[Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys

Matt Whitlock bip at mattwhitlock.name
Fri Apr 4 16:05:44 UTC 2014

On Friday, 4 April 2014, at 7:14 am, Gregory Maxwell wrote:
> I still repeat my concern that any private key secret sharing scheme
> really ought to be compatible with threshold ECDSA, otherwise we're
> just going to have another redundant specification.

I have that concern too, but then how can we support secrets of sizes other than 256 bits? A likely use case for this BIP (even more likely than using it to decompose Bitcoin private keys) is using it to decompose BIP32 master seeds, which can be 512 bits in size. We can't use secp256k1_n as the modulus there.

More information about the bitcoin-dev mailing list