Did you know that both 12 and 24 word mnemonic phrases offer the same level of security in terms of protecting your private keys?
It’s hard to believe, I know. Let me break down why 👇
It’s hard to believe, I know. Let me break down why 👇
It depends how you define ‘level of security’.
I am referring to the amount of time or resources required by an attacker to get your keys.
If protocol A takes an attacker 4hrs to get your keys and protocol B takes 24hrs to access your keys then protocol B is more secure.
I am referring to the amount of time or resources required by an attacker to get your keys.
If protocol A takes an attacker 4hrs to get your keys and protocol B takes 24hrs to access your keys then protocol B is more secure.
In Bitcoin the security is largely defined by the cryptography used.
In Bitcoin’s case we use elliptic curve cryptography to define keys and calculate signatures.
There are known algorithms that can compute a private key from a public key in roughly 2^128 operations.
In Bitcoin’s case we use elliptic curve cryptography to define keys and calculate signatures.
There are known algorithms that can compute a private key from a public key in roughly 2^128 operations.
We know regardless of the protocol we use an attacker can get our keys in roughly 2^128 operations.
How many bits of entropy do different length mnemonics provide?
A 12 word mnemonic provides 128 bits while a 24 word provides 256 bits.
So what does this mean for security?
How many bits of entropy do different length mnemonics provide?
A 12 word mnemonic provides 128 bits while a 24 word provides 256 bits.
So what does this mean for security?
We can decrease our security by using less than 128 bits of entropy.
If we use a 6 word mnemonic with 64 bits of entropy then instead of having to perform 2^128 operations to reverse our public key they can just iterate the 2^64 bits of entropy to get our key.
2^64 < 2^128
If we use a 6 word mnemonic with 64 bits of entropy then instead of having to perform 2^128 operations to reverse our public key they can just iterate the 2^64 bits of entropy to get our key.
2^64 < 2^128
What if we use more than 128 bits?
If we use 256 bits of entropy (24 words) when generating our seed then it will take an attacker 2^256 steps to find our seed which is indeed more than 2^128.
However, the attacker can still just perform the 2^128 steps using your public key.
If we use 256 bits of entropy (24 words) when generating our seed then it will take an attacker 2^256 steps to find our seed which is indeed more than 2^128.
However, the attacker can still just perform the 2^128 steps using your public key.
The core idea is that while you can add entropy to your seed, you can never increase the number of steps it takes an attacker to calculate the private key from your public key.
You can sort of think of it as:
security = min(2^(bits of entropy), 2^128)
You can sort of think of it as:
security = min(2^(bits of entropy), 2^128)
However, it turns out that in practice the algorithms to compute a private key from a public key have significant cpu and memory trade-offs meaning it would likely take longer to do than to iterate all the private keys with 128 bits of entropy.
So while in theory using more than 128 bits of entropy when generating your seed won’t make it more secure, in practice it might help a little bit.
Regardless, it’s important to understand that 128 bits of entropy is plenty secure and your Bitcoin is safe.
Regardless, it’s important to understand that 128 bits of entropy is plenty secure and your Bitcoin is safe.
I hope this helped you understand a little bit more about the security of your Bitcoin in relation to the length of your mnemonic phrase.
Note: credit is due to the ultimate Bitcoin wizard @pwuille for explaining this concept. pls clarify if I misspoke.
Note: credit is due to the ultimate Bitcoin wizard @pwuille for explaining this concept. pls clarify if I misspoke.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
