Oh shit, hahahaha.. there’s *16* possible checksums for a 12-word seed! (Not 128!)
I figured it out!
I asked the same question on the blue bird app, and nostr:npub1neuqdjl2v759tk289ay4mx6xl22wsg3fy5uw3cfm07s5mgn3uhpsy0t2vz gave me the clue I needed!
After I hit calculate, it asked me to insert the 12th word (really bad UX/UI) and only allowed me to select certain letters.
When I selected ‘a’ it gave me nine word options.
I was confused because I usually use 24 word seeds and there are only eight checksum options.
Sani mentioned that there are 128 options for a 12-word seed,
so I realized the jade was showing me all the available checksums beginning with ‘a’!
nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n I request that you change the wording on the screen after selecting ‘Calculate’ to say something like:
> Select any letter
Then on the next screen,
> Choose a 12th word
(instead of select, which implies at least to me, that there is a correct word to choose)
There is probably even a better phrase to use on that last screen.
Also, at the beginning of the flow, once one selects ‘Advanced Setup’, I would love to see ‘Calculate Checksum’ or ‘Calculate 12/24th Word’ as an option under ‘Create New Wallet’ and ‘Restore Wallet’ 🙏
Thanks for considering, I really love that the Jade allows for the checksum to be calculated, just need a clearer UX/UI 🧡😊
nostr:note1e8a4k50v7ypvdp8rqvg7s9rsehq5zhtzs0276vdm2r87c6cjullskx2e0l
Discussion
I just rechecked on sparrow gave me 128 and 8 respectively
Here's the long answer how this works:
As per BIP39, the mnemonic seed is a multiple of 32 bits between 128 and 256 bit (128 bit entropy is the minimum to be considered safe), plus 1 bit checksum(sha256) for every 32 bit appended to the end of the entropy.
With 128 bits you have 4×32 + 4 bit checksum, meaning the 12th word contains 4 bits of checksum. 2^4 = 16 possible words, once we have the first 128 bit of entropy.
Additional info: the number of bits contained in the entropy + checksum always follows this formula Y * 32 + Y where Y= 4 or 5 or 6 or 7 or 8 (12, 15, 18, 21, 24-word mnemonic seed, respectively). This is always a multiple of 11, since 32Y + Y = 33Y = 11 * 3 * Y.
So it is handy for the bip39 words to encode 11 bits, and 2^11 = 2048 possible words on the list. So e.g. the 12th word in a 12-word mnemonic consists of 11 - 4 = 7 bits of entropy.
In the case of the SeedSigner, you can create your seed phrase by drawing random words from some container having all 2048 words, putting words back after a draw.
You draw 11 words, but you cannot draw the 12th because that only encodes 7 bits of entropy and the checksum is deterministic after that, not arbitrary. So after the 11th word it instructs you to perform 7 coin tosses (e.g. heads = 1, tails = 0) and enter the resulting bits into the UI. It will then calculate the last 4 bits of checksum and that gives you the 12th word.
Thank you! D++ has explained it to me before, but I forget and then need refreshed :)