[Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys

Matt Whitlock bip at mattwhitlock.name
Sat Mar 29 18:10:54 UTC 2014


On Saturday, 29 March 2014, at 2:08 pm, Alan Reiner wrote:
> Regardless of how SSSS does it, I believe that obfuscating that
> information is bad news from a usability perspective.  Undoubtedly,
> users will make lots of backups of lots of wallets and think they
> remember the M-parameter but don't.  They will accidentally mix in some
> 3-of-5 fragments with their 2-of-4 not realizing they are incompatible,
> or not able to distinguish them.   Or they'll distribute too many
> thinking the threshold is higher and end up insecure, or possibly not
> have enough fragments to restore their wallet thinking the M-value was
> lower than it actually was.   
> 
> I just don't see the value in adding such complexity for the benefit of
> obfuscating information an attacker might be able to figure out anyway
> (most backups will be 2-of-N or 3-of-N) and can't act on anyway (because
> he doesn't know where the other frags are and they are actually in
> safe-deposit boxes)

Okay, you've convinced me. However, it looks like the consensus here is that my BIP is unneeded, so I'm not sure it would be worth the effort for me to improve it with your suggestions.




More information about the bitcoin-dev mailing list