S
Spectivity
← Back to Bitcoin Improvement Proposals
BIPinformationalwalletkey-management

BIP93: Restrict master seed lengths and Revise codex32 string length specifications

codex32 string length limited to always cover HRP characters, master seed bit lengths limited to multiples of 32-bits, updated master seed encoding/decoding processes. PR helper for #2040: prepares text for general HRP lengths by defining limits based on string length not data part length and deprecating master seed lengths that violate a general codex32 string length > checksum type rule. **Why** Restricting seeds to 32-bit multiples makes valid secret seed **lengths** differ by at least 6-7

No reviews
BenWestgate·Updated Mar 13, 2026·0 reviews·0 attestations·View source

Specification

codex32 string length limited to always cover HRP characters, master seed bit lengths limited to multiples of 32-bits, updated master seed encoding/decoding processes.

PR helper for #2040: prepares text for general HRP lengths by defining limits based on string length not data part length and deprecating master seed lengths that violate a general codex32 string length > checksum type rule.

Why Restricting seeds to 32-bit multiples makes valid secret seed lengths differ by at least 6-7 characters reducing ambiguity to two valid lengths for insert/delete-correcting error correcting wallets.

Key changes c286c2c5a7385113d33b3dd8cbda806bd371523f

  • Overall string max length for regular codex32 now limited to 94 chars. Payload changed from “up to 74” → up to 72 bech32 characters.
  • Long codex32: new length window (97–1024 characters) and payload allowance relaxed (up to 1001 bech32 chars).
  • Explain the checksum covers low HRP+data per BIP-0173.

Other changes:

  • Remove "decode" from Unshared Secret as this process should be application specific once HRP is generalized.
  • Master seed format changes:
    • Add "decode" section.
    • Restrict seed lengths to 32-bit multiples (128-512) to avoid an "ms" exception for switching between regular and long format.
    • Recommend how to derive unspecified identifiers for fresh and reshared secret seeds.
    • Recommend deterministic implementations derive padding using a defined CRC code.
  • Defined a "shared string" as a non-"0" threshold parameter codex32 string.
    • Defined how to "decode" these as implementers have been surprised naked share payload bytes are insufficient to recover the secret.
  • Defined a "master share set" as a k shared strings valid set generated with exactly k-1 fresh shares in accordance with that section. (needed for deriving reshare identifiers.)
  • Added a couple <ref> notes for the less obvious changes.
  • Fixed missing /ref so Footnotes now appear at the end of Rationale (they're invisible in master)
  • Bolded all section references.

Test Vectors I have a reference implementation with test vectors according to this spec update, as well as #2040, so I will add these if reviewers agree about the text changes.

Discussion (0 threads)

No discussion yet. Be the first to comment.