bitcoinrb 0.2.9 → 0.5.0

data/lib/bitcoin/slip39/share.rb

@@ -0,0 +1,122 @@
+module Bitcoin
+  module SLIP39
+
+    # Share of Shamir's Secret Sharing Scheme
+    class Share
+
+      attr_accessor :id               # 15 bits, Integer
+      attr_accessor :iteration_exp    # 5 bits, Integer
+      attr_accessor :group_index      # 4 bits, Integer
+      attr_accessor :group_threshold  # 4 bits, Integer
+      attr_accessor :group_count      # 4 bits, Integer
+      attr_accessor :member_index     # 4 bits, Integer
+      attr_accessor :member_threshold # 4 bits, Integer
+      attr_accessor :value            # 8n bits, hex string.
+      attr_accessor :checksum         # 30 bits, Integer
+
+      # Recover Share from the mnemonic words
+      # @param [Array{String}] words the mnemonic words
+      # @return [Bitcoin::SLIP39::Share] a share
+      def self.from_words(words)
+        raise ArgumentError, 'Mnemonics should be an array of strings' unless words.is_a?(Array)
+        indices = words.map do |word|
+          index = Bitcoin::SLIP39::WORDS.index(word.downcase)
+          raise IndexError, 'word not found in words list.' unless index
+          index
+        end
+
+        raise ArgumentError, 'Invalid mnemonic length.' if indices.size < MIN_MNEMONIC_LENGTH_WORDS
+        raise ArgumentError, 'Invalid mnemonic checksum.' unless verify_rs1024_checksum(indices)
+
+        padding_length = (RADIX_BITS * (indices.size - METADATA_LENGTH_WORDS)) % 16
+        raise ArgumentError, 'Invalid mnemonic length.' if padding_length > 8
+        data = indices.map{|i|i.to_s(2).rjust(10, '0')}.join
+
+        s = self.new
+        s.id = data[0...ID_LENGTH_BITS].to_i(2)
+        s.iteration_exp = data[ID_LENGTH_BITS...(ID_LENGTH_BITS + ITERATION_EXP_LENGTH_BITS)].to_i(2)
+        s.group_index = data[20...24].to_i(2)
+        s.group_threshold = data[24...28].to_i(2) + 1
+        s.group_count = data[28...32].to_i(2) + 1
+        raise ArgumentError, "Invalid mnemonic. Group threshold(#{s.group_threshold}) cannot be greater than group count(#{s.group_count})." if s.group_threshold > s.group_count
+        s.member_index = data[32...36].to_i(2)
+        s.member_threshold = data[36...40].to_i(2) + 1
+        value_length = data.length - 70
+        start_index = 40 + padding_length
+        end_index = start_index + value_length - padding_length
+        padding_value = data[40...(40 + padding_length)]
+        raise ArgumentError, "Invalid mnemonic. padding must only zero." unless padding_value.to_i(2) == 0
+        s.value = data[start_index...end_index].to_i(2).to_even_length_hex
+        s.checksum = data[(40 + value_length)..-1].to_i(2)
+        s
+      end
+
+      # Generate mnemonic words
+      # @return [Array[String]] array of mnemonic word.
+      def to_words
+        indices = build_word_indices
+        indices.map{|index| Bitcoin::SLIP39::WORDS[index]}
+      end
+
+      # Calculate checksum using current fields
+      # @return [Integer] checksum
+      def calculate_checksum
+        indices = build_word_indices(false)
+        create_rs1024_checksum(indices).map{|i|i.to_bits(10)}.join.to_i(2)
+      end
+
+      def self.rs1024_polymod(values)
+        gen = [0xe0e040, 0x1c1c080, 0x3838100, 0x7070200, 0xe0e0009, 0x1c0c2412, 0x38086c24, 0x3090fc48, 0x21b1f890, 0x3f3f120]
+        chk = 1
+        values.each do |v|
+          b = (chk >> 20)
+          chk = (chk & 0xfffff) << 10 ^ v
+          10.times do |i|
+            chk ^= (((b >> i) & 1 == 1) ? gen[i] : 0)
+          end
+        end
+        chk
+      end
+
+      private
+
+      # Create word indices from this share.
+      # @param [Boolean] include_checksum whether include checksum when creating indices.
+      # @param [Array[Integer]] the array of index
+      def build_word_indices(include_checksum = true)
+        s = id.to_bits(ID_LENGTH_BITS)
+        s << iteration_exp.to_bits(ITERATION_EXP_LENGTH_BITS)
+        s << group_index.to_bits(4)
+        s << (group_threshold - 1).to_bits(4)
+        s << (group_count - 1).to_bits(4)
+        raise StandardError, "Group threshold(#{group_threshold}) cannot be greater than group count(#{group_count})." if group_threshold > group_count
+        s << member_index.to_bits(4)
+        s << (member_threshold - 1).to_bits(4)
+        value_length = value.to_i(16).bit_length
+        padding_length = RADIX_BITS - (value_length % RADIX_BITS)
+        s << value.to_i(16).to_bits(value_length + padding_length)
+        s << checksum.to_bits(30) if include_checksum
+        s.chars.each_slice(10).map{|index| index.join.to_i(2)}
+      end
+
+      # Verify RS1024 checksum
+      # @param [Array[Integer] data the array of mnemonic word index
+      # @return [Boolean] verify result
+      def self.verify_rs1024_checksum(data)
+        rs1024_polymod(CUSTOMIZATION_STRING + data) == 1
+      end
+
+      # Create RS1024 checksum
+      # @param [Array[Integer] data the array of mnemonic word index without checksum
+      # @return [Array[Integer]] the array of checksum integer
+      def create_rs1024_checksum(data)
+        values = CUSTOMIZATION_STRING + data + Array.new(CHECKSUM_LENGTH_WORDS, 0)
+        polymod = Bitcoin::SLIP39::Share.rs1024_polymod(values) ^ 1
+        CHECKSUM_LENGTH_WORDS.times.to_a.reverse.map {|i|(polymod >> (10 * i)) & 1023 }
+      end
+
+      private_class_method :verify_rs1024_checksum
+
+    end
+  end
+end

data/lib/bitcoin/slip39/sss.rb

@@ -0,0 +1,245 @@
+require 'securerandom'
+
+module Bitcoin
+  module SLIP39
+
+    # Shamir's Secret Sharing
+    class SSS
+
+      include Bitcoin::Util
+      extend Bitcoin::Util
+
+      # Create SSS shares.
+      #
+      # [Usage]
+      # 4 groups shares.
+      # = two for Alice
+      # = one for friends(required 3 of her 5 friends) and
+      # = one for family members(required 2 of her 6 family)
+      #
+      # Two of these group shares are required to reconstruct the master secret.
+      # groups = [1, 1], [1, 1], [3, 5], [2, 6]
+      #
+      # group_shares = Bitcoin::SLIP39::SSS.setup_shares(group_threshold: 2, groups: groups, secret: 'secret with hex format', passphrase: 'xxx')
+      # return 4 group array of Bitcoin::SLIP39::Share
+      #
+      # Get each share word
+      # groups[0][1].to_words
+      # => ["shadow", "pistol", "academic", "always", "adequate", "wildlife", "fancy", "gross", "oasis", "cylinder", "mustang", "wrist", "rescue", "view", "short", "owner", "flip", "making", "coding", "armed"]
+      #
+      # @param [Array[Array[Integer, Integer]]] groups
+      # @param [Integer] group_threshold threshold number of group shares required to reconstruct the master secret.
+      # @param [Integer] exp Iteration exponent. default is 0.
+      # @param [String] secret master secret with hex format.
+      # @param [String] passphrase the passphrase used for encryption/decryption.
+      # @return [Array[Array[Bitcoin::SLIP39::Share]]] array of group shares.
+      def self.setup_shares(groups: [], group_threshold: nil, exp: 0, secret: nil, passphrase: '')
+        raise ArgumentError, 'Groups is empty.' if groups.empty?
+        raise ArgumentError, 'Group threshold must be greater than 0.' if group_threshold.nil? || group_threshold < 1
+        raise ArgumentError, 'Master secret does not specified.' unless secret
+        raise ArgumentError, "The length of the master secret (#{secret.htb.bytesize} bytes) must be at least #{MIN_STRENGTH_BITS / 8} bytes." if (secret.htb.bytesize * 8) < MIN_STRENGTH_BITS
+        raise ArgumentError, 'The length of the master secret in bytes must be an even number.' unless secret.bytesize.even?
+        raise ArgumentError, 'The passphrase must contain only printable ASCII characters (code points 32-126).' unless passphrase.ascii_only?
+        raise ArgumentError, "The requested group threshold (#{group_threshold}) must not exceed the number of groups (#{groups.length})." if group_threshold > groups.length
+        groups.each do |threshold, count|
+          raise ArgumentError, 'Group threshold must be greater than 0.' if threshold.nil? || threshold < 1
+          raise ArgumentError, "The requested member threshold (#{threshold}) must not exceed the number of share (#{count})." if threshold > count
+          raise ArgumentError, "Creating multiple member shares with member threshold 1 is not allowed. Use 1-of-1 member sharing instead." if threshold == 1 && count > 1
+        end
+
+        id = SecureRandom.random_number(32767) # 32767 is max number for 15 bits.
+        ems = encrypt(secret, passphrase, exp, id)
+
+        group_shares = split_secret(group_threshold, groups.length, ems)
+
+        shares = group_shares.map.with_index do |s, i|
+          group_index, group_share = s[0], s[1]
+          member_threshold, member_count = groups[i][0], groups[i][1]
+          shares = split_secret(member_threshold, member_count, group_share)
+          shares.map do |member_index, member_share|
+            share = Bitcoin::SLIP39::Share.new
+            share.id = id
+            share.iteration_exp = exp
+            share.group_index = group_index
+            share.group_threshold = group_threshold
+            share.group_count = groups.length
+            share.member_index = member_index
+            share.member_threshold = member_threshold
+            share.value = member_share
+            share.checksum = share.calculate_checksum
+            share
+          end
+        end
+        shares
+      end
+
+      # recovery master secret form shares.
+      #
+      # [Usage]
+      # shares: An array of shares required for recovery.
+      # master_secret = Bitcoin::SLIP39::SSS.recover_secret(shares, passphrase: 'xxx')
+      #
+      # @param [Array[Bitcoin::SLIP30::Share]] shares an array of shares.
+      # @param [String] passphrase the passphrase using decrypt master secret.
+      # @return [String] a master secret.
+      def self.recover_secret(shares, passphrase: '')
+        raise ArgumentError, 'share is empty.' if shares.nil? || shares.empty?
+        groups = {}
+        id = shares[0].id
+        exp = shares[0].iteration_exp
+        group_threshold = shares.first.group_threshold
+        group_count = shares.first.group_count
+
+        shares.each do |share|
+          raise ArgumentError, 'Invalid set of shares. All shares must have the same id.' unless id == share.id
+          raise ArgumentError, 'Invalid set of shares. All shares must have the same group threshold.' unless group_threshold == share.group_threshold
+          raise ArgumentError, 'Invalid set of shares. All shares must have the same group count.' unless group_count == share.group_count
+          raise ArgumentError, 'Invalid set of shares. All Shares must have the same iteration exponent.' unless exp == share.iteration_exp
+          groups[share.group_index] ||= []
+          groups[share.group_index] << share
+        end
+
+        group_shares = {}
+        groups.each do |group_index, shares|
+          member_threshold = shares.first.member_threshold
+          raise ArgumentError, "Wrong number of mnemonics. Threshold is #{member_threshold}, but share count is #{shares.length}" if shares.length < member_threshold
+          if shares.length == 1 && member_threshold == 1
+            group_shares[group_index] = shares.first.value
+          else
+            value_length = shares.first.value.length
+            x_coordinates = []
+            shares.each do |share|
+              raise ArgumentError, 'Invalid set of shares. All shares in a group must have the same member threshold.' unless member_threshold == share.member_threshold
+              raise ArgumentError, 'Invalid set of shares. All share values must have the same length.' unless value_length == share.value.length
+              x_coordinates << share.member_index
+            end
+            x_coordinates.uniq!
+            raise ArgumentError, 'Invalid set of shares. Share indices must be unique.' unless x_coordinates.size == shares.size
+            interpolate_shares = shares.map{|s|[s.member_index, s.value]}
+
+            secret = interpolate(interpolate_shares, SECRET_INDEX)
+            digest_value = interpolate(interpolate_shares, DIGEST_INDEX).htb
+            digest, random_value = digest_value[0...DIGEST_LENGTH_BYTES].bth, digest_value[DIGEST_LENGTH_BYTES..-1].bth
+            recover_digest = create_digest(secret, random_value)
+            raise ArgumentError, 'Invalid digest of the shared secret.' unless digest == recover_digest
+
+            group_shares[group_index] = secret
+          end
+        end
+
+        return decrypt(group_shares.values.first, passphrase, exp, id) if group_threshold == 1
+
+        raise ArgumentError, "Wrong number of mnemonics. Group threshold is #{group_threshold}, but share count is #{group_shares.length}" if group_shares.length < group_threshold
+
+        interpolate_shares = group_shares.map{|k, v|[k, v]}
+        secret = interpolate(interpolate_shares, SECRET_INDEX)
+        digest_value = interpolate(interpolate_shares, DIGEST_INDEX).htb
+        digest, random_value = digest_value[0...DIGEST_LENGTH_BYTES].bth, digest_value[DIGEST_LENGTH_BYTES..-1].bth
+        recover_digest = create_digest(secret, random_value)
+        raise ArgumentError, 'Invalid digest of the shared secret.' unless digest == recover_digest
+
+        decrypt(secret, passphrase, exp, id)
+      end
+
+      private
+
+      # Calculate f(x) from given shamir shares.
+      # @param [Array[index, value]] shares the array of shamir shares.
+      # @param [Integer] x the x coordinate of the result.
+      # @return [String] f(x) value with hex format.
+      def self.interpolate(shares, x)
+        s = shares.find{|s|s[0] == x}
+        return s[1] if s
+
+        log_prod = shares.sum{|s|LOG_TABLE[s[0] ^ x]}
+
+        result = ('00' * shares.first[1].length).htb
+        shares.each do |share|
+          log_basis_eval = (log_prod - LOG_TABLE[share[0] ^ x] - shares.sum{|s|LOG_TABLE[share[0] ^ s[0]]}) % 255
+          result = share[1].htb.bytes.each.map.with_index do |v, i|
+            (result[i].bti ^ (v == 0 ? 0 : (EXP_TABLE[(LOG_TABLE[v] + log_basis_eval) % 255]))).itb
+          end.join
+        end
+        result.bth
+      end
+
+      # Decrypt encrypted master secret using passphrase.
+      # @param [String] ems an encrypted master secret with hex format.
+      # @param [String] passphrase the passphrase when using encrypt master secret with binary format.
+      # @param [Integer] exp iteration exponent
+      # @param [Integer] id identifier
+      def self.decrypt(ems, passphrase, exp, id)
+        l, r = ems[0...(ems.length / 2)].htb, ems[(ems.length / 2)..-1].htb
+        salt = get_salt(id)
+        e = (Bitcoin::SLIP39::BASE_ITERATION_COUNT << exp) / Bitcoin::SLIP39::ROUND_COUNT
+        Bitcoin::SLIP39::ROUND_COUNT.times.to_a.reverse.each do |i|
+          f = OpenSSL::PKCS5.pbkdf2_hmac((i.itb + passphrase), salt + r, e, r.bytesize, 'sha256')
+          l, r = padding_zero(r, r.bytesize), padding_zero((l.bti ^ f.bti).itb, r.bytesize)
+        end
+        (r + l).bth
+      end
+
+      # Encrypt master secret using passphrase
+      # @param [String] secret master secret with hex format.
+      # @param [String] passphrase the passphrase when using encrypt master secret with binary format.
+      # @param [Integer] exp iteration exponent
+      # @param [Integer] id identifier
+      # @return [String] encrypted master secret with hex format.
+      def self.encrypt(secret, passphrase, exp, id)
+        s = secret.htb
+        l, r = s[0...(s.bytesize / 2)], s[(s.bytesize / 2)..-1]
+        salt = get_salt(id)
+        e = (Bitcoin::SLIP39::BASE_ITERATION_COUNT << exp) / Bitcoin::SLIP39::ROUND_COUNT
+        Bitcoin::SLIP39::ROUND_COUNT.times.to_a.each do |i|
+          f = OpenSSL::PKCS5.pbkdf2_hmac((i.itb + passphrase), salt + r, e, r.bytesize, 'sha256')
+          l, r = padding_zero(r, r.bytesize), padding_zero((l.bti ^ f.bti).itb, r.bytesize)
+        end
+        (r + l).bth
+      end
+
+      # Create digest of the shared secret.
+      # @param [String] secret the shared secret with hex format.
+      # @param [String] random value (n-4 bytes) with hex format.
+      # @return [String] digest value(4 bytes) with hex format.
+      def self.create_digest(secret, random)
+        h = Bitcoin.hmac_sha256(random.htb, secret.htb)
+        h[0...4].bth
+      end
+
+      # get salt using encryption/decryption form id.
+      # @param [Integer] id id
+      # @return [String] salt with binary format.
+      def self.get_salt(id)
+        (Bitcoin::SLIP39::CUSTOMIZATION_STRING.pack('c*') + id.itb)
+      end
+
+      # Split the share into +count+ with threshold +threshold+.
+      # @param [Integer] threshold the threshold.
+      # @param [Integer] count split count.
+      # @param [Integer] secret the secret to be split.
+      # @return [Array[Integer, String]] the array of split secret.
+      def self.split_secret(threshold, count, secret)
+        raise ArgumentError, "The requested threshold (#{threshold}) must be a positive integer." if threshold < 1
+        raise ArgumentError, "The requested threshold (#{threshold}) must not exceed the number of shares (#{count})." if threshold > count
+        raise ArgumentError, "The requested number of shares (#{count}) must not exceed #{MAX_SHARE_COUNT}." if count > MAX_SHARE_COUNT
+
+        return count.times.map{|i|[i, secret]} if threshold == 1 # if the threshold is 1, digest of the share is not used.
+
+        random_share_count = threshold - 2
+
+        shares = random_share_count.times.map{|i|[i, SecureRandom.hex(secret.htb.bytesize)]}
+        random_part = SecureRandom.hex(secret.htb.bytesize - DIGEST_LENGTH_BYTES)
+        digest = create_digest(secret, random_part)
+
+        base_shares = shares + [[DIGEST_INDEX, digest + random_part], [SECRET_INDEX, secret]]
+
+        (random_share_count...count).each { |i| shares << [i, interpolate(base_shares, i)]}
+
+        shares
+      end
+
+      private_class_method :split_secret, :get_salt, :interpolate, :encrypt, :decrypt, :create_digest
+
+    end
+  end
+end

data/lib/bitcoin/slip39/wordlist/english.txt

@@ -0,0 +1,1024 @@
+academic
+acid
+acne
+acquire
+acrobat
+activity
+actress
+adapt
+adequate
+adjust
+admit
+adorn
+adult
+advance
+advocate
+afraid
+again
+agency
+agree
+aide
+aircraft
+airline
+airport
+ajar
+alarm
+album
+alcohol
+alien
+alive
+alpha
+already
+alto
+aluminum
+always
+amazing
+ambition
+amount
+amuse
+analysis
+anatomy
+ancestor
+ancient
+angel
+angry
+animal
+answer
+antenna
+anxiety
+apart
+aquatic
+arcade
+arena
+argue
+armed
+artist
+artwork
+aspect
+auction
+august
+aunt
+average
+aviation
+avoid
+award
+away
+axis
+axle
+beam
+beard
+beaver
+become
+bedroom
+behavior
+being
+believe
+belong
+benefit
+best
+beyond
+bike
+biology
+birthday
+bishop
+black
+blanket
+blessing
+blimp
+blind
+blue
+body
+bolt
+boring
+born
+both
+boundary
+bracelet
+branch
+brave
+breathe
+briefing
+broken
+brother
+browser
+bucket
+budget
+building
+bulb
+bulge
+bumpy
+bundle
+burden
+burning
+busy
+buyer
+cage
+calcium
+camera
+campus
+canyon
+capacity
+capital
+capture
+carbon
+cards
+careful
+cargo
+carpet
+carve
+category
+cause
+ceiling
+center
+ceramic
+champion
+change
+charity
+check
+chemical
+chest
+chew
+chubby
+cinema
+civil
+class
+clay
+cleanup
+client
+climate
+clinic
+clock
+clogs
+closet
+clothes
+club
+cluster
+coal
+coastal
+coding
+column
+company
+corner
+costume
+counter
+course
+cover
+cowboy
+cradle
+craft
+crazy
+credit
+cricket
+criminal
+crisis
+critical
+crowd
+crucial
+crunch
+crush
+crystal
+cubic
+cultural
+curious
+curly
+custody
+cylinder
+daisy
+damage
+dance
+darkness
+database
+daughter
+deadline
+deal
+debris
+debut
+decent
+decision
+declare
+decorate
+decrease
+deliver
+demand
+density
+deny
+depart
+depend
+depict
+deploy
+describe
+desert
+desire
+desktop
+destroy
+detailed
+detect
+device
+devote
+diagnose
+dictate
+diet
+dilemma
+diminish
+dining
+diploma
+disaster
+discuss
+disease
+dish
+dismiss
+display
+distance
+dive
+divorce
+document
+domain
+domestic
+dominant
+dough
+downtown
+dragon
+dramatic
+dream
+dress
+drift
+drink
+drove
+drug
+dryer
+duckling
+duke
+duration
+dwarf
+dynamic
+early
+earth
+easel
+easy
+echo
+eclipse
+ecology
+edge
+editor
+educate
+either
+elbow
+elder
+election
+elegant
+element
+elephant
+elevator
+elite
+else
+email
+emerald
+emission
+emperor
+emphasis
+employer
+empty
+ending
+endless
+endorse
+enemy
+energy
+enforce
+engage
+enjoy
+enlarge
+entrance
+envelope
+envy
+epidemic
+episode
+equation
+equip
+eraser
+erode
+escape
+estate
+estimate
+evaluate
+evening
+evidence
+evil
+evoke
+exact
+example
+exceed
+exchange
+exclude
+excuse
+execute
+exercise
+exhaust
+exotic
+expand
+expect
+explain
+express
+extend
+extra
+eyebrow
+facility
+fact
+failure
+faint
+fake
+false
+family
+famous
+fancy
+fangs
+fantasy
+fatal
+fatigue
+favorite
+fawn
+fiber
+fiction
+filter
+finance
+findings
+finger
+firefly
+firm
+fiscal
+fishing
+fitness
+flame
+flash
+flavor
+flea
+flexible
+flip
+float
+floral
+fluff
+focus
+forbid
+force
+forecast
+forget
+formal
+fortune
+forward
+founder
+fraction
+fragment
+frequent
+freshman
+friar
+fridge
+friendly
+frost
+froth
+frozen
+fumes
+funding
+furl
+fused
+galaxy
+game
+garbage
+garden
+garlic
+gasoline
+gather
+general
+genius
+genre
+genuine
+geology
+gesture
+glad
+glance
+glasses
+glen
+glimpse
+goat
+golden
+graduate
+grant
+grasp
+gravity
+gray
+greatest
+grief
+grill
+grin
+grocery
+gross
+group
+grownup
+grumpy
+guard
+guest
+guilt
+guitar
+gums
+hairy
+hamster
+hand
+hanger
+harvest
+have
+havoc
+hawk
+hazard
+headset
+health
+hearing
+heat
+helpful
+herald
+herd
+hesitate
+hobo
+holiday
+holy
+home
+hormone
+hospital
+hour
+huge
+human
+humidity
+hunting
+husband
+hush
+husky
+hybrid
+idea
+identify
+idle
+image
+impact
+imply
+improve
+impulse
+include
+income
+increase
+index
+indicate
+industry
+infant
+inform
+inherit
+injury
+inmate
+insect
+inside
+install
+intend
+intimate
+invasion
+involve
+iris
+island
+isolate
+item
+ivory
+jacket
+jerky
+jewelry
+join
+judicial
+juice
+jump
+junction
+junior
+junk
+jury
+justice
+kernel
+keyboard
+kidney
+kind
+kitchen
+knife
+knit
+laden
+ladle
+ladybug
+lair
+lamp
+language
+large
+laser
+laundry
+lawsuit
+leader
+leaf
+learn
+leaves
+lecture
+legal
+legend
+legs
+lend
+length
+level
+liberty
+library
+license
+lift
+likely
+lilac
+lily
+lips
+liquid
+listen
+literary
+living
+lizard
+loan
+lobe
+location
+losing
+loud
+loyalty
+luck
+lunar
+lunch
+lungs
+luxury
+lying
+lyrics
+machine
+magazine
+maiden
+mailman
+main
+makeup
+making
+mama
+manager
+mandate
+mansion
+manual
+marathon
+march
+market
+marvel
+mason
+material
+math
+maximum
+mayor
+meaning
+medal
+medical
+member
+memory
+mental
+merchant
+merit
+method
+metric
+midst
+mild
+military
+mineral
+minister
+miracle
+mixed
+mixture
+mobile
+modern
+modify
+moisture
+moment
+morning
+mortgage
+mother
+mountain
+mouse
+move
+much
+mule
+multiple
+muscle
+museum
+music
+mustang
+nail
+national
+necklace
+negative
+nervous
+network
+news
+nuclear
+numb
+numerous
+nylon
+oasis
+obesity
+object
+observe
+obtain
+ocean
+often
+olympic
+omit
+oral
+orange
+orbit
+order
+ordinary
+organize
+ounce
+oven
+overall
+owner
+paces
+pacific
+package
+paid
+painting
+pajamas
+pancake
+pants
+papa
+paper
+parcel
+parking
+party
+patent
+patrol
+payment
+payroll
+peaceful
+peanut
+peasant
+pecan
+penalty
+pencil
+percent
+perfect
+permit
+petition
+phantom
+pharmacy
+photo
+phrase
+physics
+pickup
+picture
+piece
+pile
+pink
+pipeline
+pistol
+pitch
+plains
+plan
+plastic
+platform
+playoff
+pleasure
+plot
+plunge
+practice
+prayer
+preach
+predator
+pregnant
+premium
+prepare
+presence
+prevent
+priest
+primary
+priority
+prisoner
+privacy
+prize
+problem
+process
+profile
+program
+promise
+prospect
+provide
+prune
+public
+pulse
+pumps
+punish
+puny
+pupal
+purchase
+purple
+python
+quantity
+quarter
+quick
+quiet
+race
+racism
+radar
+railroad
+rainbow
+raisin
+random
+ranked
+rapids
+raspy
+reaction
+realize
+rebound
+rebuild
+recall
+receiver
+recover
+regret
+regular
+reject
+relate
+remember
+remind
+remove
+render
+repair
+repeat
+replace
+require
+rescue
+research
+resident
+response
+result
+retailer
+retreat
+reunion
+revenue
+review
+reward
+rhyme
+rhythm
+rich
+rival
+river
+robin
+rocky
+romantic
+romp
+roster
+round
+royal
+ruin
+ruler
+rumor
+sack
+safari
+salary
+salon
+salt
+satisfy
+satoshi
+saver
+says
+scandal
+scared
+scatter
+scene
+scholar
+science
+scout
+scramble
+screw
+script
+scroll
+seafood
+season
+secret
+security
+segment
+senior
+shadow
+shaft
+shame
+shaped
+sharp
+shelter
+sheriff
+short
+should
+shrimp
+sidewalk
+silent
+silver
+similar
+simple
+single
+sister
+skin
+skunk
+slap
+slavery
+sled
+slice
+slim
+slow
+slush
+smart
+smear
+smell
+smirk
+smith
+smoking
+smug
+snake
+snapshot
+sniff
+society
+software
+soldier
+solution
+soul
+source
+space
+spark
+speak
+species
+spelling
+spend
+spew
+spider
+spill
+spine
+spirit
+spit
+spray
+sprinkle
+square
+squeeze
+stadium
+staff
+standard
+starting
+station
+stay
+steady
+step
+stick
+stilt
+story
+strategy
+strike
+style
+subject
+submit
+sugar
+suitable
+sunlight
+superior
+surface
+surprise
+survive
+sweater
+swimming
+swing
+switch
+symbolic
+sympathy
+syndrome
+system
+tackle
+tactics
+tadpole
+talent
+task
+taste
+taught
+taxi
+teacher
+teammate
+teaspoon
+temple
+tenant
+tendency
+tension
+terminal
+testify
+texture
+thank
+that
+theater
+theory
+therapy
+thorn
+threaten
+thumb
+thunder
+ticket
+tidy
+timber
+timely
+ting
+tofu
+together
+tolerate
+total
+toxic
+tracks
+traffic
+training
+transfer
+trash
+traveler
+treat
+trend
+trial
+tricycle
+trip
+triumph
+trouble
+true
+trust
+twice
+twin
+type
+typical
+ugly
+ultimate
+umbrella
+uncover
+undergo
+unfair
+unfold
+unhappy
+union
+universe
+unkind
+unknown
+unusual
+unwrap
+upgrade
+upstairs
+username
+usher
+usual
+valid
+valuable
+vampire
+vanish
+various
+vegan
+velvet
+venture
+verdict
+verify
+very
+veteran
+vexed
+victim
+video
+view
+vintage
+violence
+viral
+visitor
+visual
+vitamins
+vocal
+voice
+volume
+voter
+voting
+walnut
+warmth
+warn
+watch
+wavy
+wealthy
+weapon
+webcam
+welcome
+welfare
+western
+width
+wildlife
+window
+wine
+wireless
+wisdom
+withdraw
+wits
+wolf
+woman
+work
+worthy
+wrap
+wrist
+writing
+wrote
+year
+yelp
+yield
+yoga
+zero