Skip to content

Commit 143066e

Browse files
BenWestgateapoelstra
BenWestgate
authored and
apoelstra
committed
Update wallets.md
1 parent 1d8e705 commit 143066e

1 file changed

Lines changed: 32 additions & 19 deletions

File tree

docs/wallets.md

Lines changed: 32 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -25,44 +25,57 @@ Codex provides users instructions on doing generation themselves.
2525
## Error Detection and Correction
2626

2727
Wallets MUST support detection of errors using the codex32 checksum algorithm.
28-
Wallets MAY additionally support error correction; such wallets are referred to as "error-correcting wallets (ECWs)" and have additional requirements.
28+
Wallets SHOULD additionally support error correction; such wallets are referred to as "error-correcting wallets (ECWs)" and have additional requirements.
2929

30-
An ECW
30+
An ECW:
3131

32-
* MUST support correction of up to 4 substitution errors;
33-
* MAY also support correction of up to 8 erasures;
32+
* MUST support correction of up to 4 substitution errors and erasures;
33+
* MAY also support correction of up to 8 erasures, up to 13 if contiguous;
3434
* MAY support correction of further errors, including insertion or deletion errors.
3535

3636
If a wallet is unable to meet these specifications, it is not an ECW and it SHOULD NOT expose error-correction functionality to the user.
3737

3838
## Import Support
3939

40-
Wallets MAY accept seeds whose length is any multiple of 8 between 128 and 512 bits, inclusive.
41-
Wallets SHOULD support import of 128- and 256-bit seeds; other lengths are optional.
42-
43-
128-bit seeds encode as 48-character codex32 strings, including the `MS1` prefix.
44-
256-bit seeds encode as 74-character codex32 strings. For other bit-lengths, see the BIP.
40+
Wallets SHOULD support import of 128- and 256-bit seeds; other lengths are optional. 128-bit seeds encode as 48-character codex32 strings, including the `MS1` prefix. 256-bit seeds encode as 74-character codex32 strings. For other bit-lengths, see the BIP.
4541

4642
The process for entering codex32 strings is:
4743

48-
1. The user should enter the first string. To the extent possible given screen limitations, data should be displayed in uppercase with visually distinct four-character windows. The first four-character window should include the `MS1` prefix, which should be pre-filled.
49-
* The user should not be able to enter mixed-case characters. The user MUST be able to enter all bech32 characters. ECWs MUST also allow entry of `?` which indicates an erasure (unknown character). Wallets MAY allow users to enter non-bech32 characters, at their discretion. (This may be useful to guide error correction, by attempting to replace commonly confused characters.)
50-
* If the header is invalid, the wallet SHOULD highlight this and request confirmation from the user before allowing additional data to be entered. An invalid header is one that starts with a character other than `0` or `2` through `9`, or one which starts with `0` but whose share index is not `S`. For shares after the first, a header is also invalid if its threshold and identifier do not match those of the first share.
44+
1. The user should enter the first string. To the extent possible given screen limitations, data should be displayed in uppercase with visually distinct four-character windows. The first four-character window should include the `MS1` prefix, which SHOULD be pre-filled.
45+
* The user MUST be able to enter all bech32 characters.
46+
* ECWs MUST also allow entry of `?` which indicates an erasure (unknown character).
47+
* The user SHOULD NOT be able to enter mixed-case characters.
48+
* If the header is invalid, the wallet SHOULD highlight the problem and request confirmation from the user before allowing additional data to be entered.
49+
* An invalid header is one that starts with a character other than `0` or `2` through `9`, or one which starts with `0` but whose share index is not `S`. For shares after the first, a header is also invalid if its threshold and identifier do not match those of the first share or whose share index matches any previous share.
50+
* ECWs MAY replace the offending characters of the header with '?'.
51+
* Wallets MAY:
52+
* Allow users to enter invalid characters, at their discretion. (This may be useful to guide error correction, by attempting to replace commonly confused characters.)
53+
* Use predictive text for on-screen keyboards to suggest the codex32 checksum characters but if so MUST require user to manually accept the prediction.
54+
* Indicate when the entry has a valid checksum, e.g. by highlighting the string green or displaying the 'Submit' option but they MUST NOT submit a string with a valid checksum without user request.
55+
* ECWs MAY additionally indicate when an entry of sufficient length to correct has an invalid checksum, e.g. by highlighting the string red or displaying an "Attempt Correction" option.
56+
57+
5158
1. Once the first string is fully entered, the wallet MUST validate the checksum and header before accepting it.
52-
* If the checksum does not pass, then an ECW
53-
* MUST attempt error correction of substitution and erasure errors.
54-
* MAY attempt correction by deleting and/or inserting characters, as long as the resulting string has a valid length for a codex32 string.
55-
* If a valid candidate correction is found, the wallet MUST show it to the user for confirmation rather than silently applying it.
56-
* When displaying a candidate correction, wallets MAY highlight the corrected 4-character windows and/or the specific locations of substitution, insertion and/or deletion corrections.
59+
* If the checksum does not pass, then an ECW:
60+
* MUST attempt error correction of substitution errors and erasures.
61+
* MAY attempt correction by deleting and/or inserting characters, as long as the resulting string has a valid length for a codex32 string. ECWs MAY assume the correct length is the closest of 48 or 74.
62+
* MUST show any valid correction candidate found to the user for confirmation rather than silently applying it.
63+
* If insertion and/or deletion correction candidates are found, the shortest edit distance valid string SHOULD be displayed.
64+
* This is the sum of all edits with erasures and deletes weighted 1 and substitutions and insertions weighted 2.
65+
* ECWs displaying a candidate correction MAY highlight corrected 4-character windows and/or specific correction locations.
5766
1. After the first string has been entered and accepted, the wallet now knows the identifier, threshold value and valid length.
5867
* If the first string had index `S`, this was the codex32 secret and the import process is complete.
5968
* Otherwise, the fourth character of the share will be a numeric character between `2` and `9` inclusive. The user must enter this many shares in total.
6069
* Wallets MAY encrypt and store recovery progress, to allow recovery without having all shares available at once. The details of this are currently outside of the scope of this specification.
6170
1. The user should then enter the remaining shares, in the same manner as the first.
6271
* The wallet SHOULD pre-fill the header (threshold value and identifier).
63-
* If the user tries to repeat an already-entered share index, they should be prevented from entering additional data until it is corrected, with the exception that `?` may be used as a share index arbitrarily many times. The wallet may guide the user by indicating that a share index has been repeated; if the user indicates that they are not repeating the share, the share index SHOULD be replaced by `?`.
72+
* If the user tries to repeat an already-entered share index, they SHOULD be prevented from entering additional data until it is corrected.
73+
* The wallet MAY guide the user by indicating that a share index has been repeated;
74+
* ECWs may use `?` as a share index arbitrarily many times. If the user indicates they are not repeating the share, the share index SHOULD be replaced by `?`.
6475
* If the checksum fails, the wallet MAY attempt correction by deleting and/or inserting characters. However, the wallet MUST assume the valid length of all subsequent shares is equal to the valid length of the first share, so the number of characters inserted and deleted must net out to the correct length.
65-
1. For all codex32 strings, if the entered string does not pass the checksum but the wallet is able to correct the errors (by substitution, insertion and/or deletion), the wallet MUST show the corrected string to the user and request confirmation that the corrected string **exactly matches** the user's copy of the data. The wallet MAY highlight the locations of changed characters. The wallet MUST NOT silently apply corrections without approval from the user.
76+
1. For all invalid codex32 strings entered, if an ECW is able to correct the errors (by deletion, insertion, substitution and/or filling erasures), it MUST show the corrected string to the user and request confirmation that the corrected string **exactly matches** the user's copy of the data. It MUST NOT silently apply corrections without approval from the user.
77+
* If no valid string is found with a correct hrp, header and unique index within correction distance limits or within 10 seconds of search, give up.
78+
* ECWs MAY warn the user they've repeated a share if the only valid string found exactly matches a previously entered share.
6679
1. Once all shares are entered, the wallet should recover the master seed and import this.
6780

6881
**The master seed should be used directly as a master seed, as specified in BIP32.**

0 commit comments

Comments
 (0)