slip39 recovery for seeds with passphrase

[3ntranced]

I am testing slip39 recovery on electrum version 4.5.4. I am generating slip shares using https://iancoleman.io/slip39/

1. If I encode a passphraseA along with a 24 word seed for wallet A, resulting in shards_A, then I cannot reconstruct wallet A with electrum whether choosing option to use optional passphrase or not.

2. If I encode a 24 word seed without passphrase for wallet B, shards_B, which is the same seed as for wallet A, then when reconstructing, I cannot reconstruct wallet A by using shards_B plus choosing use optional passphrase and entering passphraseA.

I think 1) seems like a bug, and 2) I am not sure, but if using https://iancoleman.io/bip39/ and https://iancoleman.io/slip39/ I can get to wallet A from using shards_B plus passphraseA and I thought I could do same in electrum.

[3ntranced]

example:
bip39 seed is: cluster pink review inch ceiling rabbit lizard ethics message soup vanish economy kingdom rack tool eternal nut frost emerge hour jazz alarm forest kidney

imporing bip39 with electrum gives master key as zpub6rhoFJVbhGvuZ9TZeVDrocoLYC6vsaXw9ifdB8cgbu5wZSfGgWxf21dSkQDQTmS3Gz5waeGF8EriqxwGjHVTSC3cJASQzhg9i8ziQfQD3AK

and first address as bc1qgld0f5jel62t7k96r9lln90qx7szfsdw5akyfp

its entropy is : 2c74a2e239224f6060b26d8bf9ffc52317ab61392a6c97abad22b727760b96cb

using Ians we get 2/3 as:
costume senior acrobat leader acrobat patrol mixed violence guard believe story quick calcium preach become ranked flame tricycle estate chest frequent fancy security pencil script retailer hesitate artwork strike group intend payment airline

costume senior beard leader auction exceed mineral salt retailer fiction crucial earth voting violence dwarf dress keyboard category belong cinema jump scramble dish distance clock demand thorn valid fiscal forward smug staff yelp

importing both into electrum as slip39 gives us master key as
zpub6s6o3gmd3qBC6wy4Mu784GELRxwkhy41sA4dHqj1XW1jJaPgLN9p2snKk8FsvVAeesQpx1Z9yFrpFjphNPPBghnPM39wW2oGZSyY9vNfx2f

and first address as bc1q9hydztmcwt5qdwf3rm2wlcnudyz9shz3ysn2sd

but they should be the same, yet they are not.

Likewise if https://slip39.com/ is used to generate slip39 shards from same bip39 seed

[SomberNight]

its entropy is : 2c74a2e239224f6060b26d8bf9ffc52317ab61392a6c97abad22b727760b96cb

What is that? How did you calculate it?

[SomberNight]

Here you go.

>>> electrum.keystore.bip39_to_seed("cluster pink review inch ceiling rabbit lizard ethics message soup vanish economy kingdom rack tool eternal nut frost emerge hour jazz alarm forest kidney", passphrase="").hex()
'5be935613b67a9d53bfafe03fab5e92ea5bcacc6449cf151714730cdf366b0a7e0a644d571aa2559f201f193231e9dab7a4eb9b2854a19536d2e0fc9bc3d7cc8'

$ pip install shamir-mnemonic[cli]==0.2.2
$ shamir create 2of3 --master-secret="5be935613b67a9d53bfafe03fab5e92ea5bcacc6449cf151714730cdf366b0a7e0a644d571aa2559f201f193231e9dab7a4eb9b2854a19536d2e0fc9bc3d7cc8"
Using master secret: 5be935613b67a9d53bfafe03fab5e92ea5bcacc6449cf151714730cdf366b0a7e0a644d571aa2559f201f193231e9dab7a4eb9b2854a19536d2e0fc9bc3d7cc8
Group 1 of 1 - 2 of 3 shares required:
dilemma upgrade academic acid acne tidy knife prevent easel cinema bucket decent together keyboard critical fatigue watch mailman craft kernel grocery ending hand large hamster evoke rebound climate element fumes manager practice glen hush decorate exclude dilemma false large grin speak chew increase injury prayer exceed together canyon vegan axle prisoner teaspoon educate insect surprise large greatest welcome bike
dilemma upgrade academic agency acid evoke thorn hearing threaten capture early sunlight divorce carve mason again rocky software step species music enlarge various simple carbon deny pipeline taxi pajamas wildlife jerky describe woman black heat drink amazing alive visitor fake regular devote pitch speak year owner undergo pancake client oral crush juice moisture costume editor scramble security license season
dilemma upgrade academic always acid subject fumes teacher miracle fluff fiber papa emphasis species standard withdraw install dismiss junk holiday package deliver zero merit lunar stilt costume holy owner bishop humidity mountain emission remember observe credit epidemic morning kind memory ajar group spill rocky acrobat liberty faint temple empty ambition plunge staff wrist slush volume marathon usual calcium leaf

[3ntranced]

yes sorry I didnt know how to use this. is there any way to have less words for each share from a 24 word bip39 key?

[3ntranced]

Are there plans to implement SSKR: Sharded Secret Key Reconstruction? I think it will use less words than slip39.

[SomberNight]

is there any way to have less words for each share from a 24 word bip39 key?

see https://github.com/satoshilabs/slips/blob/52cde3ce73c572753dd6d3e565afd0630247659b/slip-0039.md#design-rationale

Compatibility with BIP-0039

Converting an existing BIP-0039 mnemonic to SLIP-0039 shares

This is possible, but only at the price of all SLIP-0039 shares being 59 words long regardless of the length of the original BIP-0039 mnemonic. This is due to the fact that in BIP-0039 the mnemonic and passphrase are processed by PBKDF2-SHA-512 to produce a 512-bit seed which is what would need to be split using SLIP-0039. Furthermore, anyone who is using several different passphrases with one BIP-0039 mnemonic to have several wallets can convert only one of these wallets to SLIP-0039 shares.

Users who wish to take advantage of Shamir's secret sharing are advised to transfer their funds from their old BIP-0039 wallet to a new wallet backed-up using SLIP-0039. Doing so has the advantage of fully eliminating the possibility of theft using the old BIP-0039 mnemonic, which may happen if the user unknowingly fails to destroy all of its copies.

---

Are there plans to implement SSKR: Sharded Secret Key Reconstruction? I think it will use less words than slip39.

No plans atm.