Announcing Penlock v1: Paper-Based Secret Splitting for BIP39 Seed Phrases
60 views
Skip to first unread message
Rama Gan
4:49 AM (15 hours ago) 4:49 AM
to bitco...@googlegroups.com
Hello everyone,
I am thrilled to announce the public release of Penlock!
The goal is achieved! If you have a printer, scissors, a craft knife,
and a pin, you can mechanically secret-split a 12-word seed phrase
in under two hours. This includes the entire process—learning,
printing, assembling, executing, and storing the shares.
Penlock is a printable paper calculator that guides you through
splitting a seed phrase into a 2-of-3 backup. It is open-source,
uses straightforward and robust cryptography, and includes various
fail-safes that protect against errors. A beta was announced on
this list last year, and the public release is now available at:
<https://v1.penlock.io/en/>
This release breaks backward-compatibility with the beta, allowing for
enhancements that make Penlock significantly easier to operate. Here
are the main improvements in v1:
- Faster Secret-Splitting: Penlock now focuses exclusively on producing
2-of-3 backups using its own paper-optimized splitting algorithm. The
previous iteration supported K-of-M splitting with Shamir Secret
Sharing, but at the cost of more complexity and a clunkier 2-of-3
process. Since 2-of-3 covers nearly all use cases, optimizing for it
seemed like the right approach.
- Backup Strategy Template: Penlock now suggests a generic, adaptable
backup strategy that helps set up offsite recovery and trust-minimized
inheritance. In short, each share is tied to a different type of
storage: Digital, Social, and (optionally) Legal. This ensures an
attacker would have to run two different types of attacks, and makes
it hard for a party holding one share to obtain a second one. You
can find more details at <https://v1.penlock.io/en/split#strategy>.
- On-Paper Error Correction: Penlock v1 introduces what I believe to
be the first on-paper error correction algorithm. Each BIP39 word is
extended with two pre-computed parity symbols, guaranteeing per-word
unambiguous correction of 1 error and detection of 2. In practice,
it's also possible to fix a word with two errors, though it requires
a little bit of patience.
- Easier Seed Phrase Generation: Penlock also offers BIP39 seed phrase
generation as an extra feature. The whole process has been redesigned
into one of the simplest ways to generate a seed phrase by hand.
Penlock was inspired by Codex32 from Andrew Poelstra and Russell
O'Connor. It's been a two-year quest to adapt their concept for BIP39
seed phrases, iterating toward the best UX I could craft without
compromising security. These improvements often required breaking
compatibility with previous versions, which made me reluctant to
propose a public version until the design stabilized into something
final.
I believe I have finally reached the best formula I can think of,
hence this release. The feedback so far has been very positive,
and I hope you find it interesting too! Please share any feedback or
questions, and let me know what you think!
Best,
Rama Gan
P.S.: Penlock's wheel also happens to be an interesting cryptographic
puzzle—can you reverse-engineer Penlock's secret splitting algorithm
just by looking at it?
I am thrilled to announce the public release of Penlock!
The goal is achieved! If you have a printer, scissors, a craft knife,
and a pin, you can mechanically secret-split a 12-word seed phrase
in under two hours. This includes the entire process—learning,
printing, assembling, executing, and storing the shares.
Penlock is a printable paper calculator that guides you through
splitting a seed phrase into a 2-of-3 backup. It is open-source,
uses straightforward and robust cryptography, and includes various
fail-safes that protect against errors. A beta was announced on
this list last year, and the public release is now available at:
<https://v1.penlock.io/en/>
This release breaks backward-compatibility with the beta, allowing for
enhancements that make Penlock significantly easier to operate. Here
are the main improvements in v1:
- Faster Secret-Splitting: Penlock now focuses exclusively on producing
2-of-3 backups using its own paper-optimized splitting algorithm. The
previous iteration supported K-of-M splitting with Shamir Secret
Sharing, but at the cost of more complexity and a clunkier 2-of-3
process. Since 2-of-3 covers nearly all use cases, optimizing for it
seemed like the right approach.
- Backup Strategy Template: Penlock now suggests a generic, adaptable
backup strategy that helps set up offsite recovery and trust-minimized
inheritance. In short, each share is tied to a different type of
storage: Digital, Social, and (optionally) Legal. This ensures an
attacker would have to run two different types of attacks, and makes
it hard for a party holding one share to obtain a second one. You
can find more details at <https://v1.penlock.io/en/split#strategy>.
- On-Paper Error Correction: Penlock v1 introduces what I believe to
be the first on-paper error correction algorithm. Each BIP39 word is
extended with two pre-computed parity symbols, guaranteeing per-word
unambiguous correction of 1 error and detection of 2. In practice,
it's also possible to fix a word with two errors, though it requires
a little bit of patience.
- Easier Seed Phrase Generation: Penlock also offers BIP39 seed phrase
generation as an extra feature. The whole process has been redesigned
into one of the simplest ways to generate a seed phrase by hand.
Penlock was inspired by Codex32 from Andrew Poelstra and Russell
O'Connor. It's been a two-year quest to adapt their concept for BIP39
seed phrases, iterating toward the best UX I could craft without
compromising security. These improvements often required breaking
compatibility with previous versions, which made me reluctant to
propose a public version until the design stabilized into something
final.
I believe I have finally reached the best formula I can think of,
hence this release. The feedback so far has been very positive,
and I hope you find it interesting too! Please share any feedback or
questions, and let me know what you think!
Best,
Rama Gan
P.S.: Penlock's wheel also happens to be an interesting cryptographic
puzzle—can you reverse-engineer Penlock's secret splitting algorithm
just by looking at it?
Reply all
Reply to author
Forward
0 new messages