What is the general equation for determining the viability of a brute force attack on BIP-39? (Only performing access with pre-image - 12 seed words)

Victor Rayan

8/17/23, 3:01 AM

I'd like to be able to better define the security of a BIP-39 algorithm where I just consider the process of giving me a "seed phrase".

Imagining a scenario where a hacker would try to gain access to existing crypto wallets using the seed phrase as a basis to go through the PK algorithm and obtain the hash of access to the targets' wallets, where the targets could be any user on the network with a balance (it's only this is what a hacker would want, as I see many calculating against a target, forgetting that the target can be more than one, and yes, at least thousands).

So, trying to think about the attacker's view, we can notice that the BIP-39 of Bitcoin or Ethereum for example, both use a dictionary of 2048 words (2048¹² possible combinations), following the algorithm that receives 128 bits of input (let's assume only the case minimalist way to get a string of 12 valid words) generates its hash [... a few more procedures] and then returns the indices of a valid seed phrase, but most likely not related to any wallet with balance. But then, in this case I could just think of the brute force I would have to do with the dictionary to suddenly causally access someone's wallet, but is it really that impractical?

I imagine this equation:

T = estimated seconds to access a user's first card --> What we really want to know.
x = amount of blockchain user whose target cryptocurrency.
a = estimated difference between (2048^12) combinations and valid
combinations generated by BIP-39.
b = attempts per second with seed phrases generated from BIP-39 (by
sequentially inserting multiple bits by 32, totaling 128 for the
BIP-39 function, remembering 2^128 possible combinations)

T = ((2048^12) - x - a) / b

I would like to know if this equation really follows the logic to calculate the viability of an attack of such complexity.

I'm no expert in mathematics, thinking that the problem is essentially mathematics, but I would like to get insights into the correct calculation and some examples of specific machines, how long it would take to access the wallet of any user among all of a network in front of hardware with a capacity of attempts per second.

Thanks.

0 + 0

cryptanalysis

brute-force-attack

cryptocurrency

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What is the general equation for determining the viability of a brute force attack on BIP-39? (Only performing access with pre-image - 12 seed words)

TH: สมการทั่วไปสำหรับการพิจารณาความเป็นไปได้ของการโจมตีด้วยกำลังดุร้ายใน BIP-39 คืออะไร (ดำเนินการเข้าถึงด้วยภาพล่วงหน้าเท่านั้น - 12 คำเริ่มต้น)

RO: Care este ecuația generală pentru determinarea viabilității unui atac cu forță brută asupra BIP-39? (Efectuarea accesului numai cu pre-imagine - 12 cuvinte de bază)

RU: Каково общее уравнение для определения жизнеспособности атаки грубой силы на BIP-39? (Только выполнение доступа с прообразом - 12 начальных слов)

VI: Phương trình chung để xác định khả năng tồn tại của một cuộc tấn công vũ phu vào BIP-39 là gì? (Chỉ thực hiện truy cập bằng hình ảnh trước - 12 từ gốc)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.