What is the best way to make the most secure private key?

What are current best known ways for sourcing randomness for the most securely generated private key possible?

I want to do more than rely on an offline zcashd node to generate the key.

I saw what Andrew Miller did with the radioactive material, a plane, a geiger counter and an air gapped laptop.

What would some other sources of randomness be that are as good or near as good and perhaps easier to implement?

1 Like

The Sapling MPC or powers of Tau ceremony which you are referencing was a part of the second Zcash trusted set up for generating the public parameters and now after NU5 are basically deprecated. Cool sources of entropy are always neat but idk if it really applies anymore or could be further applied in the way you describe.

Applications that require a source of randomness are agnostic to the source of randomness. If the application benefits from randomness, it doesnt matter whether that randomness came from weather data, radioactive decay or a pseudorandom number generator, and it doesnt care what other application that random number source has been used for, like the MPC you mentioned.

What like i said i don’t really know how you would go about implementing with an existing full node and if you did i don’t think you’d be able to restore it on other normal full nodes. If you want to encrypt the key after the fact then you’d have to decript it with your secondary method anyways

This topic is about key creation, not encrypting or decrypting after the fact.

The idea is to use as random a source as possible to create a key, then import that key into an air gapped offline client for generating the address for sending funds to and keeping in cold storage, or later importing that key into an air gapped offline client for signing a transaction.

1 Like

My guess is that you would have to modify the build itself because I assume the entrpoic paramaters for all of later key generation are taken or used when it builds zcashd but I could be wrong, say like with generating legacy sapling addys (shrug, not sure). In any case it will require modifying some part of the protocol to inject or have it sequester this extra entropy from you whenever that proper time happens to be.
Your key would most likely only be restorable on your own machine and to that you would need to make sure that your modifications persist consistently across build upgrades to ensure that a decrip’s properly.

Also it’s worth mentioning that key imports and export are now technically legacy functions, the supported way is to restore with the zcashd-backup-tool file and (coming soon) mnemonic seed.

With zcashd all keys are derived with the function of creating an address and importing a key always imports the address with it so i’m not sure if you can create the key and then import it to use it to create another address as it will have already had created one.
Or because you modified it will derive a different address? Is that the goal? (Sorry that we go round like this! :sweat_smile:)

Bip 39 is what you are probably looking for.

I dont want to use pseudo randomness for generating my seed/private keys. I wanted to source better randomness from nature.

Im used to using seeds. How does BIP 39 answer my question about sources of randomness?

and also the reason i want the randomness to be natural is to help secure oneself from compromised software

How you would implement and use it I don’t know but personally I would source radio signals like background radiation (white noise) or from some natural source like the sun as a good way to get entropy, not unlike the radiation over Lake Michigan (and honestly most of the modern world is flooded with rf you could just sample something manmade all randomlike).
Capturing a radio signal like that could be done very cheaply and easily with a software defined radio. I have a few rtl-sdr’s whch are little usb doggles about the size of a flash drive that you screw an antenna of sorts into one end and plug the usb into the computer and its a whole new world. (Tangent: i saw a tweet where Str4d is messing with a flipper zero! At a boy! :dolphin:)


You flip a coin 256 times and then translate that entropy into a seed phrase. Other good sources:


This is a random number hash generation something program (I think it’s a part of a white noise audio plugin, I’ll find the article) and the reason that it’s interesting is because the author of it, by evidence of the data that it has produced, claims to have proven the existence of God. I didn’t quite read the whole thing but i’m sure it lends some context to when you get down to ‘proof_math_is_engineered.c’. Seems awfully sure of himself :thinking:
From the readme:

“These results of 1-bit PRVHASH say the following: if abstract mathematics contains not just a system of rules for manipulating numbers and variables, but also contains a freely-defined fixed information that is “readable” by a person, then mathematics does not just “exists”, but “it was formed”, because mathematics does not evolve (beside human discovery of new rules and patterns). And since physics cannot be formulated without such mathematics, and physical processes clearly obey these mathematical rules, it means that a Creator/Higher Intelligence/God exists in relation to the Universe. For the author personally, everything is proven here.”