== 2024 Bitcoin halving tribute puzzle - Challenge to win 10,000,000 sats! ==

[Ginux]

It's not a simple substitution like that way, so please don't make the mistake of thinking that a=U, r=R, e=U, no, not that game.

It's like, you need a starting point.
Look closely at the two cards and what features each have on the front and the back, and these features will be used to uniquely determine the placement.
However, with an unknown placement, how can we determine which substitute table to use for decoding? This requires a default value.
That is our starting point.

Simplicity is beauty, and by decoding the ciphertext message from this simplest starting point, we can find out from it how the cards were chosen and placed, and how to use this 1-to-4 substitution table.

Then from the 12 possible ways of placement, we choose that combination we need to decode the rest of the cipher message, and since you already know the plaintext, it's easy to verify that the decoding is correct, and that's when you need a little bit of patience, and a little bit of luck.

Me I have one problem I can  understand everything but I have problem with the 6 card it's hard to find a pattern I try many  time but I need to now the first word  and why U equal A
AND ALSO U equal e whyyy

[1714745966]

1714745966

[1714745966]

1714745966

[Ginux]

The good news is that you are on the right track, the better news is that the rule is indeed simple.

Yes, you correctly understood that each index letter corresponds to the four optional substitutions around it, which is the way to counteract the frequency analysis, I use a 1-to-2 substitution table in password management, which has been calculated to prove validity, and I hope this 1-to-4 works better.

Here's a new tip:
Recovering a seed phrase requires information not only about the seed word itself, but also about the order of the words. Usually we write down the words in order, so we ignore the important information about the "position" of the words. If you encode the word's sequential number with the word, then each word and its sequential number form a "block" that can be placed out of order, which is a very important way to write seed phrases in secret.

I say the rule is simple because it uses one or two "blocks" of information about how to choose the cards (even the black ones need to be chosen because I may have several different sets of cards for myself, for different purposes, and sometimes they tend to get mixed up with each other), how to place them, and how to rotate the 4 substitution tables. Based on this information, 11 of the 12 combinations given can just be left alone and the correct one used to decode the remaining information.

No, in fact, these letters contain more information, and as we all know, to record the BIP39 seed phrases, it's enough to record the first 4 letters of each seed word, so we have room to cram in more information that is necessary to perform substitution encryption.

Not entirely sure what you mean in here. Yes, it is enough if we have the first four letters of a word, because they are unique. So, we have more room to introduce information that will obscure these letters? For example, could URU/Yw be "aren" followed by another input that is used in your rule to help us go figure out the next word?

I've been looking at it since yesterday, but it's a loss of time until this point. We know absolutely nothing about your rule. It could be anything, like take the first cipher-letter ('U') and use it to find potential letters that it points given a combination using the silver and black cards (e.g., from the first of the twelve combinations, it points to 'h', 'j', 'n' and 'm'). That's just one of the nearly infinite rules I can think of.

I checked an account under the nostr post you shared, from BitCat, which I presumes is yours, because they're describing a very similar patent of securing passwords. As far as I can tell, it's infeasible to achieve reversal; our only hope is that you've used a "simple" rule, which could be utterly subjective.

[BlackHatCoiner]

The good news is that you are on the right track, the better news is that the rule is indeed simple.

I hope you don't mess with me, and that I'm indeed on the right track.  

If you encode the word's sequential number with the word, then each word and its sequential number form a "block" that can be placed out of order, which is a very important way to write seed phrases in secret.

That's a good point. For example, the word "brisk" comes with position "2". But, what do you mean with "can be placed out of order"? I understand it as "if we have a word and its position, then the order is irrelevant to us". For example, LwE~T1 could be the word "property" along with the position "10".

I say the rule is simple because it uses one or two "blocks" of information about how to choose the cards

OK, so there's more than just word and position. I can think of a third piece of information.

(even the black ones need to be chosen because I may have several different sets of cards for myself, for different purposes, and sometimes they tend to get mixed up with each other)

But, we only have one black card with two sides. Not entirely sure why you would want sets of such cards.

A little bit off-topic, but do you feel confident that having your seed phrase in ciphertext is a wise choice? I think it's extremely unlikely that someone can steal your coins, but with a slight loss of memory, you might get locked out of your funds.

[mohammedlaoui]

okey i ask you about french because why you don t use azerty

i have one that i can solve this how the card works any patterns i see honey but idk

[Ginux]

Your understanding is partially correct in that the 10th word could appear anywhere in the cipher, not just located in the tail.
Why is it only partially correct? Because in a ciphertext of 6 columns x 12 rows, if two rows are taken out to mark the rule, the remaining 10 rows cannot possibly correspond to the 12 seed words.
So it's impossible to use 6 letters for each seed word, right?

That's a good point. For example, the word "brisk" comes with position "2". But, what do you mean with "can be placed out of order"? I understand it as "if we have a word and its position, then the order is irrelevant to us". For example, LwE~T1 could be the word "property" along with the position "10".

This actually comes down to personal habits, I've been using PassCards for quite a few years, and the cards themselves have been iterated through a few versions, and every time I upgrade I change all of my old passwords with the new card, so there are always a few characters in my password rules that are version descriptions, and I've found that it's a good habit to have, so that I can manage my business- and work-related accounts on one card, and my family- and personal-life related ones with another card, and my digital asset accounts with a completely different card.

I'm assuming that there are others out there who have the same habit as I do of using multiple cards/multiple sets of cards for separate purposes, so it wouldn't be a bad idea to add a card identifier to the rules when it comes to secretly writing seed phrases.

But, we only have one black card with two sides. Not entirely sure why you would want sets of such cards.

The answer to this question really varies, and I read a story here named "How do you safely keep your recovery phrase written on paper?". I believe many people, especially newbies, are faced with this choice of keeping their seed phrases so secret that they can't find them themselves many years later, or keeping them all over the place so that they are stolen or discarded by mistake.

Never mind the newbies, I myself have a small safe with backup seed phrases for all my hardware wallets, written down on cards that come with the hardware wallet manufacturers, and I have dozens of these. One day one of my Ledger Nano S's broke, as we all know, the OLED burn-in problem, and I opened the safe and rummaged through a dozen or so cards with different seed phrases written on them, having absolutely no idea which one was the one I needed. The outrageous thing is that the cards didn't even have the Ledger logo on them, I had to use the process of elimination to get rid of those Trezor or Jade backup cards, yet it still didn't help much.

Imagine writing down the name of each wallet in a small notebook, with the corresponding seed phrase below in ciphertext, and then keeping a copy of the CipherCard in your safe with the rules for substitution encryption written on the back of the copy.

You could even keep a picture of the CipherCard in Gmail's drafts folder, the rules in Outlook's drafts folder, and the ciphertext of the seed phrases in the drafts folder of all your email services, and then use another CipherCard to manage the passwords for all your mailboxes.

Doesn't that make sense?

A little bit off-topic, but do you feel confident that having your seed phrase in ciphertext is a wise choice? I think it's extremely unlikely that someone can steal your coins, but with a slight loss of memory, you might get locked out of your funds.

[Ginux]

The cards used in this puzzle have index letters in two layouts, the common IBM keyboard layout and (for those unfamiliar with computer keyboards) the alphabetical layout.

In practice everyone can define any layout to suit themselves, make their own customized cards, and both will work well.

okey i ask you about french because why you don t use azerty

i have one that i can solve this how the card works any patterns i see honey but idk

[BlackHatCoiner]

It's not really hard to derive backwards, the point is to understand the process of going forwards.

It's quite impossible to go from C1 to S1, so I guess going forwards is even more difficult to figure out than that.

So it's impossible to use 6 letters for each seed word, right?

Why not? Say you have 12 rows. In the first two, you use 12 letters to note the rules (as it seems needed). The rest of rows are consisted of 60 letters. Given that we only need the first four letters of each word and its position, we would need 4*12 letters + 12 positions = 60.

But, I think you've said that we need more than just the words and their positions. Right?

Imagine writing down the name of each wallet in a small notebook, with the corresponding seed phrase below in ciphertext, and then keeping a copy of the CipherCard in your safe with the rules for substitution encryption written on the back of the copy.

Again, I can tell the security of this setup. However, I believe it is more complex than needed, and complexity is the enemy of security. I think that a well-setup multi-sig could provide about the same levels of security, but with less complexity.

You could even keep a picture of the CipherCard in Gmail's drafts folder, the rules in Outlook's drafts folder, and the ciphertext of the seed phrases in the drafts folder of all your email services, and then use another CipherCard to manage the passwords for all your mailboxes.

Doesn't that make sense?

In my view, if your setup has to rely on third parties, it isn't an ideal setup.

[Ginux]

When you go from C1 to S1, you don't know nothing.
But when you go from S1 to C1, think differently, what practices would you, as a normal person, employ? I said it's simple and straightforward, but put in a little bit of interference like moving positions as well.

The next step is to verify the most promising approaches one by one, until you find some strings that are related to the topic, and you can be more sure of the remaining hidden information.

It's not really hard to derive backwards, the point is to understand the process of going forwards.

It's quite impossible to go from C1 to S1, so I guess going forwards is even more difficult to figure out than that.

Correct, it's 5 letters for each seed word, not 6 letters, you're one step closer.

But considering that there are 3-letter words, what would you do with them if you were coding them? Add placeholders, use a fixed-length structure? Or add length descriptors and use a variable-length structure?
Maybe try them all?

So it's impossible to use 6 letters for each seed word, right?

Why not? Say you have 12 rows. In the first two, you use 12 letters to note the rules (as it seems needed). The rest of rows are consisted of 60 letters. Given that we only need the first four letters of each word and its position, we would need 4*12 letters + 12 positions = 60.

But, I think you've said that we need more than just the words and their positions. Right?

No, in this scenario, complexity is just the enemy of usability (or ease of use?). As long as it is written on a piece of paper, then the custody of that piece of paper becomes a complex system.

Of course, we have some other methods, such as Shamir's secret-sharing (SSS), such as opening multiple safe deposit box services at banks in different countries, and then putting a copy in each safe deposit box... I'm just offering here another low-cost, unplugged, off-the-grid, third-party-independent solution that allows you to keep more backups, in secret, to prevent loss, damage, or theft, and to reduce the complexity of keeping this piece of paper on which the seed phrases are kept.

Although the process of writing down and restoring is more complicated, after all, it's a low-frequency operation, and that's an acceptable price to pay.

In fact, during the eight years of practice I've used this method to manage my strong passwords, I've encountered the same doubts: simple passwords are enough, to reuse them has no big problem, do you have to take out your PassCard and look up the table, reading a letter and entering it every time you enter a password?

Actually not, I will follow the rule of extracting plaintext when registering a new service account, write down the plaintext on a piece of paper, take out the PassCard, write down the corresponding ciphertext according to the fixed substitution rule, then enter the ciphertext, and then choose to remember the password. Just scribble it off afterward, tear it up, burn it down, and flush it. Since I know the rules are secure, and the software or browser doesn't know about my PassCard or any of the rules, it doesn't make any sense to just get a string of seemingly random characters, does it? It's only when I change devices and log back in or similar scenarios that I need to use the PassCard again to recover my login password, it's a matter of ease-of-use issue, not security one.

Of course, I recognize that a well-designed multi-signature scheme can greatly improve security when spending, but introducing a new co-signer is one more uncontrollable factor, and 3 co-signers with 3 master private keys and 3 seed phrases magnifies the problem of properly and stealthily storing the seed phrases by 3, doesn't it?

Imagine writing down the name of each wallet in a small notebook, with the corresponding seed phrase below in ciphertext, and then keeping a copy of the CipherCard in your safe with the rules for substitution encryption written on the back of the copy.

Again, I can tell the security of this setup. However, I believe it is more complex than needed, and complexity is the enemy of security. I think that a well-setup multi-sig could provide about the same levels of security, but with less complexity.

It's not actually relying on a third party, it's being indifferent to a third party, that's not the same thing, as if I had to lock every seed phrase card into a safe and now I can put it in a desk drawer and just put a piece of paper in the safe that explains the rules. In my experience, managing such a piece of paper can be much easier than managing a bunch of cards. Does it come down to the fact that I'm still relying on the safe?

You could even keep a picture of the CipherCard in Gmail's drafts folder, the rules in Outlook's drafts folder, and the ciphertext of the seed phrases in the drafts folder of all your email services, and then use another CipherCard to manage the passwords for all your mailboxes.

Doesn't that make sense?

In my view, if your setup has to rely on third parties, it isn't an ideal setup.

[satscraper]

From my observations.

OP uses two silver cards. One of them is ended on B4 while the other on 89.

B4 card holds letters in qwerty layout as on typical English keyboard while 89 card keeps letters according to their alphabetic order.  

Characters on silver cards feed message intended for encoding while characters on black card are relevant to digest.

It is very likely that SEED word coming for encoding  is split into two halves and each of two silver card is design to encode its own half. Or those cards are used separately to encode even-numbered and uneven words.

But, it is still unclear for me why silver cards hold special characters and numbers. SEED words don't have any of them.

It is highly likely  that two characters (a few option for this) in digest serves as decoy as OP encrypts only first 4 letters from the SEED.

.

You could even keep a picture of the CipherCard in Gmail's drafts folder, the rules in Outlook's drafts folder, and the ciphertext of the seed phrases in the drafts folder of all your email services, and then use another CipherCard to manage the passwords for all your mailboxes.

.

Hm, wouldn't be better to keep there the one of SSS blobs, encrypted over & above for security with the hardware pgp key? Or even  encrypt with such key the whole SEED.

[Ginux]

Your observation is correct, however B4 and B9 are two sides of the same card, and flipping this card causes a slight change in the position of the through-hole, so moving the two cards will produce different combinations.

The index letters on the silver card, which correspond to the plaintext, and the letters on the black card are the results of substitutions, and for each definite combination there are four possible substitution results for each plaintext letter.

Following the simple rules of this puzzle setup, once one side of the silver card has been selected to be used as a mask, and a particular combination placed on the black card has been determined, there is no longer any need to consider the other side of the card, or any other possible combination. The combination determined by this picture can then be used to translate between plaintext and ciphertext.

As for the issue of special characters, as mentioned earlier, this card/set was originally designed to manage strong passwords, so as many characters as possible were retained that could be entered directly via the keyboard.

From my observations.

OP uses two silver cards. One of them is ended on B4 while the other on 89.

B4 card holds letters in qwerty layout as on typical English keyboard while 89 card keeps letters according to their alphabetic order.  

Characters on silver cards feed message intended for encoding while characters on black card are relevant to digest.

It is very likely that SEED word coming for encoding  is split into two half and each of two silver card is design to encode its own half. Or those cards are used separately to encode even-numbered and uneven words.

But, it is still unclear for me why silver cards hold special characters and numbers. SEED words don't have any of them.

It is highly likely  that two characters (a few option for this) in digest serves as decoy as OP encrypts only first 4 letters from the SEED.

Unplugged is a better option for seed phrases, I mean, of course there are other options to generate seed phrases, but when saving them, write them down and don't give them to any electronic device, you should know that even just taking a picture of a note with a seed phrase written on it with your cell phone is extremely risky behavior. Not to mention that in certain circumstances, you can't decrypt/unzip an electronic copy of the seed phrases on a device you can trust.

.

You could even keep a picture of the CipherCard in Gmail's drafts folder, the rules in Outlook's drafts folder, and the ciphertext of the seed phrases in the drafts folder of all your email services, and then use another CipherCard to manage the passwords for all your mailboxes.

.

Hm, wouldn't be better to keep their the one of SSS blobs, encrypted over & above for security with the hardware pgp key? Or even  encrypt with such key the whole SEED.

[Cricktor]

@Ginux
There's a forum rule that says: consecutive posts within less than 24h are not allowed. You can edit your last post and there's absolutely no need to post consecutive replies in your own thread or in other.

A moderator might not appreciate your somewhat deliberate posting style. Don't know if and how much trouble this could bring you, but I read a bit between the lines that you're trying to test a "product" you came up with.

[satscraper]

,,

Unplugged is a better option for seed phrases, I mean, of course there are other options to generate seed phrases, but when saving them, write them down and don't give them to any electronic device, you should know that even just taking a picture of a note with a seed phrase written on it with your cell phone is extremely risky behavior. Not to mention that in certain circumstances, you can't decrypt/unzip an electronic copy of the seed phrases on a device you can trust.
[,

I trust my Tails with blocked communication drivers thus I can do encryption/decryption on any device, all I need is to insert to USB port my Tails flash drive.

Even if someone will get (somehow) my pgp encrypted SEED, which is hold in password manager, (again protected with hardware key) in persisted volume protected with composite password part of which  on the    security key,  he still need to get my pin-protected (only 3 wrong attempts allowed) pgp card to decrypt it. Triple  safeguard  as you can see.

[BlackHatCoiner]

But when you go from S1 to C1, think differently, what practices would you, as a normal person, employ? I said it's simple and straightforward, but put in a little bit of interference like moving positions as well.

I can think of nearly infinite "simple" ways, that's the problem.

Correct, it's 5 letters for each seed word, not 6 letters, you're one step closer.

Your wording is a little ambiguous. Do you mean that it's five the letters that reveal information about the seed word and one letter that's irrelevant to the word? For example, the first four characters of the word, and one character for its position ("aren1"). This is what I understand so far. First five are related with the word, and the last one perhaps has to do with the silver card placement.

It's not actually relying on a third party, it's being indifferent to a third party, that's not the same thing, as if I had to lock every seed phrase card into a safe and now I can put it in a desk drawer and just put a piece of paper in the safe that explains the rules.

The difference is that the drawer and safe are yours, whereas if Google decides to ban your account, or even shut down their Drive service, you can no longer access the data.

[Ginux]

Thank you for your reminder. However, as far as I recall (and it might just be a problem with my memory), there isn’t a 24-hour limitation rule on this forum. Considering that I am serious about replying to each friend who participates in the discussion and seldom post unnecessary replies to myself, it would be hard for the moderators to mistakenly think that I am trying to artificially boost the thread’s position on the forum. Moreover, it’s clearly difficult to add replies to new questions by editing past content.

You are right about one thing. I created this puzzle hoping to engage more people to validate my idea. Indeed, I am looking for individuals who enjoy brute-forcing, or are familiar with AI tools, or have significant computational power to approach this from different angles. If testing proves the security of the multi-table substitution method, I will share the principles behind this method as a reward. Everyone will then be able to create their own tools, not necessarily for encrypting seed phrases but for managing various passwords in everyday life. This is not a patent or product that could be sold; at least, I don’t see any profit model for it at the moment. It’s just a shareable thought process, and I don’t think this will displease the moderators since everyone appreciates valuable contributions.

Of course, everyone has their own judgment standards. As you said, if the moderators don’t like my style of communication or don’t recognize the value of this method, that’s beyond my control. It will be what it will be. Once again, thank you for your kindness.

@Ginux
There's a forum rule that says: consecutive posts within less than 24h are not allowed. You can edit your last post and there's absolutely no need to post consecutive replies in your own thread or in other.

A moderator might not appreciate your somewhat deliberate posting style. Don't know if and how much trouble this could bring you, but I read a bit between the lines that you're trying to test a "product" you came up with.

[mohammedlaoui]

Can you give a way to know what the letter is using the card? I mean, how do I extract the meaning of the symbols, letters and numbers from the silver card, or rather how the card works? It looks like a beehive. How does it work? If it was a table, it would be easier. Explain more. 

[Cricktor]

...

These are likely relevant rules #13 and #32 from Unofficial list of (official) Bitcointalk.org rules, guidelines, FAQ

...
13. Bumps, "updates" are limited to once per 24 hours per thread. Bumping multiple threads at the same time is allowed if it's not annoying. ^[2][e]
...
32. Posting multiple posts in a row (excluding bumps and reserved posts by the thread starter) is not allowed.
...

Examples:
...
13. According to a personal message from the head admin, theymos:

The strong guideline is 1 bump per 24 hours per thread. Additionally, bumps should not be annoying, which needs to be determined subjectively. If a user bumps 10 threads every day, that's annoying. If a user bumps 3 threads at the same time for some good reason, then this may not be annoying.

I understand those rules that you have to wait for at least 24h before you can bump a thread (where bumping might be just a post with "bump" in it as the last reply and it would be allowed as a consecutive post after one of your own. Similarly I see an "update" post as a new reply to the thread with new content or reply to a previous other user's post allowed after 24h even if it is a consecutive post of your own.

Rule #32 alone would be pretty strict as it imposes no time delay at all. As you can always edit your own posts, you can always add additional replies to other user's posts. Technically there's no need to post replies in consecutive own posts, it's just ignorance or lazyness or inability to use the forum properly.


Anyway, when you reply or edit your last post in a thread you always have the option to insert quotes from the last about twenty recent posts of the thread, see Topic Summary below edit box and Insert Quote links.

You're free to interpret the forum rules yourself...

[cy4ok]

It's possible to find substitution rule without bruteforce and AI? How “simple” is this substitution rule?

I have several guesses (one replaces the other) how to find out starting position:
1. URU (first 3 letters) and 5ef (last 3 letters) are indicate the position of the silvercard and maybe what exact black card use (as you write before). But if it so, then first and last line have only 3 letter for word. One of them can be "cat", but what can be second word from what ciphered 3 letters instead of 5, if that guess is right...
2. Two last symbols in first row (Yw) are indicate the position of the silvercard that can mean "w=Y". But if this guess right, it can't be used for S2, cause I can't see where "3=5"

Also in 7 and 8 row we can see 3 same letters in same order. If for each row used same substitution rule - it's strange. Cause we haven't 2 words that have 3 same letteres in the same positions, except "cat" and "cattle", but if 7 and 8 row chipered "cat" and "cattle" why second "t" from "cattle" is presented like "J" or "5", if substitution rule is same for each row  ... And also if I right that 7 and 8 row contains this words that mean that first letter from row is show us position

[marleen01]

Thanks for the challenge! It's been a blast trying to solve it for the past 2 days. There's so many pieces of information we can think of, although connecting them all together is quite difficult.

One thing that I'm struggling with, do we actually know the plaintext S1? If the words have letters omitted from them, if there's symbols and numbers that can mark the word orders, extra obfuscation characters for more security, and if everything is in a securely random mixed position, doesn't that make S1 different from the actual plaintext? Or should we assume that the substitution rules involve those changes in positions, how to place marker numbers for the order (if there's one), going by the 12 word seed phrase in order?

"arena brisk seminar..."

Do we actually start with the seed phrase to end up with the C1, or is there arbitrary personal choices involved BEFORE applying the rules to substitute, that is out of cards' reach? I believe if the latter is the case, then it's much more difficult. I'm not sure if its unsolvable, but this "starting point" is really important.

Either way, I constantly find new things to try and connect them. It raises some important questions about how such a product might work, for better or worse.

[BlackHatCoiner]

One thing that I'm struggling with, do we actually know the plaintext S1? If the words have letters omitted from them, if there's symbols and numbers that can mark the word orders, extra obfuscation characters for more security, and if everything is in a securely random mixed position, doesn't that make S1 different from the actual plaintext?

But, he tells you that S1 is a seed phrase, and particularly this one:

Code:

arena brisk seminar tool risk cat despair repeat seat property cattle later

Maybe I didn't understand exactly what you meant, but I cannot see the doubt of what's S1.

Do we actually start with the seed phrase to end up with the C1, or is there arbitrary personal choices involved BEFORE applying the rules to substitute

As far as I can tell, there's an arbitrary choice to which he refers as a "starting point", and information about this is onto the cards. And it normally has to happen at first, so yes, before everything else.

Edit: But, don't take my word for it. Let's wait and see what he has to say.

[marleen01]

One thing that I'm struggling with, do we actually know the plaintext S1? If the words have letters omitted from them, if there's symbols and numbers that can mark the word orders, extra obfuscation characters for more security, and if everything is in a securely random mixed position, doesn't that make S1 different from the actual plaintext?

But, he tells you that S1 is a seed phrase, and particularly this one:

Code:

arena brisk seminar tool risk cat despair repeat seat property cattle later

Maybe I didn't understand exactly what you meant, but I cannot see the doubt of what's S1.

Do we actually start with the seed phrase to end up with the C1, or is there arbitrary personal choices involved BEFORE applying the rules to substitute

As far as I can tell, there's an arbitrary choice to which he refers as a "starting point", and information about this is onto the cards. And it normally has to happen at first, so yes, before everything else.

I mean, IF some part of the plaintext actually looks like this, I'm just making this up by giving an example:
to4ol%.
1prop0e#
se@mi3n
....
Upon deciphering a part of the given C1, you could see there's tool 4, prope 10 (for property), semin 3 (for seminar), and that would be enough for you to make out the rest of your 12 word seed phrase (given that you decipher the rest of the cipher blocks).

If the plaintext looks like above, then the challenge immediately becomes even harder, even to figure out how to go backwards. This would mean we are working with a more obfuscated, altered, reordered, and with missing parts of the actual plaintext (if smaller number of letters are used for each word).