[Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys

Jan Møller jan.moller at gmail.com
Tue Apr 22 08:06:09 UTC 2014


This is a very useful BIP, and I am very much looking forward to
implementing it in Mycelium, in particular for bip32 wallets.
To me this is not about whether to use SSS instead of multisig
transactions. In the end you want to protect a secret (be it a HD master
seed or a private key) in such a way that you can recover it in case of
partial theft/loss. Whether I'll use the master seed to generate keys that
are going to be used for multisig transactions is another discussion IMO.

A few suggestions:
 - I think it is very useful to define different prefixes for testnet
keys/seeds. As a developer I use the testnet every day, and many of our
users use it for trying out new functionality. Mixing up keys meant for
testnet and mainnet is bad.
 - Please allow M=1. From a usability point of view it makes sense to allow
the user to select 1 share if that is what he wants.

I have no strong opinions of whether to use GF(2^8) over Shamir's Secret
Sharing, but the simplicity of GF(2^8) is appealing.

 - Jan


On Fri, Apr 11, 2014 at 12:31 AM, Nikita Schmidt <
nikita at megiontechnologies.com> wrote:

> > What do you think a big-integer division by a word-sized divisor *is*?
> Obviously rolling your own is always an option. Are you just saying that
> Base58 encoding and decoding is easier than Shamir's Secret Sharing because
> the divisors are small?
>
> Well, yes, to be fair, in fact it is.  The small divisor and lack of
> modulo arithmetic make base-58 encoding and decoding noticeably
> smaller and easier than Shamir's Secret Sharing over GF(P256).
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140422/1ba69db4/attachment.html>


More information about the bitcoin-dev mailing list