A cryptographically secure tool for encrypting BIP-39 seed phrases using dual-cipher encryption (Caesar + Vernam) and splitting them using Shamir's Secret Sharing (SSS).
NEVER run this on a connected computer with your real seed phrase.
ALWAYS assume there is a keystroke logger and screen recorder running.
Modern malware can:
- Record ALL keystrokes (capturing your seed phrase, offset, OTP)
- Take screenshots/screen recordings (capturing everything you see)
- STORE this data locally and wait
- Upload captured data when you reconnect to the network - even days/weeks later!
Option 1: Dedicated Offline Device (RECOMMENDED)
- Obtain a new Raspberry Pi or dedicated computer
- Install Python and required libraries on another computer (download packages)
- Transfer installation files to the Raspberry Pi via USB (offline)
- Install everything while NEVER connecting to any network
- Run this tool on the air-gapped device
- NEVER EVER connect this device to any network - not now, not later, not ever
- Store the device securely or destroy it
Option 2: Device Destruction
- Use a Raspberry Pi or cheap computer
- Install Python and libraries (download offline)
- Run this tool with your seed phrase
- Physically destroy the device (drill, hammer, fire)
- NEVER connect it to a network
- β Run on your daily computer "just this once"
- β Disconnect WiFi temporarily and reconnect later
- β Think "I'll be careful" - malware is invisible
- β Use a virtual machine (host OS may be compromised)
- β Connect the device to network "after formatting" - malware can persist
This tool handles cryptocurrency wallet seed phrases. Compromised seed phrases mean permanent and irreversible loss of ALL funds. There is no recovery, no customer service, no undo button.
β
100% Offline - Zero network connections, no phone-home functionality
β
Cryptographically Secure - Uses Python's secrets module (not random)
β
Audited SSS Implementation - Mathematically correct Shamir Secret Sharing
β
No External Dependencies - Only Python standard library + Tkinter
β
Air-Gap Safe - Designed for disconnected operation
- Network Activity: NONE - No socket, urllib, requests, or any network libraries
- File Operations: READ-ONLY user-specified files only
- Random Number Generation: Cryptographically secure (
secretsmodule) - Code Execution: No eval(), exec(), or subprocess calls
- Dual-cipher encryption: Caesar cipher + Vernam cipher (XOR with OTP)
- Supports 1, 12, or 24-word BIP-39 seed phrases
- Customizable offset and One-Time Password (OTP)
- Position-specific encryption with
-i X/Yflag
- Split encrypted phrases into N shares requiring K to reconstruct
- Embedded mode: Include offset, OTP, and prime in shares
- Non-embedded mode: Manually specify parameters for reconstruction
- Cryptographically secure random polynomial coefficients
- Modular arithmetic with user-specified or auto-generated prime (>2048)
- Command-line interface for scriptable operations
- Graphical interface (GUI) for ease of use
- BIP-39 wordlist viewer with configurable columns
- Random word generator for testing
- Debug mode for transparency
- Python 3.7 or higher
- Tkinter (usually included with Python)
# Clone the repository
git clone https://github.com/yourusername/bip39-encryptor.git
cd bip39-encryptor
# No additional dependencies required!
# All libraries are Python standard libraryencoder.py- Main applicationbip39_wordlist.py- Official BIP-39 English wordlist (2048 words)README.md- This file
python3 encoder.py -guiGUI Features:
Random Fill:
- Random WORDS - Fill 1, 12, or 24 random BIP-39 words
- Random NUMBERS - Fill 1, 12, or 24 random indices (1-2048)
- Configurable word count field
Encryption/Decryption:
- Encrypt seed phrases with Caesar + Vernam ciphers
- Decrypt encrypted phrases
- VALIDATE - Round-trip test (encrypt β decrypt β compare)
- MOVE WORDS UP - Move encrypted/decrypted words from output to word fields
- Debug mode for transparency
Parameter Generation:
- Generate random offset (cryptographically secure)
- Generate random OTP (cryptographically secure)
- Generate random prime (>2048)
Shamir Secret Sharing:
- ENCRYPT SSS - Create N-of-K shares with embedded or separate parameters
- DECRYPT SSS - Paste shares in text area, decrypt with parameters
- Automatic word field population after decryption
- Supports embedded (PRIME:) and non-embedded share formats
Help & Documentation:
- HELP button - Opens comprehensive help window
- Interactive font adjustment (+/- buttons)
- Complete CLI documentation
- Usage examples and warnings
User Interface:
- Scrollable interface (900x800 window)
- 24 word entry fields with vertical layout (Words 1-12 left column, 13-24 right column)
- Vertical tab navigation - Press Tab to move down through fields (1β2β3...β12β13β14...β24)
- Smart autocomplete for BIP-39 words:
- Type any letters to see matching word suggestions
- Suggestions position above/below based on available space (no cutoff)
- Press Down arrow (β) to jump to first suggestion
- Press Up arrow (β) to jump to last suggestion
- Input validation with color feedback (red background for invalid entries)
- Accepts both word names and indices (1-2048)
- BIP-39 wordlist viewer (10 columns, 2048 words)
- Clear log buttons for output areas
- Confirmation dialogs for destructive operations
python3 encoder.py -seed "abandon ability able" \
-offset 1234 \
-otp "MySecretPassword123" \
-debugpython3 encoder.py -seed "abandon ability able" \
-offset 1234 \
-otp GENERATE \
-prime GENERATEpython3 encoder.py -seed "abandon ability able about above absent absorb abstract absurd abuse access accident" \
-offset 2000 \
-otp "MySecretOTP1234567890123" \
-prime 65537 \
-s 5 3 \
-embedResult: Creates 5 shares, any 3 can reconstruct the secret. Offset, OTP, and prime are embedded in shares.
python3 encoder.py -seed "around arrive ask assault asset" \
-offset 2000 \
-otp "MySecretPassword123" \
-decryptpython3 encoder.py -sf shares.txt -debugpython3 encoder.py -sf shares.txt \
-offset 2000 \
-otp "MySecretOTP1234567890123" \
-prime 65537 \
-debugpython3 encoder.py -bip 4 # Display in 4 columns (numbered vertically)The wordlist is numbered 1-2048, filling columns vertically (top to bottom) then moving to the next column.
Shares must start with Share X: where X is the share number. Example:
Share 1: PRIME:65537-1,1,123:2,456:3,789
Share 2: PRIME:65537-2,1,234:2,567:3,890
Share 3: PRIME:65537-3,1,345:2,678:3,901
Without prime embedded:
Share 1: 1-1,123:2,456:3,789
Share 2: 2-1,234:2,567:3,890
Lines not starting with Share X: are ignored (you can paste raw SSS output).
-
Caesar Cipher: Shift BIP-39 word index by offset (modulo 2048)
caesar_index = ((original_index - 1) + offset) % 2048 + 1 -
Vernam Cipher: XOR with OTP character's ASCII value (modulo 2048)
encrypted_index = (caesar_index ^ ord(otp_char)) % 2048 -
Result: Encrypted BIP-39 word at encrypted_index
- Reverse Vernam: XOR with same OTP character
- Reverse Caesar: Subtract offset
- Result: Original BIP-39 word
- Creates a polynomial of degree
k-1with random coefficients - Secret is the constant term (polynomial value at x=0)
- Each share is
(x, P(x) mod prime)where P is the polynomial - Any
kshares can reconstruct the polynomial using Lagrange interpolation - Uses cryptographically secure randomness (
secrets.randbelow())
Use the same OTP character position for all words:
python3 encoder.py -seed "annual" \
-offset 1958 \
-otp "yyyyyyyyyyyyyyyyyyyyyyyy" \
-i 23/24This encrypts "annual" using the 23rd character of the OTP, treating it as a 24-word phrase.
| Argument | Description |
|---|---|
-h, --help |
Show help message and exit |
-seed |
BIP-39 seed phrase (1, 12, or 24 words or indices) |
-offset |
Caesar cipher offset (non-negative integer) |
-otp |
One-Time Password (or GENERATE for random) |
-prime |
Prime number >2048 for SSS (or GENERATE for random) |
-s N K |
Create N shares requiring K to reconstruct |
-embed |
-s) - See security warning below |
-sf FILE |
Reconstruct from Shamir shares file |
-decrypt |
Decrypt instead of encrypt |
-i X/Y |
Use OTP character at position X for Y-word phrase |
-bip X |
Print BIP-39 wordlist in X columns (numbered vertically) |
-debug |
Show intermediate cipher values |
-gui |
Launch graphical interface |
The -embed flag includes your offset and OTP directly in the SSS shares, making reconstruction easier but significantly less secure:
Risks of using -embed:
- β Single Point of Failure: If an attacker obtains K shares, they have EVERYTHING needed to decrypt your seed phrase
- β No Additional Security Layer: Offset and OTP provide no protection if shares are compromised
- β Lost Redundancy: You lose the benefit of storing decryption parameters separately
- β Increased Attack Surface: Each share becomes a complete decryption package
Benefits of NOT using -embed (recommended):
- β Defense in Depth: Attacker needs K shares AND separately stored offset/OTP/prime
- β Multiple Storage Locations: Parameters can be memorized, stored separately, or written down
- β Better Security: Even if K shares are stolen, seed phrase remains protected without parameters
- β Flexible Recovery: Can change storage method for parameters without regenerating shares
Recommendation: Only use -embed if you understand the trade-offs and have a specific reason (e.g., you cannot reliably store parameters separately). For maximum security, DO NOT use -embed and store offset/OTP/prime in separate secure locations.
python3 encoder.py \
-seed "abandon ability able about above absent absorb abstract absurd abuse access accident" \
-offset 5000 \
-otp GENERATE \
-prime GENERATE \
-s 7 4 \
-embedOutput:
- Generated OTP (store securely!)
- 7 shares with PRIME prefix
- Any 4 shares can reconstruct the secret
- No need to remember offset, OTP, or prime (embedded in shares)
-embed for convenience, but reduces security. For maximum protection, omit -embed and store offset/OTP/prime separately from the shares. See the -embed security warning in the Command-Line Arguments section.
- Launch GUI:
python3 encoder.py -gui - Random Fill: Click WORDS button (generates 24 random words)
- Generate Parameters:
- Click GENERATE for Offset
- Click GENERATE for OTP
- Click GENERATE for Prime
- Write down the generated offset, OTP, and prime on paper (store separately from shares)
- Validate: Click VALIDATE button (tests round-trip)
- Create Shares:
- Enter N=5, K=3 in Shamir section
- Leave EMBED checkbox UNCHECKED (recommended for maximum security)
- Click ENCRYPT SSS
- Save Shares: Copy shares from bottom text area to separate files/locations
- Store Parameters Separately: Keep offset/OTP/prime in a different secure location from the shares
Note: If you check EMBED, the parameters will be included in the shares for convenience, but this reduces security (see -embed warning in Command-Line Arguments).
- Launch GUI:
python3 encoder.py -gui - Paste Shares: In Shamir text area at bottom, paste your shares:
Share 1: PRIME:65537-1,1,123:2,456 Share 2: PRIME:65537-2,1,234:2,567 Share 3: PRIME:65537-3,1,345:2,678 - Decrypt: Click DECRYPT SSS button (next to ENCRYPT SSS)
- Result: Decrypted words automatically fill the word fields at top
- Verify: Original seed phrase is now recovered!
- Fill words (Random Fill or manual entry)
- Set parameters (Offset, OTP, Prime)
- Click ENCRYPT
- Click MOVE WORDS UP β Confirm
- Encrypted words now in word fields
- Click DECRYPT to recover original
- Click MOVE WORDS UP again to see recovered words
# Encrypt
python3 encoder.py -seed "abandon" -offset 100 -otp "password123" -i 1/1
# Decrypt (use the output word from encryption)
python3 encoder.py -seed "able" -offset 100 -otp "password123" -i 1/1 -decrypt- Use a Dedicated Device: Never-connected Raspberry Pi or disposable computer
- NEVER Reconnect: The device must NEVER touch a network - not now, not ever
- Physical Security: Store the device in a safe or destroy it after use
- Assume Compromise: If the device was EVER connected, assume it's compromised
- Use Random Generation: Let the tool generate offset, OTP, and prime (GENERATE buttons in GUI)
- Validate First: Always click VALIDATE button in GUI before creating SSS shares
- Store Parameters Securely: Write down offset, OTP, and prime on paper (never digitally)
β οΈ Avoid-embedfor Maximum Security: Do NOT check EMBED checkbox - store parameters separately for defense in depth. Only use-embedif you cannot reliably store offset/OTP/prime separately and understand the security trade-offs (see Command-Line Arguments section)- Distribute Shares: Store shares in separate physical locations
- Separate Parameter Storage: Keep offset/OTP/prime in different locations from shares (e.g., memorized, safety deposit box, secure note)
- Test Recovery: Practice reconstructing from shares before relying on it (on test device)
- Multiple Backups: Create multiple SSS sets with different parameters
- Verify Everything: Enable DEBUG checkbox to see intermediate values
- Use HELP: Click HELP button in GUI for complete documentation
- Random Fill for Testing: Use Random WORDS or NUMBERS buttons to test functionality
- Move Words Carefully: MOVE WORDS UP button has confirmation - read it carefully
- Clear Screen After Use: Prevent shoulder surfing and camera recordings
- Destroy Temporary Files: Securely delete any files created
- No Photos: Never photograph the screen - cameras can be compromised too
# Encrypt and create shares
python3 encoder.py -seed "abandon" -offset 1000 -otp "test123" -prime 65537 -s 5 3 -embed > shares.txt
# Reconstruct from 3 shares (edit shares.txt to only include 3 shares)
python3 encoder.py -sf shares.txt -debugExpected: Original "abandon" is recovered
- Launch GUI:
python3 encoder.py -gui - Click Random Fill WORDS button (generates 24 words)
- Click GENERATE for all parameters (Offset, OTP, Prime)
- Click VALIDATE button
- Result: Should show "β Round-trip validation passed!"
This tests the complete encrypt β decrypt cycle automatically.
Random Fill:
- Set "# of Words" to 12
- Click WORDS button β 12 random BIP-39 words appear
- Click NUMBERS button β 12 random indices (1-2048) appear
Move Words Up:
- Fill words, encrypt them
- Click MOVE WORDS UP β Confirm
- Encrypted words move to top fields
- Click DECRYPT β Original words recovered
Enable debug mode to see intermediate values:
python3 encoder.py -seed "abandon" -offset 100 -otp "test" -i 1/1 -debugOutput shows:
- Original word index
- Caesar-shifted index and word
- Vernam XOR result and final encrypted word
- OTP characters used
- Offset and position parameters
- 2048 words in the official English wordlist
- Words are indexed 1-2048 (not 0-2047)
- Source: BIP-39 GitHub
- Random Generation:
secrets.randbelow()- OS entropy source - Modular Arithmetic: All operations mod 2048 or mod prime
- Extended Euclidean Algorithm: For modular inverse in SSS
- Encryption: O(n) where n = number of words
- SSS Share Generation: O(n Γ k) where k = threshold
- SSS Reconstruction: O(kΒ²) for Lagrange interpolation
This project is released into the public domain. Use at your own risk.
NO WARRANTY: This software is provided "as is" without any warranty. The authors are not responsible for any loss of funds or data.
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Test thoroughly (especially cryptographic functions)
- Submit a pull request
Security issues: Please report privately to [your-email@example.com]
For issues, questions, or suggestions:
- Open a GitHub issue
- Check existing issues first
- Provide full command with
-debugflag for troubleshooting
- BIP-39 specification authors
- Adi Shamir for Secret Sharing algorithm
- Python
secretsmodule maintainers - The cryptocurrency community for security best practices
Remember: Your seed phrase security is only as strong as your weakest link. Stay safe! π