Improve handling of extra entropy

o Remove option for Fixed entropy
o Better handle entropy with only DC signal
o Always suggest extra entropy (SHA-512) for Create controls

Author: pjkundert

slip39/gui/SLIP-39-SD.org

@@ -11,7 +11,6 @@ BIP-39 Mnemonic using SLIP-39.
 | Create   | Random      | Create SLIP-39 Mnemonics from secure randomnes         |
 | Recover  | SLIP-39     | Recover Seed from SLIP-39 Mnemonics                    |
 | Pro      | BIP-39 Seed | Backup 512-bit BIP-39 Seed from Mnemonics + passphrase |
-| Pro      | Fixed       | Hex data may be supplied for the Seed                  |
 #+END_ABSTRACT
 
 * BIP-39

slip39/gui/SLIP-39-SD.txt

@@ -8,7 +8,6 @@ your insecure/unreliable BIP-39 Mnemonic using SLIP-39.
  Create    Random       Create SLIP-39 Mnemonics from secure randomnes         
  Recover   SLIP-39      Recover Seed from SLIP-39 Mnemonics                    
  Pro       BIP-39 Seed  Backup 512-bit BIP-39 Seed from Mnemonics + passphrase 
- Pro       Fixed        Hex data may be supplied for the Seed                  
 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
 

slip39/gui/main.py

@@ -285,11 +285,6 @@ def groups_layout(
                     sg.Checkbox( 'Passphrase',          key='-SD-PASS-C-',      visible=False,  **T_hue( B_kwds, 2/20 )),
                 ],
                 [
-                    sg.Text("Fixed: ",                                          visible=LO_PRO, **T_hue( T_kwds, 1/20 )),
-                ] + [
-                    sg.Radio( f"{b}-bit",  "SD", key=f"-SD-{b}-FIX-",           visible=LO_PRO, **T_hue( B_kwds, 1/20 ))
-                    for b in BITS
-                ] + [
                     sg.Frame( passphrase_trezor_incompatible, [
                         [
                             sg.Text( "Passphrase (decrypt): ",                                  **T_kwds ),
@@ -319,19 +314,20 @@ def groups_layout(
             sg.Frame( SE_SEED_FRAME, [
                 [
                     sg.Radio( "None",             "SE", key='-SE-NON-',         visible=LO_REC,
-                                                                                default=True,   **B_kwds ),
+                                                                                default=LO_BAK, **B_kwds ),
                     sg.Radio( "Hex",              "SE", key='-SE-HEX-',         visible=LO_PRO, **B_kwds ),
-                    sg.Radio( "Die rolls, ... (SHA-512)", "SE", key='-SE-SHA-', visible=LO_REC, **B_kwds ),
+                    sg.Radio( "Die rolls, ... (SHA-512)", "SE", key='-SE-SHA-', visible=LO_REC,
+                                                                                default=LO_CRE or LO_PRO, **B_kwds ),
                     sg.Checkbox( 'Ignore Bad Entropy', key='-SE-SIGS-C-',       visible=LO_REC or LO_PRO,
                                                                                 disabled=False, **T_hue( B_kwds, 3/20 )),
                 ],
                 [
-                    sg.Frame( 'Entropy', [
+                    sg.Column( [
                         [
-                            sg.Text( "Hex digits: ",    key='-SE-DATA-T-',      size=prefix,    **T_kwds ),
+                            sg.Text( "Die rolls, etc.:",key='-SE-DATA-T-',      size=prefix,    **T_kwds ),
                             sg.Input( "",               key='-SE-DATA-',        size=inlong,    **I_kwds ),
                         ],
-                    ],                                  key='-SE-DATA-F-',      visible=False,  **F_kwds ),
+                    ],                                  key='-SE-DATA-F-',      visible=False ),
                 ],
                 [
                     sg.Text( "Seed XOR Data: ",                                 visible=LO_REC,
@@ -532,9 +528,6 @@ def update_seed_data( event, window, values ):
         '-SD-128-RND-',
         '-SD-256-RND-',
         '-SD-512-RND-',
-        '-SD-128-FIX-',
-        '-SD-256-FIX-',
-        '-SD-512-FIX-',
         '-SD-BIP-',			# Recover 128- to 256-bit Mnemonic Seed Entropy
         '-SD-BIP-SEED-',		# Recover 512-bit Generated Seed w/ passphrase
         '-SD-SLIP-',
@@ -775,9 +768,13 @@ def stretch_seed_entropy( entropy, n, bits, encoding=None ):
             # Other encoding was provided, eg 'UTF-8', 'ASCII', ...; stretch for the 0th Seed, too.
             n		       += 1
             entropy		= codecs.encode( entropy, encoding )    # '012abc' --> b'012abc'
-    for _ in range( n ):
-        entropy			= hashlib.sha512( entropy ).digest()
     octets			= ( bits + 7 ) // 8
+    if entropy:
+        for _ in range( n ):
+            entropy		= hashlib.sha512( entropy ).digest()
+    else:
+        # If no entropy provided, result is all 0
+        entropy			= b'\0' * octets
     assert len( entropy ) >= octets, \
         "Insufficient extra Seed Entropy provided for {ordinal(n+1)} {bits}-bit Seed"
     return entropy[:octets]
@@ -809,7 +806,9 @@ def update_seed_entropy( event, window, values ):
             update_seed_entropy.src = src
             window['-SE-DATA-'].update( data )
             values['-SE-DATA-']	= data
-            if 'HEX' in update_seed_entropy.src:
+            if 'NON' in update_seed_entropy.src:
+                window['-SE-DATA-T-'].update( "" )
+            elif 'HEX' in update_seed_entropy.src:
                 window['-SE-DATA-T-'].update( "Hex digits: " )
             else:
                 window['-SE-DATA-T-'].update( "Die rolls, etc.: " )

slip39/recovery/entropy.py

@@ -197,11 +197,15 @@ def denoise_mags( mags, threshold, middle=None, stride=8 ):
         ]
         cavg			= avg( curs ) if middle is None else middle( curs )
         target			= cavg * threshold
-        #print( f"dnoi: {' '.join( f'{c:{stride}.1f}({mags[i] / target:{stride-2}.1f})' for i,c in enumerate( curs ))}: {target=:7.1f}" )
+        #print( f"dnoi: {' '.join( f'{c:{stride}.1f}({mags[i] / target if target else 0:{stride-2}.1f})' for i,c in enumerate( curs ))}: {target=:7.1f}" )
 
     # Return the noise threshold target magnitude deduced, and the index,SNR for each signal bin,
     # sorted by SNR
-    return target, sorted( ( (i, mags[i] / target) for i in snrs ), key=lambda e: e[1], reverse=True )
+    return target, sorted(
+        ( (i, mags[i] / target if target else 0) for i in snrs ),
+        key	= lambda e: e[1],
+        reverse	= True,
+    )
 
 
 def signal_recover_real( dfts, scale=None, integer=False, amplify=None ):
@@ -414,7 +418,7 @@ def signal_entropy(
     dB.  Using something like statistics.median is problematic for low-noise signals, because if a
     sufficient number of bins have 0 energy, the noise will be 0, and a "default" SNR (signal/noise
     *ratio*) of 1.0 will be used (0.0 dB), allowing any more legitimate signal to be used instead of
-    the unlikely "perfect" noise-free signal.
+    the unlikely "perfect" noise-free signal (or signals w/ *only* a DC component if we ignore_dc.)
 
     So, the result can be sorted by greatest power, and if any power is found to be > 0.0dB, the
     entropy can be rejected as having too much "signal" vs "noise" (entropy).
@@ -465,16 +469,6 @@ def signal_entropy(
             snrd		= dict( snrs )  # i: snr
             #print( f"snrs: {' '.join( f'{snrd[i]:{stride*2}.1f}' if i in snrd else (' ' * stride*2) for i in range( len( mags )))}: {target=:7.1f}" )
 
-            # mid			= nrms if middle is None else middle( mags )
-            # target		= mid * threshold
-            # # Find the magnitude, offset of the top magnitudes exceeding target, sorted high to low
-            # tops		= sorted( ( (m,i) for i,m in enumerate( mags ) if m > target ), reverse=True )
-            # # Compute total signal dB SNR vs. target.  If all mags are 0 (all sigs were 0), then top
-            # # and target will all be 0.  However, this means that the signal is totally predictable
-            # # (contains infinitely strong signal), so pick an small but non-passing snr (1.0 ==
-            # # 0.0dB), so that any other more "legitimate" non-passing signals will likely be chosen
-            # # as strongest.  If no signal; report how far below the target our strongest bin is.
-
             # When we have multiple signals, a Signal with several strong signals should have an SNR
             # higher than something with fewer/weaker signals.  However, only the portion *above*
             # the target threshold count.  So, sum the tops, and compute the overall Signal SNR.
@@ -565,7 +559,9 @@ def signal_entropy(
                 # scale the signal by the ratio of the removed DC to the largest other signal.  Since we know that
                 # the other signals were DC "higher" in the original signal, amplifying the signal by this ratio
                 # shouldn't exceed the maximum dynamic range of the eg. integer signal values.
-                dc_amplify	= 1 + abs( dc ) / max( abs( b ) for b in dfts )
+                peak		= max( abs( b ) for b in dfts )
+                if peak:
+                    dc_amplify	= 1 + abs( dc ) / peak
 
             # Compute the resolution for the inverse DFT required to properly cover the binary
             # entropy.  However, limit size of the resultant DFT, as idft is O(N^2).  For a 512-bit
@@ -588,7 +584,7 @@ def signal_entropy(
                 #print( f" - {i=:3} --> {o=:3} ==> {sigs[o]:7}" )
                 pos	       += signal_draw( sigs[o], pos=True )
                 neg	       += signal_draw( sigs[o], neg=True )
-            harmonic_dBs	= [ f"{ordinal(h) if h else 'DC'} {into_dB(mags[h]/target):.1f}dB" for h in harmonic ]
+            harmonic_dBs	= [ f"{ordinal(h) if h else 'DC'} {into_dB(mags[h]/target) if target else 0.0:.1f}dB" for h in harmonic ]
             details	       += f"{offpref}{pos} {len(harmonic)} harmonics: {commas( harmonic_dBs, final='and' )}\n"
             details	       += f"{offpref}{neg}  - "
             if 0 in harmonic:

slip39/version.py

@@ -1,2 +1,2 @@
-__version_info__		= ( 11, 0, 2 )
+__version_info__		= ( 11, 0, 3 )
 __version__			= '.'.join( map( str, __version_info__ ))