slip-0039.md: use `n` for nonce

parent f8573bcd
...@@ -37,16 +37,16 @@ The value to be encoded as the master secret must be a multiple of 8 bits. This ...@@ -37,16 +37,16 @@ The value to be encoded as the master secret must be a multiple of 8 bits. This
We propose the following format of the shares: We propose the following format of the shares:
| nonce (N) | index (I) | threshold (M) | share (S) | checksum (C) | | nonce (n) | index (I) | threshold (M) | share (S) | checksum (C) |
|-----------|------------|---------------|------------------|--------------| |-----------|------------|---------------|------------------|--------------|
| 20 bits | 5 bits | 5 bits | 130/200/260 bits | 30 bits | | 20 bits | 5 bits | 5 bits | 130/200/260 bits | 30 bits |
* `nonce` field is a random 20-bit identifier which is the same for all shares and it's used for detection whether the shares belong together, it's also later as salt in key derivation functions * `nonce (n)` field is a random 20-bit identifier which is the same for all shares and it's used for detection whether the shares belong together, it's also later as salt in key derivation functions
* `index` field corresponds to the SSS part's `x` value (see the diagram above) * `index (I)` field corresponds to the SSS part's `x` value (see the diagram above)
* `threshold` field indicates how many shares are needed to reconstruct the secret * `threshold (M)` field indicates how many shares are needed to reconstruct the secret
* `index` and `threshold` fields values are from range 1-31, value 0 is not considered valid * `index (I)` and `threshold (M)` fields values are from range 1-31, value 0 is not considered valid
* `share` field is the corresponding SSS part's `y` value (see the diagram above) right-padded with zeroes to the nearest multiple of 10 bits * `share (S)` field is the corresponding SSS part's `y` value (see the diagram above) right-padded with zeroes to the nearest multiple of 10 bits
* `checksum` field is a Bech32 checksum (defined in BIP-0173) of the whole share (that is `N || I || M || S`), human-readable part (hrp) of Bech32 is "SLIP0039" * `checksum (C)` field is a Bech32 checksum (defined in BIP-0173) of the whole share (that is `n || I || M || S`), human-readable part (hrp) of Bech32 is "SLIP0039"
This structure is then converted into a mnemonic code by splitting it up by 10 bits which correspond as an index to the a word list containing exactly 1024 words (see below). This structure is then converted into a mnemonic code by splitting it up by 10 bits which correspond as an index to the a word list containing exactly 1024 words (see below).
...@@ -72,7 +72,7 @@ Passphrase should contain only ASCII characters to achieve the best interoperabi ...@@ -72,7 +72,7 @@ Passphrase should contain only ASCII characters to achieve the best interoperabi
![passphrase](slip-0039/passphrase.png) ![passphrase](slip-0039/passphrase.png)
We will use `PBKDF2(PRF = HMAC-SHA256, Password = master_secret, Salt = ("SLIP0039" || passphrase || N), iterations = 20000, dkLen = 256 bits)` as the key derivation function. Value `N` is encoded as two words from the wordlist separated by exactly one space. We will use `PBKDF2(PRF = HMAC-SHA256, Password = master_secret, Salt = ("SLIP0039" || passphrase || n), iterations = 20000, dkLen = 256 bits)` as the key derivation function. Nonce value `n` is encoded as two words from the wordlist separated by exactly one space.
We suggest to use the obtained seed as a master seed `S` for Hierarchical Deterministic Wallets described in BIP-0032. We suggest to use the obtained seed as a master seed `S` for Hierarchical Deterministic Wallets described in BIP-0032.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment