Create your own wallet seed using regular dice
October 9, 2020
To be really, really sure that you have created a Bitcoin wallet that's secure you should generate the wallet seed offline and using a method that is transparent, i.e. where you can audit the process yourself and understand where the entropy/randomness comes from. In his great 10x Security Bitcoin Guide Michael Flaxman presents a few different ways of doing this. The first and most straightforward method is to print the complete BIP-39 list of 2048 words, cut them into small pieces of paper, put them in a hat and draw 23 times (why 23? see the section “What about the 24th word?!” below). The good thing about this method is that it is completely obvious what you are doing. You want 23 random words from a list of 2048 words so you simply draw words from a hat. The drawback of this method is that it is incredibly tedious to cut out those 2048 little pieces of paper, likely so incredibly tedious that practically noone will do it.
Another option is to use the guide on seedpicker.net in which the cutting has been reduced to 342 raffle tickets that is then combined with a roll of a die and a lookup table. Much better, but still a lot of cutting.
In an attempt to simplify this further I created the following two page printout that can be used in combination with a regular 6-sided die, no scissors necessary. You roll the die 5 times (or use 5 dice) to get a word from the wordlist. Repeat this process 23 times and you have your 23 words. In my own experiment using 5 dice this took roughly 10 minutes.
Let’s have a closer look at how to use the printout. Instructions are included at the bottom of the second page.
Now, if that's still confusing, here's an example of how to use it:
- First roll is a 2 so we use the first page (1-3 means first page, 4-6 second page)
- Second roll is 4 so we zoom in on the big rectangle in the 4th position
- Third roll is a 5 so we zoom further into the smaller 5th rectangle.
- Fourth roll is a 2 so our final rectangle is the one in the top right of this area.
- Our final dice roll is a 6, hence our word is INSPIRE.
We write down the word INSPIRE on a piece of paper and start again. Let’s see what happens if we roll a 4, followed by a 5. We end up on the second page in a rectangle that doesn’t have any words! There are some blank parts like this because our 5 rolls don't add up to exactly 2048 possibilities. When you “draw a blank” you should start over again with the first dice roll (the one selecting page 1 or 2). Do not simply retry the last roll (the 5) as that would skew the probabilities so that words on page 2 are selected more often.
Using five dice instead of one
If you wanna speed up the process by using 5 dice instead of one you need to make sure that you read the results in a predetermined order (so that your own brain is not involved in the process of deciding which die should be read first). The simplest way to do this is to always read the from left to right as they land on the table. Another option would be to use 5 differently colored dice and decide that the red one is the first one, the blue one is the second etc.
What about the 24th word?!
The 24th word in a BIP-39 seed is not a randomly generated one. Actually, the way a seed is normally generated is by a computer generating 256 bits of random data. From this data a checksum of 8 bits is then calculated and appended to the 256 bits. The 264 resulting bits are divided into 24 parts of 11 bits each and each one of those 11 bits is converted into a word, using a predetermined word list.
That's it. Now, the next step is of course to use your seed as part of a multisig setup so that you don't put all your trust in one single piece of hardware or software.