feat: add Mnemonic XOR (SeedXOR)#727
Conversation
qlrd
force-pushed
the
feat/seedxor
branch
2 times, most recently
from
39cbcfd to
80224ef
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #727 +/- ##
===========================================
+ Coverage 97.02% 97.06% +0.03%
===========================================
Files 80 82 +2
Lines 10299 10395 +96
===========================================
+ Hits 9993 10090 +97
+ Misses 306 305 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
qlrd
changed the title
qlrd
force-pushed
the
feat/seedxor
branch
5 times, most recently
from
518302c to
13be4fa
Compare
|
Played with this today, I like the flow. Used 3 XORed mnemonics to get to a my expected 4th, and was able to remove one or more to get back to a prior mix(es). |
qlrd
force-pushed
the
feat/seedxor
branch
13 times, most recently
from
769fc17 to
05b6742
Compare
|
I'm not sure I understand why MaixPy has changes. Please verify that this is intended, I suspect that this branch is pointing to an older MaixPy. I like that there is a check for the result of another XOR not altering the mnemonic (as if someone used all 0x00s "abandon " * 11 + "about"). Shows error ValueError('XORed mnemonic didn't changed') I'm wondering if it could also be useful (to avoid confusion and silly errors) to also check for:
Attentive users could notice that the new mnemonic is low entropy, but those with hide-mnemonic turned on couldn't. Similarly, these 3 (or 4) checks could be done earlier, instead of waiting to see what the result of the xor will be, simply by using the arguments passed into xor and failing early.
I play with the following for testing: |
I think was a mistake when pushing. Maybe forgot to make submodules stuff. I will check that |
Amazing observations. I will try that and update the PR. |
This commit add test cases to be compliant with coldcard specification, mostly with 12w/24w with "parts" each (the result mnemonic was derived from another 3 mnemonics that are XORed).
This commit applies i18n for `Mnemonic XOR` menu entries as well messages and prompts.
qlrd
force-pushed
the
feat/seedxor
branch
2 times, most recently
from
c231ab8 to
2a18e31
Compare
This commit add a entry to docs in `docs/getting-started/features/mnemonic-xor.en.md` explaining why we choose `Mnemonic XOR` term instead `SeedXOR`, the overall algorithm's perspective and the usage on krux firmware.
should we add on docs the test vectors showed by @jdlcdl (from CC docs)? |
Test vectors that ensure compatibility are good to be added on tests. But I wouldn't use the same example on docs. |
All tests are made with CC mnemonic vectors (12 and 24 words) |
|
Tested live on device with test vectors |
I've tried as well this morning, on Amigo. |
| @@ -0,0 +1,82 @@ | |||
| # What's the Mnemonic XOR? | |||
|
|
|||
| It's a implementation of [XOR logical gate](https://www.geeksforgeeks.org/digital-logic/xor-gate/) to operate, indefinitely, an [exclusive OR](https://en.wikipedia.org/wiki/Exclusive_or) upon a loaded mnemonic, based on [Coinkite's SeedXOR](https://github.com/Coldcard/firmware/blob/master/docs/seed-xor.md). | |||
There was a problem hiding this comment.
suggest:
Compatible with Coinkite's SeedXOR, this feature applies the binary-XOR operator between entropy bytes of your loaded mnemonic and another, resulting in -- and optionally loading, a new mnemonic which acquires an interesting lossless hiding attribute from the XOR operation.
|
|
||
| # How it works | ||
|
|
||
| To derive a new mnemonic (and thus, a new seed) from other mnemonics, an operation occurs with the **mnemonic's entropy bytes**. |
There was a problem hiding this comment.
suggest:
XOR is an operation that takes two independent 0 or 1 inputs, and results 1 if both are the same 0 if they are different.
Mnemonic XOR effectively masks your loaded mnemonic with another, resulting in a new mnemonic that can restore either of its input mnemonics by providing the other input mnemonic.
Using BIP39 entropy-bytes between two mnemonics, XOR is applied to each bit so that the result is the set of both entropy-bytes. This can be repeated with more unique mnemonics, indefinitely, and each of its input mnemonics can be restored from the result by providing all of the other input mnemonics. We can XOR mnemonic A with B, creating C, and then we can XOR mnemonic C with A to restore B -- or with B to restore A.
|
|
||
| <img src="../../../img/mnemonic_xor.png" align="center"> | ||
|
|
||
| - We get two different mnemonics (A and B), extract their *entropy bytes*; |
There was a problem hiding this comment.
- Using entropy bytes of two independent mnemonics A and B,
| <img src="../../../img/mnemonic_xor.png" align="center"> | ||
|
|
||
| - We get two different mnemonics (A and B), extract their *entropy bytes*; | ||
| - validate the input entropies to avoid useless or dangerous operations: |
There was a problem hiding this comment.
- validation of each input mnemonic's entropy-bytes,
| - validate the input entropies to avoid useless or dangerous operations: | ||
| - `A XOR B = A`: it will not change the XORed mnemonic; | ||
| - `A XOR B = A'` where `A'` is a "inverse" version of `A`; | ||
| - once the inputs are checked, krux will apply a XOR between the *entropy bytes*; |
There was a problem hiding this comment.
- apply binary XOR between the input mnemonics' entropy-bytes,
| - `A XOR B = A`: it will not change the XORed mnemonic; | ||
| - `A XOR B = A'` where `A'` is a "inverse" version of `A`; | ||
| - once the inputs are checked, krux will apply a XOR between the *entropy bytes*; | ||
| - validate the output entropy (same as above); |
There was a problem hiding this comment.
- validate resulting output entropy bytes,
| If `A XOR B = C`, then `B XOR C = A`. | ||
|
|
||
| - **A**: Your original mnemonic (the secret to protect); | ||
| - **B**: A newly generated, random mnemonic (Share 1); |
There was a problem hiding this comment.
- B: Another backed-up, random mnemonic;
|
|
||
| - **A**: Your original mnemonic (the secret to protect); | ||
| - **B**: A newly generated, random mnemonic (Share 1); | ||
| - **C**: The resulting mnemonic from the XOR operation (Share 2). |
There was a problem hiding this comment.
- C: The resulting mnemonic from the XOR operation
|
Great work @qlrd ! Thank you! |
4 participants
What is this PR for?
This PR add an entry to
Backup Mnemonics > Other formatsmenu as well add a new page class tosrc/krux/pages/seedxor_uicalledSeedXOR. This class allow to choose between 2 up to 4 shares, add entropies from camera to the new shares as well show the mnemonic shares.Close #384.
Changes made to:
Did you build the code and tested on device?
What is the purpose of this pull request?