phrase.

Let's just focus on those seed words, not ECDSA security. If we assume there will be some post-quantum cryptography and we will make a new wallet, will it be safe to generate the new wallet from the old seed? That is my point.
Adam_xx (OP)
Jr. Member
*
Offline Offline

Activity: 34
Merit: 35


View Profile
January 18, 2023, 01:11:09 PM
 #4
Quote from: ETFbitcoin on January 18, 2023, 12:19:31 PM
Honestly i fail to see risk of quantum-computer towards BIP 39 mnemonic seed. There's no data which can be used by quantum-computer to perform attack. For comparison, Bitcoin address become vulnerable when it's public key is revealed.

Thanks. I agree with you. The best possible attack is probably simply the brute-forcing process which could be potentially (if QC will ever be that powerful enough) dangerous for 12word mnemonic seeds (Grover's algorithm could brute-force a 128-bit symmetric cryptographic key in roughly 2^64 iterations). Using 24word seed is probably safe.
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > Seed phrase security (post-quantum)
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!