Why is bip 39 a very much reoccurring word in Bitcoin

[Dakcrypto]

I was reading the Bitcoin book on github and i came I across the word bip which bitcoin improvement proposal and it wad kind of understandable but while reading forward i notice the bip 39 is a very much reoccurring word and i tried to understand what is meant by bip 39 but its seems difficult.

Help enlighten me on what the bip 39 is?.

[Churchillvv]

From  my little knowledge bip 39 is a Bitcoin improvement proposal that provides how wallet generates the string of words to create a mnemonic sentence which are the seed phrases. Its responsible for converting bunch of words like 12, 18 and 24 words seed phrases to addresses and private keys.

Its most used for wallet recovery because it contains a bunch of words that could help recover your lost wallets.

[logfiles]

The proposal was created around 2013, and it standardized the way mnemonic phrases for deterministic wallets were generated and restored, instead of using those hard to remember long strings of characters like a private key for each of the addresses in an HD (hierarchical deterministic) wallet. As you have noticed these days, creating a noncustodial wallet rotates around mnemonic phrases or what most people call seeds. Wallets are necessary if you want to use the Bitcoin network. That's why bip39 is so much talked about.

Check
1. https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
2. https://trezor.io/learn/a/what-is-bip39

[BitMaxz]

BIP39 is a standard used for generating mnemonic phrases or also known as seed phrase backup. It consists of 2048 words that are used to generate 12 to 24 words seed phrase.

All words are listed here https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

It is widely adopted that support other coins and it is mostly used on hardware wallets. They created BIP39 to make backup easier for users compared to saving all key pairs(Public and private keys).

If you are looking for more info about this better check the wiki here https://en.bitcoin.it/wiki/Seed_phrase

More here https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

[FinneysTrueVision]

Most wallets use the BIP39 standard for generating your wallet backups. Even altcoin wallets use BIP39 seed phrases. With this phrase you can restore all of your addresses and private keys in any wallet that is compatible with this standard.

[apogio]

Bitcoin consists of key-pairs (private - public).

BIP39 provides a way to deterministically produce the same pairs of keys by using the same set of 12 words.

So, it essentially offers an easy-to-read and easy-to-maintain backup solution for your keys. You only have to make sure you backup the 12 words (offline) and you will always have access to your keys. The keys are important because they allow you to spend the coins you have.

I don't like quoting myself, but I don't want to copy paste. This is how BIP39 works technically-wise:

Let's examine how BIP39 works.

So, your device generates 128 bits of entropy (assuming you want 12 words seed phrase). Then the entropy looks like this:

Code:

10001001011110001...001

Then the entropy is hashed with SHA256. From the output, you will hold only the first 4 bits.

So now you have 128 bits of entropy + 4 bits that are called "checksum".

We will split these 132 bits into 12 segments of 11-bits each.

Imagine something like:

Code:

10001001011
11000100100
...
01000100001

Now we will convert those binaries to decimals:

Code:

1099
1572
...
545

Let's go to the BIP39 wordlist and check where these numbers correspond to:

Code:

matter
settle
...
dune

[ABCbits]

I was reading the Bitcoin book on github

Help enlighten me on what the bip 39 is?.

Do you mean this book https://github.com/bitcoinbook/bitcoinbook? If yes, you need to read entire chapter 5 which already explain about BIP 39. Anyway, it'd be great if you have more specific question about BIP 39.

[NotATether]

BIP39 provides a way to deterministically produce the same pairs of keys by using the same set of 12 words.

The deterministic generation part was technically created in BIP32 and BIP44 not BIP39.

That's where derivation paths and the process of creating private keys from other private keys came from. Eg. m/44'/0'/0' syntax was invented by those two BIPs.

BIP39 invented the word list that you can use to generate all those private keys from.

[fasttimes]

Most wallets use the BIP39 standard for generating your wallet backups. Even altcoin wallets use BIP39 seed phrases. With this phrase you can restore all of your addresses and private keys in any wallet that is compatible with this standard.

but this is not native to btc core, correct? so if one uses a "seed phrase" for their keys, they always need some sort of software wallet to.....im not sure how to say it. make the seed phrase usable?

[pooya87]

Most wallets use the BIP39 standard for generating your wallet backups. Even altcoin wallets use BIP39 seed phrases. With this phrase you can restore all of your addresses and private keys in any wallet that is compatible with this standard.

but this is not native to btc core, correct? so if one uses a "seed phrase" for their keys, they always need some sort of software wallet to.....im not sure how to say it. make the seed phrase usable?

That's correct. The reference implementation of Bitcoin called "bitcoin core" doesn't support mnemonic algorithms so if you want to use your BIP39 mnemonic in it you'll have to derive the extended private key (xprv) from that seed phrase and then import that into core using "getdescriptorinfo" command with the desired derivation path.

[fasttimes]

Most wallets use the BIP39 standard for generating your wallet backups. Even altcoin wallets use BIP39 seed phrases. With this phrase you can restore all of your addresses and private keys in any wallet that is compatible with this standard.

but this is not native to btc core, correct? so if one uses a "seed phrase" for their keys, they always need some sort of software wallet to.....im not sure how to say it. make the seed phrase usable?

That's correct. The reference implementation of Bitcoin called "bitcoin core" doesn't support mnemonic algorithms so if you want to use your BIP39 mnemonic in it you'll have to derive the extended private key (xprv) from that seed phrase and then import that into core using "getdescriptorinfo" command with the desired derivation path.

i know these are broadly used (seed phrases) but are any experts on these boards concerned about having to rely on more than btc core and using or possibility losing the ability to use them in the future (losing your keys?) due to not having access to the software to access (apps that implement BIP39)

is that idea i have unfounded?

[pooya87]

i know these are broadly used (seed phrases) but are any experts on these boards concerned about having to rely on more than btc core and using or possibility losing the ability to use them in the future (losing your keys?) due to not having access to the software to access (apps that implement BIP39)

is that idea i have unfounded?

BIP39 algorithm is open source (is known) and pretty straight forward so it is very easy to implement. This means there isn't a need for a special software written by some super expert programmer to be used. If you know basic programming you can write a tiny script that performs what's needed in BIP39 to convert your seed phrase to a private key.

[Pmalek]

That's correct. The reference implementation of Bitcoin called "bitcoin core" doesn't support mnemonic algorithms so if you want to use your BIP39 mnemonic in it you'll have to derive the extended private key (xprv) from that seed phrase and then import that into core using "getdescriptorinfo" command with the desired derivation path.

Some people may hate me after I say this, but Bitcoin Core isn't a very newbie-friendly bitcoin wallet. BIP39 has been around for a decade, and they could have added support for it. The developers either don't want to, don't see a great need for it, or there aren't enough requests to add it. Sure, you can use the master private key instead, but it's even easier with a seed. Bitcoin Core's biggest plus is the full-node feature and being able to use a locally verified copy of the blockchain. Bitcoin Core as a wallet is of secondary importance and isn't for everyone.

[Forsyth Jones]

-

It would be much more practical to support mnemonics in bitcoin core, at least for import, instead of using xprivs in the descriptor, we would have an extra function to import a descriptor containing a mnemonic, e.g.:
importdescriptors '[{"desc":"combo(bip39([word1,word2,word3...],passphrase/0/*))#fingerprint","timestamp":"now"}]'

By the way, is there a safer way to get the xpriv root bip32 to import into bitcoin core as a descriptor without using iancolam.io, since it is an html file that opens in the browser?

[Pmalek]

By the way, is there a safer way to get the xpriv root bip32 to import into bitcoin core as a descriptor without using iancolam.io, since it is an html file that opens in the browser?

I don't use Bitcoin Core so I don't know the answer to your question. However, you should download the IanColeman tool and use it offline on an airgapped setup. That's the safest and most recommended way to work with it. If you use the tool on an airgapped computer, nothing can leak from it, which isn't the case when you use it on an internet-connected PC.

[BlackHatCoiner]

BIP39 algorithm is open source (is known) and pretty straight forward so it is very easy to implement. This means there isn't a need for a special software written by some super expert programmer to be used. If you know basic programming you can write a tiny script that performs what's needed in BIP39 to convert your seed phrase to a private key.

Nonetheless, people shouldn't be expected to write their own recovery software, no matter how simple it might be. That's recipe for disaster.

Some people may hate me after I say this, but Bitcoin Core isn't a very newbie-friendly bitcoin wallet. BIP39 has been around for a decade, and they could have added support for it. The developers either don't want to, don't see a great need for it, or there aren't enough requests to add it.

Neither of the three. According to this reply from Bitcoin Core developer achow101, it is not considered "safe enough":

BIP 39 is not in Bitcoin Core largely for implementation reasons and because BIP 39 is not as secure as it could be.

The structure of Bitcoin Core's wallet doesn't really allow for BIP 39 to be implemented. The current structure doesn't allow for 512 bit seeds as BIP 39 specifies, and adding it would require some significant changes to the wallet code. Implementing BIP 39 would also require implementation of PBKDF2, although that isn't very hard.

Also, more generally, many Bitcoin Core contributors don't consider BIP 39 to be secure. It uses PBKDF2 which is generally regarded to be a fairly weak KDF so it isn't considered to be good for the secure storage of all of your Bitcoin. Some software (such as Electrum) used BIP 39 in the past but have switched to using their own mnemonic algorithm because of this weakness in BIP 39.

BIP 39 mnemonics have some other issues as well such as version numbering (or rather lack of) and the use of a fixed wordlist. Electrum has documented their reasons for why they don't support BIP 39, and those reasons are the same for Bitcoin Core.

That does not explain why they haven't come up with a similar, more secure standard like Electrum, though.

[pooya87]

That's correct. The reference implementation of Bitcoin called "bitcoin core" doesn't support mnemonic algorithms so if you want to use your BIP39 mnemonic in it you'll have to derive the extended private key (xprv) from that seed phrase and then import that into core using "getdescriptorinfo" command with the desired derivation path.

Some people may hate me after I say this, but Bitcoin Core isn't a very newbie-friendly bitcoin wallet. BIP39 has been around for a decade, and they could have added support for it. The developers either don't want to, don't see a great need for it, or there aren't enough requests to add it. Sure, you can use the master private key instead, but it's even easier with a seed. Bitcoin Core's biggest plus is the full-node feature and being able to use a locally verified copy of the blockchain. Bitcoin Core as a wallet is of secondary importance and isn't for everyone.

Yeah, unfortunately core team hasn't focused on user friendliness as much as we'd like. There are still many things you can only perform through the console by typing commands which is not user friendly at all.

Lack of support for a mnemonic algorithm is one of the missing features. As @BlackHatCoiner said they don't consider it safe enough although I don't agree with the reasoning (PBKDF2 being weak) regarding the quote below from SE I have to point out that Electrum also uses PBKDF2 with the same exact settings as BIP39 (2048 iterations with HMACSHA512), they defined their own algorithm before BIP39 and they use it because of the additional "features" it provides such as a version and a custom word-list not because BIP39 algorithm was weak security-wise.

Also, more generally, many Bitcoin Core contributors don't consider BIP 39 to be secure. It uses PBKDF2 which is generally regarded to be a fairly weak KDF so it isn't considered to be good for the secure storage of all of your Bitcoin. Some software (such as Electrum) used BIP 39 in the past but have switched to using their own mnemonic algorithm because of this weakness in BIP 39.

[Pmalek]

Neither of the three. According to this reply from Bitcoin Core developer achow101, it is not considered "safe enough":

I would say that falls in the 'not want to' category for the reason of the implementation not being safe enough.

Also, more generally, many Bitcoin Core contributors don't consider BIP 39 to be secure. It uses PBKDF2 which is generally regarded to be a fairly weak KDF so it isn't considered to be good for the secure storage of all of your Bitcoin.

Why do they consider it weak from a security standpoint? In other words, how much less secure is it, and are we talking about a worrying threat to a user's coins? A threat that is significant enough to not want to touch it. 

Some software (such as Electrum) used BIP 39 in the past but have switched to using their own mnemonic algorithm because of this weakness in BIP 39.

Electrum's seed system came before BIP39. I think they are two years apart. But the older versions of Electrum used something else for seed generation. The seed versioning system we have today came after BIP39 if I am not wrong. At what point did Electrum use BIP39?

As @BlackHatCoiner said they don't consider it safe enough...

You missed the word "don't" in your post above.

[pooya87]

Why do they consider it weak from a security standpoint? In other words, how much less secure is it, and are we talking about a worrying threat to a user's coins? A threat that is significant enough to not want to touch it. 

Generally speaking PBKDF2 is considered a weak Key Derivation Function because of how the algorithm is designed. For example RFC-8018 suggests that for anything security critical an iteration above ten million should be used (we use 2048 in BIP39).

The reason I disagree with this part is because there is no need for the KDF to give us any security here because we aren't salting user's entered passwords that may be weak, we are just deriving child keys from an already strong entropy.

An iteration count has traditionally served the purpose of increasing the cost of producing keys from a password, thereby also increasing the difficulty of attack.  Mathematically, an iteration count of c will increase the security strength of a password by log2(c) bits against trial-based attacks like brute force or dictionary attacks.

In BIP39 our "password" is the mnemonic which is encoded from an already strong entropy of between 128 to 256 bits. Adding more "security strength" on top of it is not needed.

[Pmalek]

In BIP39 our "password" is the mnemonic which is encoded from an already strong entropy of between 128 to 256 bits. Adding more "security strength" on top of it is not needed.

I agree with this and it seems logical, but I want to point out that I don't possess enough technical know-how to actually know if your interpretation is correct.
BIP39 seeds are a much more user-friendly representation of a long string that can easily be read by humans. Usually, when you add user-friendliness and simplicity to something, you also compromise security to some degree. How much and if any security at all was compromised with the introduction of the BIP39 standard is something for the more technically-gifted to comment on.