[Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys
nikita at megiontechnologies.com
Tue Apr 8 00:33:04 UTC 2014
> I'd be fine with changing the key fingerprint algorithm to something else. Do you like CRC16?
I like CRC16. Do you intend to use it in conjunction with a cryptographic hash?
Regarding the choice of fields, any implementation of this BIP will
need big integer arithmetic to do base-58 anyway. The operations
required for SSS are nearly the same as for base-58 and can probably
be done by the same subset of the chosen bignum library. So in fact
using GF(2^8) will add complexity to both the BIP and its
implementations. However, the maths in GF(2^8) is so simple that this
additional complexity can be considered negligible.
As a co-author of a bitcoin application running on a real
microcontroller (not the sort of big-iron thing Trezor runs on), I was
also going to implement my SSS over a 256-bit prime field. (I am not
going into 512-bit master seeds at this time.)
Uniform processing of secrets of any size (instead of using different
primes for different cases) is a valid argument in favour of GF(2^8),
though. I have no preference one way or another.
More information about the bitcoin-dev