*`nonce` field is a random 20-bit identifier which is the same for all shares and it's used for detection whether the shares belong together, it's also later as salt in key derivation functions
*`nonce (n)` field is a random 20-bit identifier which is the same for all shares and it's used for detection whether the shares belong together, it's also later as salt in key derivation functions
*`index` field corresponds to the SSS part's `x` value (see the diagram above)
*`index (I)` field corresponds to the SSS part's `x` value (see the diagram above)
*`threshold` field indicates how many shares are needed to reconstruct the secret
*`threshold (M)` field indicates how many shares are needed to reconstruct the secret
*`index` and `threshold` fields values are from range 1-31, value 0 is not considered valid
*`index (I)` and `threshold (M)` fields values are from range 1-31, value 0 is not considered valid
*`share` field is the corresponding SSS part's `y` value (see the diagram above) right-padded with zeroes to the nearest multiple of 10 bits
*`share (S)` field is the corresponding SSS part's `y` value (see the diagram above) right-padded with zeroes to the nearest multiple of 10 bits
*`checksum` field is a Bech32 checksum (defined in BIP-0173) of the whole share (that is `N || I || M || S`), human-readable part (hrp) of Bech32 is "SLIP0039"
*`checksum (C)` field is a Bech32 checksum (defined in BIP-0173) of the whole share (that is `n || I || M || S`), human-readable part (hrp) of Bech32 is "SLIP0039"
This structure is then converted into a mnemonic code by splitting it up by 10 bits which correspond as an index to the a word list containing exactly 1024 words (see below).
This structure is then converted into a mnemonic code by splitting it up by 10 bits which correspond as an index to the a word list containing exactly 1024 words (see below).
...
@@ -72,7 +72,7 @@ Passphrase should contain only ASCII characters to achieve the best interoperabi
...
@@ -72,7 +72,7 @@ Passphrase should contain only ASCII characters to achieve the best interoperabi
![passphrase](slip-0039/passphrase.png)
![passphrase](slip-0039/passphrase.png)
We will use `PBKDF2(PRF = HMAC-SHA256, Password = master_secret, Salt = ("SLIP0039" || passphrase || N), iterations = 20000, dkLen = 256 bits)` as the key derivation function. Value `N` is encoded as two words from the wordlist separated by exactly one space.
We will use `PBKDF2(PRF = HMAC-SHA256, Password = master_secret, Salt = ("SLIP0039" || passphrase || n), iterations = 20000, dkLen = 256 bits)` as the key derivation function. Nonce value `n` is encoded as two words from the wordlist separated by exactly one space.
We suggest to use the obtained seed as a master seed `S` for Hierarchical Deterministic Wallets described in BIP-0032.
We suggest to use the obtained seed as a master seed `S` for Hierarchical Deterministic Wallets described in BIP-0032.