One option to create a distribution, 2-of-3 backup of your seed phrase ABC is to retailer the next in three separate locations:

Any two of those lists is adequate to reconstructed all the seed phrase. Seed Phrase Raid-5 is a pleasant enchancment on this system. Within the instance given above, an attacker who uncovers one of many three data (say, AB) already has 2/3 of the total seed phrase. The innovation of Raid 5 is to divide your seed phrase into solely two items and compute X = A ^ B (XOR). Then if you happen to lose both A or B (however not each) and nonetheless have X, you may get the misplaced piece again with a easy XOR.

The straightforward option to generate A and B for this function is solely to cut your 24 phrase seed phrase in half, and this makes restoration the unique full seed phrase a trivial concatenation if in case you have each A and B. Nevertheless:

1. Neither A, B, nor X will on the whole have a sound checksum (if you happen to care)
2. A and is totally random, whereas all the checksum for the 24 phrase phrase will get put into B (because the checksum is within the final phrase of the unique seed phrase)

My query is, does #2 matter? It is solely 8 non-random bits in B, but cryptology appears filled with examples the place little cracks like this find yourself having massive implications.

It may be tempting to say that we’re merely caught it doesn’t matter what the reply, however there may be another: to compute the 256 bit entropy from the unique seed phrase and divide it into two 128 bits items, e1 and e2. Then we let:

• A = mnemonic(e1)
• B = mnemonic(e2)
• X = mnemonic(e1 ^ e2)

Now A and B each comprise 128 random bits, B comprises no checksum details about A, and as a bonus A, B, and X are all legitimate 12 phrase seed phrases. Nevertheless, the mnemonics A and B can not be used to reconstruct the unique seed phrase through easy concatenation. It’s important to convert them to entropy and concatenate the entropy as an alternative.

For instance, https://github.com/julianbuettner/seed-phrase-raid-5 considers the seed phrase affected person wall rural drink sleep faculty scatter twin sibling denims panda frog imagine vibrant main bonus autumn preliminary common soul bizarre child ecology common. If we merely XOR on by phrase foundation, we get X = bear in mind turkey desk foil setup insurgent enter cave direct grit sunny fancy. Nevertheless, if we will the extra sophisticated method of slicing the entropy in half we get

• A = affected person wall rural drink sleep faculty scatter twin sibling denims panda fruit (observe this differs from the unique beginning within the last phrase, the place the checksum info lies)
• B = mule fade anchor cowl rail robust win hole take a look at a lot love summary. Notice this appears to be like nothing just like the second half of our authentic seed phrase
• X = core polar take away earnings knock blood depth maple shirt commerce model pal

The second method is extra sophisticated and can’t be carried out on paper. Does it provide a meaingful safety benefit over the primary?