[Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys

Matt Whitlock bip at mattwhitlock.name
Tue Apr 22 09:13:01 UTC 2014


On Tuesday, 22 April 2014, at 10:39 am, Jan Møller wrote:
> On Tue, Apr 22, 2014 at 10:29 AM, Matt Whitlock <bip at mattwhitlock.name>wrote:
> > On Tuesday, 22 April 2014, at 10:27 am, Jan Møller wrote:
> > > > >  - Please allow M=1. From a usability point of view it makes sense to allow
> > > > > the user to select 1 share if that is what he wants.
> > > >
> > > > How does that make sense? Decomposing a key/seed into 1 share is
> > > > functionally equivalent to dispensing with the secret sharing scheme
> > > > entirely.
> > > >
> > > I agree that it may look silly to have just one-of-one share from a
> > > technical point of view, but from an end-user point of view there could be
> > > reasons for just having one piece of paper to manage. If M can be 1 then
> > > the software/hardware doesn't have to support multiple formats,
> > > import/export paths + UI  (one for SIPA keys in one share, one for HD seeds
> > > in one share, one for SIPA keys + HD seeds in multiple shares).
> > >
> > > Less complexity & more freedom of choice.
> >
> > Alright. It's a fair argument. Do you agree with encoding M using a bias
> > of -1 so that M up to and including 256 can be encoded in one byte?
> 
> Necessary Shares = M+1, not a problem
> 
> I would probably encode N-of-M in 1 byte as I don't see good use cases with
> more than 17 shares. Anyway, I am fine with it as it is.

Encoding bias of M changed to -1, and test vectors updated:
https://github.com/whitslack/btctool/blob/bip/bip-xxxx.mediawiki




More information about the bitcoin-dev mailing list