also about the power consumption, the device in question is a little battery powered ARM system on chip board that you use airgapped, like a jade or a seed signer, i don't understand what you are talking about at all
Discussion
EMF leaks and the likes
this kind of thing is extremely marginal risk, compared to not having your keys backed up
yeah, I was trying to make a resistant implementation but due to the stupidity of the people that wrote BIP39 it is 1. very space inefficient 2. not constant time
you can always just transcribe hex, or bech32 - for hex you might want to add a CRC32 suffix check string, bech32 includes one
I’m considering doing xprvs
so, a HD seed
i still think you should use a crc32 check, and hex, to make the decoder simple as possible... base32 and base64 are shit in this respect
you could make a simpified 256 word dictionary mnemonic key scheme too, that would be 32 words, plus another 4 for your CRC check or 36 words, they could all be precisely 4 letters long to make storage neat
xprvs are neat but they use the crappy base58check encoding
in the end it’s 64 bytes, so why not bech32m
constant time doesn't matter without an interactive protocol where timing can be observed