How to verify the recovery phrase created by dice rolling
When setting up your bitcoin wallet, the most crucial part is the process of creating your recovery phrase. Have you ever wondered where these recovery phrases come from? It’s from a random number, or so called entropy. This random number is usually generated by PRNG (Pseudo-Random Number Generator) in a software wallet or a TRNG (True Random Number Generator) in a hardware wallet. The randomness here is the key to make sure that your private keys can’t be brute forced. We’ve already written an article explaining the difference between PRNG (Pseudo-Random Number Generator) and TRNG (True Random Number Generator).
But there are some downsides to TRNG. TRNG is always executed by proprietary code which is created by the Secure Element vendors. With that being said, users need to trust the Secure Element vendor when generating a true random number.
For some bitcoiners this kind of blind trust is unacceptable. This is why hardware wallets like the ColdCard and the Keystone allow users to generate their own true random number (entropy) with rolling dice. Here is a tutorial for how to use rolling dice to create a recovery phrase using the Keystone.
“Don’t trust, verify” is not just a catch phrase, but something we try to adhere by, it resonates strongly with the Keystone team and we try to achieve this with as much transparency as possible. The previous open sourcing of the operating system and the SE Firmware that we use in the Keystone slowly tries to reinforce that adherence to it.
Technical users can verify our code from our github repository. For non-technical users with no coding background, can verify the result using the famous Ian Coleman web tool.
Here’s how to do the verification:
Let’s assume you roll the dice 50 times and get this sequence of numbers:
51236422654236551235532545533355551153256611442361
You type these numbers into Keystone and get these 24 words as your recovery phrase:
Please note that rolling the dice for 50 times is equivalent to 128 bits entropy. If you roll less than 50 times the randomness would be too weak to be safe. We recommend rolling it a 100 times (just to be sure).
With Ian Coleman’s key generation web tool, you can toggle on “Show entropy details”
Then you can choose Dice entropy at right side and select “24 words” for Mnemonic Length. Then type in the numbers you have just typed in Keystone into the “Entropy” column.
Then you will find that you get the exact same result for your recovery phrase, which are these words:
boost nephew sea noise apology three grocery alter season gym leaf token defense today vacuum purse gate swear want road opera fine flag twice
Please note that if you want to use Ian Coleman’s tool to verify the recovery phrase, you’d better use it offline to make sure there are no potential malicious software which may hijack your keyboard or do other attacks on your computer. At the bottom of the Ian’s page, you will find some guidance for offline usage.
This is one of the first articles for the series articles of “don’t trust, verify”. Coming up next later will be about how to verify the update package.
