[Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys

[Nikita Schmidt]

>
> I'd be fine with changing the key fingerprint algorithm to something else. Do you like CRC16?
>
I like CRC16.  Do you intend to use it in conjunction with a cryptographic hash?

Regarding the choice of fields, any implementation of this BIP will
need big integer arithmetic to do base-58 anyway.  The operations
required for SSS are nearly the same as for base-58 and can probably
be done by the same subset of the chosen bignum library.  So in fact
using GF(2^8) will add complexity to both the BIP and its
implementations.  However, the maths in GF(2^8) is so simple that this
additional complexity can be considered negligible.

As a co-author of a bitcoin application running on a real
microcontroller (not the sort of big-iron thing Trezor runs on), I was
also going to implement my SSS over a 256-bit prime field.  (I am not
going into 512-bit master seeds at this time.)

Uniform processing of secrets of any size (instead of using different
primes for different cases) is a valid argument in favour of GF(2^8),
though.  I have no preference one way or another.