[Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys

Gregory Maxwell gmaxwell at gmail.com
Fri Apr 4 14:14:12 UTC 2014


On Fri, Apr 4, 2014 at 6:51 AM, Nikita Schmidt
<nikita at megiontechnologies.com> wrote:
> Fair enough.  Although I would have chosen the field order (p) simply
> because that's how all arithmetic already works in bitcoin.  One field
> for everybody.  It's also very close to 2^256, although still smaller
> than your maximum prime.  Now of course with different bit lengths we
> have to pick one consistency over others.

Operation mod the group order is how secret keys must be combined in
type-2 private derivation for BIP-32. It's also absolutely essential
if you want to build a secret sharing scheme in which the shares are
usable for threshold ECDSA.

I still repeat my concern that any private key secret sharing scheme
really ought to be compatible with threshold ECDSA, otherwise we're
just going to have another redundant specification.




More information about the bitcoin-dev mailing list