Reddit Posts
All bip39 words on 2048 limited edition handmade mugs
A Fork of CLN Implemented Eltoo Useful for Channel Factories Available for Testing
Need Help Deriving Extended Private Key from Bitcoin Root Extended Public Key and Non-Hardened Extended Private Key
Is it normal for the majority of your seed words to start with the same letter?
Need Advice with Crypto Wallets - Hardware vs Mobile Wallets
Entropy: only 121 bits (vs 128) on Blockstream Jade using dice rolls?
Backing up and recovering wallet - seed phrases, private keys, extended private keys, eh???
Best method of long-term cold storage for life-changing amounts?
BIP39 misalignment? Mnemonic vs. Decimal vs. Binary seeds
Mining ALL remaining bitcoins in less than two weeks (difficult adjustment)?
How to make a new wallet address with my own selected BIP39 words
Import private keys from BIP39 paper wallet with passphrase
12 word BIP 39 >> Hardware Wallet - What are the options?
Malware and scams I should be on the lookout for
What happens if Bitcoin price gets high enough, such that it becomes necessary to go ahead and take it to the 9th decimal place? Can that be done w/ backward compatible SF, or is a HF req'd? Can someone with knowledge detail the process? Can't seem to find answers on this researching around...
how to manually encrypt your BIP39 seedphrase with an additional cipher?
Can the BitBox02 show a wrong seedphrase (BIP 39 wordlist)?
What if they planted a bug into BIP 382, which makes it possible to increase block rewards?
Enhancing Bitcoin Security: A BIP39-Compatible Vernam Encryption Approach for Safeguarding Recovery Phrases
Stacking has crept up on me and now I need to upgrade my storage
Any open source, encryption based, 3/5 multi factor wallet already available? If not, can this be developed?
Is it a security risk if your wallet’s extended fingerprint (xfp) has been exposed?
FINCEN MegaThread | Do Not Give Them Your Silent Consent | Remember Remember The 5th of November | Support Bitcoin Privacy
Thoughts on BIP 324 and the increased anonymity of using bitcoin.
ELI5 - What if Ledger or Trezor stops working?
Tutorial: How to use normal (non Casino-grade) dice to generate a seedphrase
Bitcoin Is About To Become More Secure With BIP324
This page offers a comprehensive overview of BIP-329, proposed by Craig Raw, creator of Sparrow Wallet. You'll find information about the current status and adoption progress, highlighting the significance of this proposal.
Coinplate has a BIP39 seed phrase recovery tool.
Walk down the memory lane: Blocksize wars and the Bitcoin XT controversy
How Much a Spot Bitcoin ETF Can Affect The Price - The Bad Version
Can one secret phrase (eventually) access any wallet?
Do you know that you don't need hardware wallets for cold storage?
I made a descriptive post of every item that you can purchase using candies from Coingecko so you do not have to look
How CTV (BIP 119) Could Create Channel Factories for Casual Users
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
BIP-300 biff: Debate reignites over years-old Bitcoin Drivechain proposal
The WW2 German Enigma cipher machine has 158,962,555,217,826,360,000 different possibilities (nearly 159 quintillion). The BIP39 seed phrase word list contains 2,048 words, so a 12-word crypto seed phrase has about 2 to the power of 132 possible combinations. That’s 2 with 132 zeroes after it.
"NO" | Rejecting BIP300 Drivechains | Featuring Saifedean Ammous | Bitcoin Standard Author
"NO" | By Saifedean Ammous | Two Open Letters Rejecting BIP300 Drivechains | Voiced by FEEeACH
Why Blockonomics endorses DriveChains (BIP300-301)
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
🔴LIVE | BIP 300 Debate | Drivechain Softfork Dynamics | @BITC0IN
Stumbled on BIP-300: a potential game-changer or just buzz?
There are 2048 possible words that comprise your seed phrase and each of these corresponds to a number in the BIP39 list. Reminder that it’s possible to convert the phrase to numbers for seed storage.
Bitcoin Drivechain Proposal (BIP300) Debate
Holding crypto is not likely to get any more convenient, and it is an inherent problem of self-costody.
COLD STORAGE: Comparing the Best Cold Storage Wallets for 2023
Yesterday was my first time encountering the word 'Satoshi' in a seed phrase. Did you know it was in the BIP39 word list?
What's your self-custody strategy? Do you keep a backup hardware wallet on hand?
BIP300/301 and Drivechain talk with Paul Sztorc and Austin E. Alexander
PSA: Severe Libbitcoin Vulnerability. If you used the "bx seed" command to create seeds/private keys, Immediately move related funds to a different secure address.
In theory, instead of creating a new wallet and memorising the seed, can I just choose words that are easy to remember and generate a wallet from that?
Importing BIP-84 key in Electrum giving wrong address
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
What is a BIP-39 seed phrase -- a few tips for handling your seed words safely
Keeping KYC & Non-KYC utxos in the same Multi-Sig wallet: will there be a way of these utxos being linked?
Mentions
The NVMe makes a massive difference. It usually takes around 3 days on an SSD. Spam used a Bitcoin compromise in Taproot in 2023. You should see the syncing speed slow right down once you get to 2023, when you start syncing that spam. People are trying to fix the compromise at the moment with something called BIP-110. Think about running this if you want to help Bitcoin. https://bip110.org/howto/#umbrel If you don't want to run BIP-110, then please use Bitcoin Knots for your node software. https://apps.umbrel.com/app/bitcoin-knots Please don't use Bitcoin Core. It has a vulnerability that allowed spam after 2023.
That's true they were early, but I thought it was later than that. ChatGPT now tells me it was "late in 2014" so either way BIP39 could be what OP has! Thanks
BIP39 probably doesn't apply, but the first three words are in on the BIP39 list. The word Maxims could be "Maximum" which is on the list and the final word could be coin can or chain
Mycelium was actually one of the first wallets to adopt the BIP39 seed standard back in 2013 👍
Yes it is safe, BIP39 requires all the words to be able to recover as the final word is a checksum for the full seedphrase.
First Step: 18 word seed is BIP39. Check the 2048 Word wordlist, you may have just written the first word wrong. Wordlist: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
I wouldnt trust any specific brand recommendations off of Reddit tbh. Hardware wallet can possibly be good though, despite Ledger previously having a leak. I still hold mine on a Bitcoin Core wallet on old Windows XP hard drive Ive had since 2012. That was before security phrases (BIP39) so, its probably harder to brute force.
Wallet software uses a checksum to ensure the order of your words is random, BIP39 uses a 2048 word list. If your words aren’t on that word list and the order also random, your choice will fail a checksum and the wallet won’t generate a seed. He’s warning against something that wallet software prevents from happening in the real world.
To be honest I'm not even convinced the pseudo-random-language-construction argument holds much water when the interval is pages. Like, every third page, order ascending by one each time (first word on first page; second word on third page; third word on fifth page; etc.)--that's perfectly easy for you to remember but I have a very hard time believing the resulting word selections would be in any meaningful way linguistically non-random (other than to the extent that they're most likely all from English, which the BIP-39 words are already anyway). TL;DR I agree with you.
Oh, I don’t need to do that. It’s far simpler and easily verifiable by you and anyone else for that matter. A standard BIP39 uses a 2048 word list. When you create a seed phrase it requires a specific check-sum. If your word selection is vulnerable, which is what you were warning about in your original comment, the wallet rejects them and will continue rejecting your choices until the 24 words are not only in the word list but ordered in an acceptable way to create the phrase and satisfy the criteria for the checksum. Your entire premise of a 24 word list being vulnerable, whilst true on paper, is in practical terms complete crap. The wallet won’t allow a vulnerable word list to be used to create your seed. That’s how it actually works in real terms. Feel free to verify and donate a sum of your choice to a registered charity of your choice. Nice try though, just not applicable in the real world is it?
My BIP citation could easily be incorrect, thank you for the correction. However, when you stop using a key, what do you do? Destroy all copies of it? It would seem foolish of me to think I could never make a mistake and send funds to it from an exchange, my node, or a saved address in software. Not to mention someone else using it from a tip page archive on the wayback machine, a friend who saved the address in THEIR wallet with my contact information, etc, etc.
I did think it through long enough to wonder what the hell you were doing that would surface an old address, thus the question. I think you mean BIP-34 (Hierarchical Deterministic (HD) Wallets) not BIP-39 (Mnemonic code for generating deterministic keys). You don't "archive" a public key. You just stop using it. Now you have your answer :)
I'm sure if you thought it through, you'd think of a scenario. With the age of some of the wallets I have saved, there is no "generate an address for an old wallet" as they pre-date BIP39. For your last question, that's precisely MY question.
What the others said but also you can't just randomly combine 12 or 24 BIP-39 words and derive a valid private key. A portion of the final word is a checksum. Use AI to ask about how it works to better understand.
The numbers A 24-word BIP39 seed phrase encodes 256 bits of entropy, but the last word is a checksum — so: 23 words = 23 × 11 bits = 253 bits of randomness The 24th word's 11 bits are: 3 bits chosen freely + 8 bits as checksum Total entropy: 256 bits (253 random + 3 from the last word's "free" portion) Checksum bits: 8 So if you type in 23 random words plus a random 24th, the chance the checksum matches and the phrase is valid is roughly 1 in 256 (because of those 8 checksum bits). That part is doable — you'd hit a valid phrase every ~256 tries. But "valid checksum" ≠ "wallet with funds" Here's where it gets crazy. A valid 24-word phrase opens some wallet — there are 2²⁵⁶ possible wallets. Almost all of them are empty addresses no one has ever used. The number of Bitcoin wallets ever funded is, generously, a few hundred million — call it ~10⁹ (a billion). So: Total possible wallets: 2²⁵⁶ ≈ 1.16 × 10⁷⁷ Funded wallets: ~10⁹ Chance of randomly hitting a funded one: ~10⁹ ÷ 10⁷⁷ = 1 in 10⁶⁸ That's 1 in 100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000. To put 10⁶⁸ in perspective Atoms in the human body: ~10²⁷ Grains of sand on Earth: ~10¹⁹ Atoms in the observable universe: ~10⁸⁰ Seconds since the Big Bang: ~10¹⁷ If every atom in every star in the observable universe were a computer trying a billion seed phrases per second since the Big Bang, you still wouldn't have made a meaningful dent. Practical version Hitting a valid checksum: about 1 in 256 — easy Hitting a valid checksum + a wallet that's ever held coins: about 1 in 10⁶⁸ — effectively impossible Hitting a wallet with significant funds: even rarer People do try this — it's called "seed phrase brute-forcing" or "wallet sniping" — and there are bots that scan for funded wallets. They occasionally find a few because of bad randomness (people who picked weak phrases like "abandon abandon abandon..."), not because brute force works. With true randomness, you have a better chance of winning the lottery every week for the rest of your life. So: don't bother. The math is about as close to "literally impossible" as anything in computing gets.
The seed phrase list is 2048 words. A BIP 39 wallet uses 24 of them in any order. Even if you knew all 24 words in a specific wallet, it would still be nearly impossible to find it because there are 6.2x10^24 combinations of just those 24 words. Across the whole list, there are 1.157x10^77 seed phrases.
15-bit ECC is actually a 32,768-key brute force which classical hardware does in milliseconds, so the 'quantum' framing is a bit oversold. Project Eleven's larger point is the trajectory: previous public demos were on 7-bit keys, this is a 256x-state-space jump. Useful number to track is 'logical qubit equivalents needed for 256-bit ECC' which is around 6,000 logical qubits per IBM/Microsoft/Google papers, current public hardware is at maybe 50-100 logical qubits. Roadmaps suggest 5-10 years before hardware threatens anything serious, but the threshold is steep so progress will look slow then sudden. BTC has time to migrate to post-quantum signatures (BIP-360 is the active proposal), the question is whether the protocol can coordinate the soft fork before it's actually needed.
Depends on the wallet but you can create a passphrase wallet where you choose the passphrase (as a 25th word) and this passphrases is like a password or something, not a word used in BIP-39 (the 2048 words list that opens a wallet) but like a real password that you MUST absolutely never forget.
That's not technically true. The final word is a checksum so you can't actually just combine any 12 or 24 word combination of BIP-39 words and derive a valid private key. I was shocked when I learned this fact. Don't trust me, verify.
quantum risk may be real by 2044, or maybe not yet. but something like BIP 361 is exactly how people end up robbing satoshi while calling it protection
Yes, a preloaded BIP39 paper/wood/metal wallet is the best way. Makes for a nice physical item to give too as you can get super creative with it. Just make sure to practice good self-custody hygiene (offline seed generation, airgapped wallet, etc) The recipient can then move the funds to their own wallet if they don't want you to access their funds.
BIP-361 is proposing to freeze quantum vulnerable wallets
Well, if that ever becomes a real threat, that’s what BIP is for. You may not realize this, but until the 39th one, we didn’t even have seed phrases! Can you even imagine?
There are some ideas floating around already that a new BIP proposal for migrating BTC wallets could include a temporary change to blocks so that a fixed % of the blocksize can only be used for migration/upgrade transactions. This will put some strain on transaction costs, but it'll be manageable. That way we could ensure that everyone gets to migrate/upgrade within a certain timeframe, while also keeping space for regular transactions. It'll be up to the user if they want to pay a higher fee and be first in line to upgrade, or pay a lower fee and wait a couple months or even years.
I don't think there will ever be consensus to implement BIP-361. But hypothetically speaking let's pretend that there was consensus and it was implemented, it would only result in a chain split if there were some people still running nodes and mining bitcoin without following the new rules. Otherwise it would not result in "an extra coin" as you put it. Even though there will probably never be consensus to implement BIP-361, if some people want it enough then they can fork off and create their own version of Bitcoin with its own blockchain where millions of coins can't be stolen by people with quantum computers as long as some people are willing to mine it. That would result in a new cryptocurrency or "an extra coin" as you put it. Bitcoin does not solve wealth inequality. And this isn't Eat The Rich Coin. "Lost" bitcoins probably will get recovered by people that have access to powerful quantum computers in the future because I don't think there will ever be consensus to implement something like BIP-361.
Since it's a gift, you can keep a copy of the seed, so if he loses it, you can give it to him again. Maybe even use BIP85. If he really wants to start stacking, he'll make his own wallet, and the paper you give him does not matter in the long run.
If this is high-stakes, I would not carry a recoverable seed phrase through airport security at all. X-ray scanners are not the main risk; loss, theft, or being forced to disclose it are bigger problems. Safer patterns are a fresh travel wallet with a small amount of funds, or a separate BIP39 passphrase if you know how to recover it. If you move any backup, make sure it is not the only copy of the wallet.
3 is even worse than 2. Because that will change two rules instead of one, in a bad way. If it's 2140 now and whole coiners are rare, how would you respond to a BIP saying "miners need reward, wholecoiners will potentially cause shock, so let's take half from any wallet >1coin and use them to fund mining"?
> I won’t be joining, I’ll keep my node allowing all valid blocks. That's fine as long as you realize that you won't actually be participating in Bitcoin anymore if the majority mining power accepts BIP-361. You will be effectively blocked from mining on the canonical chain. This is similar to soft forks that eliminated certain Bitcoin Script opcodes. They're soft forks, but they cause a split between old and new clients.
Statements like this show your lack of understanding of the subject outside of incendiary headlines. Already there is BIP-360 (Pay-to-Merkle-Root) on BTQ Bitcoin Quantum testnet; post-quantum signatures (e.g., NIST ML-DSA, SPHINCS+) on Blockstream Liquid sidechain. And if you just hold and have not spent your BTC you’ve never exposed your public keys and thus are not currently at risk. But thanks for spreading FUD
You are hung up on "semantics", but even so by the time all of the coins are frozen (phase a, phase b, phase c), a hard fork will almost certainly have taken place if they go down the path of BIP-361...
Cryptographically Relevant Quantum Computers (CRQCs) don't exist yet, so there's still a bit of time, but the goal is to implement P2MR (Pay to Merkle Root) as proposed in BIP-360 which prevents public keys from being revealed in transactions. Users would then send their coins to these new bc1z addresses.
So you don’t see much benefits in switching to P2MR (what BIP 360 is about if I understand correctly)? Are there other solutions you favour more?
Bitcoin rules was never about even distribution, that’s up to the users. Bitcoin rules is however NOT censorship or centralization of power. I will not personally signal for this BIP if it were to happen today.
You seem to be operating under the false assumption that this is being proposed for activation. There is no timeline set on BIP-361; it's a draft of a contingency plan that may not ever be needed.
Perhaps you mean "chain split." BIP-361 is a soft fork, and I explained a year ago why I don't think opposition would be sufficient to resist it with a hard fork. https://blog.lopp.net/against-quantum-recovery-of-bitcoin/
I'm the author of BIP-361 and you clearly haven't read the BIP. It's a soft fork, as it only restricts spending conditions. Tightening of consensus rules is always a soft fork.
All I read in that BIP-361 proposal is: "BTC Devs are in control of your bitcoin" and Satoshi's social experiment will come to an end, which ever way the "bitcoin devs" go with.
Anyone else think a contentious Bitcoin hard fork (BIP 361) leads to this cycle’s black swan?
Yes, that will be the only way once BIP-360 is ready. Fees should be minimal though. Right now where sitting at 2 sats/vB which is about $0.19 per transaction.
Newbie here, let's suppose that I'm on Legacy, the only way to "upgrade" to BIP-360 is creating a new wallet and doing a transaction paying the fee? Or is there any way to just update my old legacy wallet?
Close: - Legacy (P2PKH) is 1 - P2SH is 3 (this can indeed wrap a legacy segwit address, but is not limited to it) - Native segwit (bech32) is bc1q - Taproot (bech32m) is bc1p - P2MR (BIP-360) is bc1z All of these address types except Taproot (bc1p) are quantum resistant as long as you haven't spent. Yes, even Legacy. The problem arises when the public key is exposed (as soon as a spending transaction makes it to the mempool), which happens for all types except P2MR. Also, very early transactions used the public key directly (P2PK). Those are vulnerable even if they never spent because they were used as is when sent to. Right now the best thing you can do to protect against quantum attacks is to move any coins you have on a P2PK key or Taproot address (bc1p) to any other type. Native Segwit (bc1q) is generally the best option. If you're on a Legacy (1) or P2SH (3) address, then you could move to Native Segwit, but it's not strictly necessary. Of course, never reuse your addresses. When you spend, send change to a new address. Good wallets do this automatically. Then watch the space for progress on BIP-360. Don't jump on bc1z the moment it releases, there will be bugs. But keep your eyes peeled to eventually make the move.
u/miamiair92 you got the BIP number wrong. It's BIP-361. There's currently a thread about it on the top of r\/Bitcoin right now: https://www.reddit.com/r/Bitcoin/comments/1sn2cuo/bitcoin_quantum_migration_plan_that_would_freeze/
Ideally, they cant't without community support. But in reality Blockstream devs control all of Bitcoin Core, BitcoinTalk, and rBitcoin. They have censored opinions that don't align with their own. BIP-361 is not a Blockstream proposal, and Adam Back of Blockstream has proposed other measures. We'll see how this plays out as we could see Bitcoin Wars 2.0. I will fight for the side that doesn't censor honest discussions.
Interesting discussion around BIP 361 and Hourglass for quantum-resistant Bitcoin upgrades. Personally, I'm not a fan of freezing coins, but it's good to be aware of these options. Anyone know more about Adam Back's push for optional quantum-resistant upgrades? Let's see what u/statoshi has to say!
They cant freeze it themselves, they can propose to do so through a BIP and eventually the node clients will have to run the upgraded software implementation and miners will have to signal for it too.
They can't consensus doesn't work like that. A proposal is just "A guy said something in a fancy paper". Having a BIP number doesn't mean that it will be activated, not even endorsement. Consensus is an incredibly messy process and getting a BIP numbers is just the first step in building consensus.
Can people please read the BIP? In the Abstract it states 3 phases: **Phase A**: Disallows sending of any funds to quantum-vulnerable addresses, hastening the adoption of PQ address types. **Phase B**: Renders ECDSA/Schnorr spends invalid, preventing all spending of funds in quantum-vulnerable UTXOs. This is triggered by a well-publicized flag-day five years after activation. **Phase C** (TBD): Pending further research, a separate BIP proposing a method to allow quantum safe recovery of legacy UTXOs, likely via zero knowledge proof of possession of a corresponding BIP-39 seed phrase. While Phase C is only usable with BIP-39 keys so far that doesn't mean that the ultimate solution is to freeze the coins, the idea is to literally not freeze the coins but the change the way they can be spent at a consensus level (for the user there wouldn't be any change). On top of all of that, developers don't decide what goes into Bitcoin, they propose, they develop, they iterate, but they can't unilaterally activate things unless users adopt changes and miners mine using the activation client and enforce the new rules (this applies for both soft-forks and hard-forks). The other reason why this will never happen is because the whole BIP is dependant on a roadmap, nothing with a roadmap is going to fully activate ever in Bitcoin because the consensus process is too messy for roadmaps to be fully fleshed out.
From the article (for those who only read titles): > *"BIP-361 will freeze approximately 34% of the BTC supply if implemented on the network."* The 34% of BTC being referenced here are those stored in potentially vulnerable addresses. These users would have to move their coins to new types of address that are secured with quantum resistant signiatures. The type of signiature hasn't yet been decided, but there are 3 possibilities being considered (FALCON512, Dilithium2 or Dilithium5). The problem with all of these however is that they are much bigger than the currently used ECDSA one... between 9.7x and 64x bigger. This means that each bitcoin block can fit a lot less transactions, which increases costs for the user and reduces TPS. The disadvantage with increasing transaction cost is obvious, but the reduced TPS is much more important. Bitcoin already has a very slow throughput, and if all of the vulnerable coins need to be moved then this would take around 2 years, assuming that they used 25% of the network's capacity. Obviously if every other Bitcoin user agreed to stop using the chain then this migration could be done in a few months... but that seems unlikely. So in summary the plan being laid out involves: * setting a 5 year countdown for migration of 34% of all BTC to new addresses that of with a signature standard that hasn't yet been decided; * if you don't move in time then your coins will be locked forever (with the vague hope of using ZK to maybe prove ownership in the future); * moving all the BTC that needs to be migrated will take around 2 years to process all the required transactions; * and after migration transactions will be 9x to 60x more expensive, with the chain able to process an order of magnitude less TPS. Sounds great, nothing to worry about!
This completely fucks the "permanent asset / digital gold" premise. Bitcoin forever, it's immutable.. bunch of nerds vote to fuck billions out of the system. The BIP vote holder now become the new government.
El problema puede ser que Coinwallet 2013 no usaba BIP39, ese estándar recién se estaba definiendo, así que buscar 12 palabras en orden probablemente no va a funcionar. Ese archivo de 30k palabras es lo más valioso que tenés. Si fue creado por alguien técnico, la seed puede estar ahí como string completa tipo hex, base64, o brainwallet (SHA256 de una frase). Eso se puede atacar programáticamente contra tu dirección conocida de Coinbase. Me pasó algo así una vez, hablame al privado que te ayudo!
Yes, if this BIP is adopted P2PK transactions will be disallowed from the network, which effectively "dumps" legacy wallets like Satoshi's.
I don’t know what you are talking about with examples and precursors. ECDSA on P-256 will be the first cryptography that is broken, because it has the smallest key size and most efficient algorithm. RSA and everything else will take longer. This BIP _is_ the solution that the community is going to come to consensus on.
Post is by: jkl2035 and the url/text [ ](https://goo.gl/GP6ppk)is: /r/CryptoMarkets/comments/1smdnqr/hunter_beast_on_qrl_show_about_bip360_how_to/ https://m.youtube.com/watch?v=0PoTq0kWVs0&pp=ygUQSHVudGVyIGJlYXN0IHFybA%3D%3D Great talk, I personally like Hunter - great to hear that momentum is growing on quantum side of BTC, they want to form several teams in the next weeks to drive BIP360 further *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoMarkets) if you have any questions or concerns.*
Only if blocks with transactions from deprecated addresses are still accepted by BIP conforming miners. If not, any blocks they find will simply be orphaned.
That’s not strictly correct. Miners are the ones who decide which transactions ultimately make it into a block. In this case, if they adopted this BIP they would simply reject all transactions using deprecated wallet formats, regardless of what the nodes broadcast.
Now that twitter has been completely destroyed by Elon and turned into a hateful version of tik tok / instagram for people to go and get outraged, I hope to find more of this here in good old r/Bitcoin I feel like u/[rnvk](https://www.reddit.com/user/rnvk/) missed the most important "keeps me up at night" point though: BIP360 won't make BTC quantum proof. It's just a first step. Implementing actual quantum proof signatures will completely wreck Bitcoin and would either reduce capacity by 40 times or require 40 times bigger blocks. So the only real hope is that Quantum Computers won't exist for at least another 30-50 years. Which really isn't great...
Here's the BIP39 wordlist: [https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt](https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt) \*Employ\* should be the closest word to that one, maybe try it that way.
Phoenix and Aqua block external seed imports due to their strict reliance on proprietary derivation paths and server-side routing states. Phoenix requires synchronized channel data with ACINQ nodes to manage inbound liquidity. Aqua requires specific Liquid Network sub-account paths. A generic BIP-85 child seed lacks this prerequisite historical state data, causing their automated recovery protocols to fail. Additionally, LND-based Lightning wallets like Blixt or Breez utilize the proprietary aezeed format. BIP-85 generates standard BIP-39 mnemonics. These cryptographic standards are mathematically incompatible. This is a limitation of highly abstracted mobile wallets, not the Lightning protocol itself. To initialize a Lightning node using a BIP-85 child seed, you must use software that processes raw BIP-39 entropy without enforcing centralized state checks. Viable alternatives capable of this exact function: Zeus. When configured in embedded LDK (Lightning Development Kit) mode, it natively accepts standard 12-word or 24-word BIP-39 seed imports. Electrum. The client allows direct BIP-39 restoration via the Options toggle during setup and operates a built-in Lightning node. Mutiny Wallet. Built entirely on LDK, it accepts standard BIP-39 child seeds directly upon initialization. Do not load the same BIP-85 child seed into multiple Lightning wallets simultaneously. Lightning nodes demand exclusive local control over their UTXOs to negotiate commitment transactions. Duplicating the active seed across multiple environments guarantees state desynchronization, triggering forced channel closures or permanent loss of capital through penalty transactions.
BIP-360 IS the solution -- its a question of when will we adopt it as a community. Sooner is better so these alarmists will shut up.
if BIP-110 is not implemented then Bitcoin has the biggest threat to its existance to date. And it could die if BIP-110 is not implemented.
This is exactly the kind of post this community needs more of. The distinction you make right at the top — that Bitcoin uses digital signatures, not encryption — is something that gets butchered in almost every mainstream article on this topic, and it invalidates half the fearmongering before it even gets started. The fact that you led with that tells me you actually did the work. The point about the 6.26 million BTC with exposed public keys is the one I think deserves the most attention going forward. It's not a sky-is-falling number, but it's not nothing either — and the people holding those coins range from lost wallets to early adopters to Satoshi's own stash, which makes any community conversation about it genuinely complicated. The BIP-360 mention is encouraging. Bitcoin has navigated hard upgrades before and come out stronger. The bigger question is whether the governance process can move at the pace the qubit timeline now seems to demand. That feels like the real race. Genuinely appreciate the no-hype framing. Bookmarking this for the next time someone sends me a "quantum computer will destroy Bitcoin" headline. Will have more as I read more but this is my first pass after reading segment 1 - great research...:)
So to reiterate: - the 12 words of the seed phrase appear in the correct order in the book, hidden among and separated by other “normal” text. - they are not standard BIP39 words, but custom words - they are differentiated from other text by using a similar but different font - the pdf has been flattened to conceal code details about font types within the document file.
So you have 12 words that are NOT in the BIP39 list? Perhaps that's the reason why nobody opened the wallet.
They're chronological, and it's only 12, before BIP39 was implemented. Importable most reliably into an electrum wallet.
A BIP is a proposal. It could be implemented tomorrow. This is the discussion period. They will discuss and poke at the ideas and either adopt or reject the proposal
Could be you are using the wrong derivation path. Electrum seed phrase derivation paths depend on the wallet version, address type (Legacy, SegWit, Native SegWit), and seed type (Electrum vs. BIP39). Modern Electrum (4.x+) typically defaults to native SegWit (bech32) using path m/84'/0'/0', while older wallets used legacy m/44'/0'/0' or m/0'. If you use the wrong path, it will show zero balance, because the addresses are different.
Not at all, you're reading too much into it. The extreme opinion you describe is a loud minority on social media, I'm certain most people won't agree with those statements. Also calling someone based is always admitting that the person aligns with your values & worldview, otherwise you wouldn't call them that, simple logic. So yes, I agree with his opinions on the Zionist anti-human regime. I said that because I feel like the whole debate about the recent BIP-110 drama has really shown who is an arrogant elitist resting on their cypherpunk title and who is still righteous in their cause. Adam for example has turned out to be quite a little crybaby, acting all smug & dismissing a big part of the community that once admired him very much. He's also on the list, which is very telling, you know what list. I won't follow someone like that anymore, anywhere. And also no one who's still rallying behind him, I sort those out immediately. People really showed their true colors during this g€nocide, expressed their opinion through deafening silence or shameless support and I can't help but judge people for their stance on this issue. If I can't trust you on this, I will never trust you on Bitcoin. Peter Todd is the sole reason I'm running BIP-110 right now. Just out of spite. I digress, I hope you get my point.
Knots. BIP110. Solo miner on my own public pool (no fee). The other paid for hash is mining with ocean.
tldr; Bitcoin developers unveiled two prototype quantum-resistant wallet recovery methods: Lightning Labs CTO Olaoluwa Osuntokun proposed a zk-STARK-based recovery path for BIP-86 Taproot wallets, while StarkWare researcher Avihu Levy outlined a no-softfork scheme that may fit within Bitcoin’s current script limits. The prototypes offer concrete migration options for existing wallets amid rising concern after Google warned quantum attacks on secp256k1 may be easier than thought, though they are not yet deployed solutions. *This summary is auto generated by a bot and not meant to replace reading the original article. As always, DYOR.
Gavin left when BIP-100, 102, snd 103 were censored on Bitcoin forums
I expect $58K by June 7th or 8th. And I don't see BTC breaking that trend line in the summer, which is typically "sell in May and go away" season. So I expect sub-$50K by September. There's also BIP-110 and the child exploitation content issue, and a looming soft fork over it. If that hits normie news in August before the deadline, it'll drive price lower too. Hold your powder.
My own analysis suggests $58K by June 8th. Summer is usually not a pump season, so I expect sub-$50K by September/October. Especially if BIP-110 starts hitting normie news and everyone starts hearing about embedding the kiddy pr0nz in the blockchain, or a contentious soft fork over the issue.
\>Electrum uses a proprietary seed format and deliberately does not support BIP-39 — the standard your hardware wallet uses. Electrum is open source software so it can't be a proprietary seed format. It's supported by some other wallets like blue wallet. Electrum's seed format is superior because it does not require the user to select a derivation path. Electrum automatically uses the correct derivation path. \>To get it working you have to click a hidden “Options” button during seed entry, select “BIP39 seed,” then manually enter the derivation path your original wallet used. The options button isn't hidden. It's visible plain as day on the seed entry step. You don't have to manually enter the derivation path. You can select from some options or click on the "detect existing accounts" button to have it search for the correct one automatically. \>Without those steps, Electrum opens a valid empty wallet with no explanation. If you enter a bip39 seed and do not click on options and check bip39 then electrum won't let you proceed to the next step. It won't open an empty wallet. It just won't let you proceed.
Yeah, thank but no thanks. Of course I relise that of a multisig scheme 2-of-3 is the most forgiving. What I meant is: what BIP, and with what hardware devices? iPhone, Trezor, Coldcard Q and or one or more Tapsigner cards. Infinite plus kodos for those who mention SLIP-39 in their quality reply.
Really? I thought Ethereum was structrually more vulnerable because address are re-used and public keys exposed. With BIP360, I would assume that Bitcoin is the main choice of quantum-resistant wealth accumulation going forward. However, such an attack is still a theoretical thought experiment. Cracking ECC (with SHA256 still out of reach) is at the end of the adoption curve, no matter what algorithm you use. And there is no company working towards this, as other use-cases come with economic incentives.
BIP-360 only protects against new long-range attacks for anyone who migrates. It doesn't solve short range mempool attacks or longer-range attacks for stuck BTC in P2PK addresses and other early addresses used more than once.
That's not what BIP 360 does. It only fixes taproot transactions so they don't put public key on-chain. There is no BIP to add post-quantum signatures.
Banks can patch their systems overnight. Bitcoin requires ecosystem-wide consensus for any cryptographic upgrade, and one paper estimated ~76 days of downtime just for the transition. SWIFT and US federal agencies are already on post-quantum timelines. Bitcoin’s leading proposal (BIP 360) is still on testnet. On top of that, 6.9M BTC already have public keys exposed on an immutable ledger. Adversaries can harvest that data now and crack it later.
So it should be really easy for you to tell us which BIP it is then right? Certainly you aren’t just making it up entirely?
… so can Bitcoin? The BIP already exists
*Your funds are very likely not lost — this is a classic MultiBit change address issue.* *When you sent the $10 test transaction, Electrum created a change address using its own derivation path. But MultiBit used a completely different wallet format (not BIP44 standard), so the remaining balance went to a change address that Electrum doesn't see with the same seed.* *What you should try:* *1. In Electrum, go to Wallet → Private Keys → Export — check if there are addresses with balance you don't recognise* *2. Try importing the seed into MultiBit Classic (if you can find it) or Multibit HD* *3. Check the blockchain explorer with your old receiving address — trace where the change went* *The transaction is on-chain, the funds exist somewhere. They're just in an address your current Electrum setup isn't showing.* *Don't send any more transactions until you locate the change address.*
Seed phrases were introduced in BIP39, which was adopted late 2013. It's possible OPs wallet address predates that.
also, try using a BIP 39 generator once
BIP 360 has already been proposed to fix this before it becomes an issue. By what I’ve read the coins are safe unless a transaction is broadcast also.
Yes, the original wallet was online. I searched using Electrum and the Atomic wallets; however, neither of those wallets could import my old wallet using my BIP39 seed code. I actually found it on the Apollo exchange, and was able to access Apollo and Artimus, which I vaguely recall that the Artimus token was part of the original Apollo coin. Anyway, I swapped it all for Bitcoin, and the wallet shows that it was completed properly. I would like to move the Bitcoin to Coinbase, but when I add my Coinbase Bitcoin wallet address, it says the address is invalid. So I think it has something to do with this being an outdated wallet, and I'm trying to figure out how to move it or update it...
The '9-minute' headline is great for clicks, but the real technical nightmare isn't the hardware scaling—it’s the **social consensus** of 10 million 'lost' coins. Sure, we can patch the protocol with BIP-360, but how do you migrate **Satoshi’s 1.1 million BTC** or the billions in 'zombie wallets' that don't have an active user to sign a transition transaction? If we don't migrate them, they become a permanent 'bounty' for the first state-actor with a stable Qubit array. If we *do* hard-fork to burn or lock them, we’ve just turned Bitcoin into a centralized database managed by a committee. The 'Gods' of cryptography are basically telling us we have a choice: 1. Maintain 'Immutability' and let Quantum computers slowly drain the foundations of the network. 2. Maintain 'Security' and admit that the 'Code is Law' era died the moment we had to manually intervene to stop a Shor’s algorithm exploit. I’m looking forward to the 2028 'Civil War' where half the network refuses to upgrade because 'Quantum isn't real' while the other half watches their cold storage turn into a public donation. At least the **Symmetric encryption** crowd can laugh at us from their AES-256 bunkers while we're arguing over which multi-sig flavor tastes less like defeat. Is Bitcoin actually 'un-hackable' if the only way to save it is to break its primary promise of decentralization?
Would we have to do anything as BTC owners if it went BIP360?
Academic is on the SLIP 39 list - Shamir secret from Trezor (authors of original BIP39) https://trezor.io/slip39
Agreed, BIP360 is a solid move, but the real challenge will be achieving network consensus and ensuring a safe migration for all users.
Time to react now - BIP360 is there
We have computers to help us. With a book's PDF version, a program can give us all 2048 words' locations. Then you pick 12 and verify them in the paper book before write down. Also, the 4 letters criteria IS in BIP39 spec itself.
You technically can, but think about the practical side: with a letter-based approach for 12 words, you're looking at up to 48 code sets. For 24 words, that's up to 96. Now add a second wallet — you're encoding and verifying 192 individual letter references. The chance of making a single mistake while encoding or decoding goes up significantly with every additional reference, and one wrong letter means a wrong word means a wrong seed. Also, using only the first 4 letters is not recommended — BIP39 has word pairs that share the first 4 characters (like "work" and "world", or "sea" and "search"). You'd want full words to be safe, which makes the letter approach even longer. A purpose-built book with a word index lets you look up each seed word directly and get one code per word — 24 codes for 24 words, done. Less room for error, faster to encode and verify.
The 500,000 qubit estimate needs context because it obscures the real engineering gap. Current quantum computers have thousands of physical qubits but extremely few logical qubits. The difference matters enormously. You need many physical qubits to create one error-corrected logical qubit that can actually run algorithms reliably. The 500,000 number is likely physical qubits, and the ratio of physical to logical is currently terrible, somewhere around 1000:1 for useful error correction. So you're really talking about needing machines orders of magnitude more capable than what exists. The 6.9 million vulnerable BTC framing is somewhat misleading. These are coins in addresses where the public key has been exposed, meaning the address has been spent from at least once. Coins sitting in addresses that have only received and never sent are protected by an additional hash layer. The real vulnerability window is between when you broadcast a transaction and when it confirms, because your public key is exposed during that period. A sufficiently fast quantum computer could theoretically derive your private key and submit a competing transaction. The timeline uncertainty is the honest answer. Quantum hardware progress isn't linear or predictable. Could be 10 years, could be 25. Anyone giving confident dates is guessing. What actually matters practically. The cryptographic community has post-quantum signature schemes ready. The migration is a coordination problem not a research problem. Bitcoin's BIP-360 and similar proposals exist. The transition will be messy but the path exists. The chains that drag their feet on migration will have problems, but the industry has time to execute if it starts moving seriously.
BIP 47 (PayNyms) already have this covered. They aren’t great for privacy, though.
In Bitcoin we have Payment Requests (implemented by BitBix and Trezor), BIP-353 addresses (human readable addresses), QR codes, contacts, Silent Payment Addresses and a million more solutions, also Breez (a Lightning wallet) used to have something exactly like what you are proposing but nobody actually used it because this causes more problems that those it solves. This problem was solved years ago, just use a wallet the implements good UX/UI stuff.
> The timeline for quantum computers threatening Bitcoin's elliptic curve cryptography is uncertain. it's actually not that uncertain anymore. NSA set a 2030-2033 deadline and Google has recently advanced Q-day to 2029. IBM is investing 150 billion in quantum computing. this softfork is beneficial but it should have been activated long ago, along with other technical improvements like BIP 118. let's not delay an urgent quantum softfork with something that was not prioritized for several years.
For more information about BIP 54, see Mike's website that was recently shared here. [https://www.reddit.com/r/Bitcoin/comments/1sbea6t/bip54org\_informational\_site\_for\_bip54s\_consensus/](https://www.reddit.com/r/Bitcoin/comments/1sbea6t/bip54org_informational_site_for_bip54s_consensus/)