BIP39：助记词

BIP39是SEED的生成算法.如果你用过比特币钱包应用，很可能它会为你生成一个助记符。这样的助记符可以用来替代私钥，并且可以被用于生成私钥。用“有意义的”助记词代替无意义的数字，也就是“密语种子”，密语种子更加便于记忆和抄录，它可以转化成适用于BIP32的“数字种子”。构造Script.ScriptType.P2PKH类型的钥匙串KeyChainGroup

NetworkParameters params = TestNet3Params.get();
Wallet wallet = new Wallet(params);

public Wallet(NetworkParameters params) {
        this(params, KeyChainGroup.builder(params).fromRandom(Script.ScriptType.P2PKH).build());
    }

public Builder fromRandom(Script.ScriptType outputScriptType) {
            System.out.println("fromRandom construct outputScriptType:" +outputScriptType);
            DeterministicSeed seed = new DeterministicSeed(new SecureRandom(),
                    DeterministicSeed.DEFAULT_SEED_ENTROPY_BITS, "");
            fromSeed(seed, outputScriptType);
            return this;
        }

DeterministicSeed 第三个参数是密码，默认为空，试着自己加了密码也ok，总之不影响随机熵的创建。从SecureRandom创建随机熵

public List<String> toMnemonic(byte[] entropy) throws MnemonicException.MnemonicLengthException {
        if (entropy.length % 4 > 0)
            throw new MnemonicException.MnemonicLengthException("Entropy length not multiple of 32 bits.");
        if (entropy.length == 0)
            throw new MnemonicException.MnemonicLengthException("Entropy is empty.");
        // We take initial entropy of ENT bits and compute its checksum by taking first ENT / 32 bits of its SHA256 hash.
        byte[] hash = Sha256Hash.hash(entropy);
        boolean[] hashBits = bytesToBits(hash);
        
        boolean[] entropyBits = bytesToBits(entropy);
       //提出SHA256哈希前几位（熵长/ 32），就可以创造一个随机序列的校验和
        int checksumLengthBits = entropyBits.length / 32;
        // We append these bits to the end of the initial entropy. 将校验和添加到随机序列的末尾
        boolean[] concatBits = new boolean[entropyBits.length + checksumLengthBits];
        System.arraycopy(entropyBits, 0, concatBits, 0, entropyBits.length);
        System.arraycopy(hashBits, 0, concatBits, entropyBits.length, checksumLengthBits);

        // Next we take these concatenated bits and split them into groups of 11 bits. Each group encodes number from 0-2047
        // which is a position in a wordlist.  We convert numbers into words and use joined words as mnemonic sentence.
        //将序列划分为包含11位的不同部分
        ArrayList<String> words = new ArrayList<>();
        int nwords = concatBits.length / 11;
        System.out.println("toMnemonic 生成的有顺序的单词组就是助记码entropyBits len:"+entropyBits.length+" checksumLengthBits:"+checksumLengthBits+" nwords:"+nwords );
        for (int i = 0; i < nwords; ++i) {
            int index = 0;
            for (int j = 0; j < 11; ++j) {//将每个包含11位部分的值与一个已经预先定义2048个单词的字典做对应
                index <<= 1;
                if (concatBits[(i * 11) + j])
                    index |= 0x1;
            }
            System.out.println("toMnemonic add 2048个单词表里第" +index+" 个位置单词 "+this.wordList.get(index));
            words.add(this.wordList.get(index));
        }
        return words;        
    }

对string集合进行加盐操作，salt随机，用PBKDF2SHA512加密算法加密.

public static byte[] toSeed(List<String> words, String passphrase) {
        checkNotNull(passphrase, "A null passphrase is not allowed.");
        String pass = Utils.SPACE_JOINER.join(words);
        String salt = "mnemonic" + passphrase;
        log.info("toSeed 加盐 {}", pass+" 盐："+salt);
        final Stopwatch watch = Stopwatch.createStarted();
        byte[] seed = PBKDF2SHA512.derive(pass, salt, PBKDF2_ROUNDS, 64);
        watch.stop();
        log.info("PBKDF2 took {}", watch);
        return seed;
    }

PBKDF2SHA512 助记词+盐进行2048次sha256每次产生的seed都是不同的!
https://iancoleman.io/bip39/?#english 翻墙查看，把 mnemonic code 记录下来好好保存，就会是一个冷钱包（指不连网路的钱包，所以安全很多）。可以使用产生出来的 address 收送钱。

image.png
128-->10^12 years才能暴力破解，安全性已经足够了。可以加密码短语， 都会导致不同的种子，形成一大批可能未初始化的钱包。这批钱包非常之大（2^512），使用暴力破解或随机猜测基本不可能。最近发现助记词随手抄在纸上，在工位上很容易被同事看到，没有像bip38那样的密码，很不安全，其实有助记词+密码可选项，不知为什么主流钱包去掉了，像比特派钱包，还有中文的助记词，本土化应该优先做中文助记词
image.png