Polyseed the hotness in Monero Seed Phrase formats

I hate adding more scope creep but I need to incorporate polyseed to the project. Sadly there is no polyseed support in the official monero python library. I can use cytpes to create a wrapper to interact with the official c library but I am considering rewriting it from scratch in pure python. I plan on keeping the monero python library as is for most of the seed operations in Monerosigner. This means the polyseed.py library would then convert to key before being used with the python lib.

Why does polyseed matter?

Seems like polyseed is not only the preferred seed format for feather and cake wallet but it is more than likely also going to make its ways into the official wallets in the future.


Features in a nutshell:

  • 16 mnemonic words (36% shorter than the original 25-word seed)
  • embedded wallet birthday to optimize restoring from the seed
  • supports encryption by a passphrase
  • can store up to 3 custom bits
  • advanced checksum based on a polynomial code
  • seeds are incompatible between different coins

Supported languages:

  1. English
  2. Japanese
  3. Korean
  4. Spanish
  5. French
  6. Italian
  7. Czech
  8. Portuguese
  9. Chinese (Simplified)
  10. Chinese (Traditional)

Another important feature is that it also has the Wallet birthday as part of the seed phrase. This is very important in Monero as a Monero wallet needs to scan the blockchain for calculating the wallet balance. Without the wallet birthday the wallet needs to scan the blockchain since the genesis block.

Note of concerns

I do have some concerns on polyseed. First one is a known tradeoff in how the seeds are incompatible between different coins. I see an advantage in the standardization of seed phrases for DH key derivations with multichains. This makes developing wallets a lot easier as adding support for a new ecosystem can be as easy as adding a new derivation path. I don't forsee this being as big an issue as I already plan on creating libraries to convert between different seed formats. At the end of the day it is just an encoding for a private key.

The use of sha256 for the KDF.

The private key is derived from the 150-bit secret seed using PBKDF2-HMAC-SHA256 with 10000 iterations.

Once again this is a design tradeoff. Choosing sha256 instead of sha512 helps make sure that crypto chips on devices can more easily calculate the key. The industry standard Bip39 uses sha512 as the kdf. Just something to note.

I'll dive a bit more and work on getting the polyseed python implementation working. This will be its new home: https://github.com/Monero-HackerIndustrial/polyseed.py

Previous Post