Reached another milestone: I finished reviewing and cleaning up the core seraphis library (still need to go through the serialization demo, mockups, and unit tests but won't go as in-depth). Once dangerousfreedom's seraphis knowledge proof work is merged, the library should be 'done' pending reviews.

Hello, I have been working on understanding wallet address generation a bit by building a shell script to generate wallets, and during my time working on this I discovered a potential for mnemonic seed phrase overlaps when it comes to private spend keys. I was able to import 2 different mnemonic seeds which share a private key and see the same transaction history. I have seen it happen several times since which leads me

to believe there may be a fairly high number of private keys that can be derived from more than one mnemonic seed phrase.

For example:... (full message at <libera.ems.host/_matrix/media/v3/do…2fa1585e3be8056afc0a3639fab347acf94>)

I see 2 possible reasons for this. One is that our english dictionary is 1626 words long but calculated from 11 bits of entropy which leaves around 420 potential values that may need to be reduced to find a word

Because 1626^24 is ~2^256 and private spend key can be only one of 2^252 values

and second is that the hex seed has to be reduced to derive the private key, but if the hex seed is lower than l then no reduction actually takes place, and the hex seed can be the private key

seed phrases are 16x more numerous

oh I didn't realize how much larger the seed phrase space was

so potentially each private key has up to 16 mnemonic possibilities?

yes

thank you. That makes sense. i always went on the assumption that it was a 1:1 - this is why I wanted to start learning how addresses work

would a full 2048 word list reduce that overlap by much or at all? Would it break something else mathematically down the road? I notice bitcoin uses a 2048 word dictionary

I am thinking it probably wouldn't make much of a difference if any because if anything it would make more mnemonic combinations not less

Seed phrase is just an encoding of a number in base-1626 (or base-2048)

If you allow numbers above 2^252+27742317777372353535851937790883648493, you will get duplicates

and this number is not a power of 1626 or 2048

so duplicates will happen in any case

much obliged. I am not a mathematician but it makes sense. It just seemed like something unlikely but with 16x the possibilities it makes sense.

Is mining with Seraphis still only possible using the Jamtis address with index 0, formerly known as "main address"?

rbrunner: no, any address

Ah, ok. A somewhat surprising improvement over today's situation then.