Score:1

Number of Legitimate Bitcoin Wallets from unsequenced set of 24 Words

ch flag

If someone found a scrambled BIP-39 24 word sequence how hard would it be to determine the correct sequence that yields someone's wallet.

Are there multiple different unique sequences of the same 24 words that will determine different bitcoin wallets?

How many?

Thanks

Maarten Bodewes avatar
in flag
What is "scrambled"? Do you mean reordered randomly? In that case $24!$ giving about 80 bits of security - assuming that there are no duplicates in there. If dupes are allowed things get complex...
Score:1
sa flag

If you have $n_1$ copies of word $W_1$, $n_2$ copies of word $W_2$, and so on with $n_k$ copies of word $W_k$ and $n_1+n_2+\cdots+n_k=n,$ then there are exactly $$ \frac{n!}{n_1! n_2 ! \cdots n_k! } $$ orderings of these words. For you, $n=24,$ and say you had 2 words repeated three times $n_1=n_2=3,$ and the rest of the words were unique, thus $n_3=\cdots=n_{20}=1.$ This number would be $$ \frac{24!}{3!^2} $$ which divides the original quantity by $3!^2=36$ or results in a reduction of a bit more than $5$ bits of security since $\log_2 36\approx 5$ over the 80 bits quoted in the comment to your question. See the linked notes for a full explanation.

Edit: in response to the comment below from Aman Grewal, from a discussion elsewhere it seems that the checksum is between 4 (for 12 words) and 8 (24 words) bits. Assuming this is the case, we can just subtract 8 bits from the security parameter in bits for the version of the question here. Thus, to be concrete $$ \mathrm{Security~ in~ bits}\approx \log_2(24!/36)-8\approx 65.86~\mathrm{bits}. $$ The moral is don't repeat words.

https://sites.math.northwestern.edu/~mlerma/courses/cs310-05s/notes/dm-gcomb

Aman Grewal avatar
gb flag
The last word is partly a checksum. I wonder if there's any way to take advantage of that.
kodlu avatar
sa flag
If it was fully a checksum, you'd just remove it from consideration. Not sure what "partly a checksum" means?
Salil Gupta avatar
ch flag
@kodlu, i thought the fact that the last word is a checksum means that not all sequences of the 24 word set will determine valid wallets. So, if no words are duplicates, it's still In fact much less than 24!
kodlu avatar
sa flag
This is part of the answer already. An 8 bit checksum, being linear, validates one out of every $2^8$ possible last words, hence the subtraction of 8 in the updated answer.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.