I was reading about HD wallets and it’s Master (Extended) Keys and I’m wondering about benefits of Passphrase. OK, so there is initially 512bit hash split into Master Private Key and Master Chain Code. 512bit is wide “enough” for Passphrase making sense here (brings benefits to entropy).
But at the end the key is still “only” 256bit long. So I’m looking for an answer to my theoretical question – when I have 256bit long seed + even maxed out 50 chars long Passphrase for Trezor HW there must exist at least one other combination of 256bit long seed words without Passphrase and having same master key?!? It seems to me, that Passphrase must “wrap-around” as 256bit key does not have “enough bits” to bring benefits for 256bit seed + 300bit Passphrase.
Note: The question is not about if such non-Passphrase SEED word combination can be found (sure brute-force only) or benefits of having hidden wallets. Also i’m aware that final strength of elliptic curve is being “only” 128bits. I can count number of combinations, probabilities etc. but that’s not the point here.
The chain code plays a role in deriving child keys. And the “master private key” is never actually utilized as a private key, its only role is to be the basis for the derivation algorithm.
Even with the same master key, your xpubs and wallet addresses will come out different.
Now, it so happens that exactly the same argument could be used for any specific key in the tree: given a 256bit seed and a 256bit passphrase, there must necessarily be some other seed + passphrase whose, e.g., Bitcoin segwit account 0 address 0 is the same. All the other addresses will be different, but that one will match.
This is not a problem in practice because finding a collision of this kind is exactly as likely as randomly generating someone else’s seed – that is, practically impossible.
Should I generate a Legacy/Taproot address and move my btc to it to avoid this theoretical situation?
I use seed + passphrase and store the money on the Segwit address that was set as default for btc on Model T
Or maybe I didn’t fully understand what you meant by that
You don’t need to do anything to “avoid theoretical situations”. Theoretical situations are just that – theoretical.
In theory I can pull out my Trezor now, and generate a wallet, and it’s gonna come out the same as yours, and I’ll have access to your bitcoins.
In practice this is never ever going to happen.
If you re-read the original post by @Bitcoin_Lover carefully, you’ll see that they are asking about a rather mathematical scenario: the total entropy of their master seed is 512 bits, but the keys are only 256 bits, so the entropy has “nowhere to go”, and some entropies must necessarily result in the same private keys. (because there are 2^512 total possible entropies but only 2^256 possible keys)
This is true in mathematical sense. But in practice, the 256bit keyspace is simply too large for anyone ever hitting this until the heat death of the universe.
English is not my native language, so I translate most of it through a translation and I also lack theoretical knowledge about seed generation and master key.
That’s why I saw your message where you say this:
It looks like a statement and it was a bit confusing
Maybe the wording could have been a little bit easier to understand
I am wondering if any seed that has more then 128bit of entropy, even matter for security because instead of attacking the seed they can just attack the elliptic curve?
