[Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys

Matt Whitlock bip at mattwhitlock.name
Sat Mar 29 14:55:54 UTC 2014


On Saturday, 29 March 2014, at 10:19 am, Jeff Garzik wrote:
> On Sat, Mar 29, 2014 at 10:10 AM, Matt Whitlock <bip at mattwhitlock.name> wrote:
> > Multisig does not allow for the topology I described. Say the board has seven directors, meaning the majority threshold is four. This means the organization needs the consent of six individuals in order to sign a transaction: the president, the CFO, and any four of the board members. A 6-of-9 multisig would not accomplish the same policy, as then any six board members could successfully sign a transaction without the consent of the president or CFO. Of course the multi-signature scheme could be expanded to allow for hierarchical threshold topologies, or Shamir's Secret Sharing can be used to distribute keys at the second level (and further, if desired).
> 
> Disagree with "does not allow"  Review bitcoin's script language.
> 
> Bitcoin script can handle the use case you describe.  Add conditionals
> to the bitcoin script, OP_IF etc.  You can do 'multisig AND multisig'
> type boolean logic entirely in script, and be far more flexible than a
> single CHECKMULTISIG affords.

Depends on your definition of "can." Bitcoin's scripting language is awesome, but it's mostly useless due to the requirement that scripts match one of a select few "standard" templates in order to be allowed to propagate across the network and be mined into blocks. I really hate IsStandard and wish it would die.




More information about the bitcoin-dev mailing list