Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WW6cp-00088k-Vv for bitcoin-development@lists.sourceforge.net; Fri, 04 Apr 2014 16:05:52 +0000 X-ACL-Warn: Received: from qmta05.westchester.pa.mail.comcast.net ([76.96.62.48]) by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1WW6co-00008F-7o for bitcoin-development@lists.sourceforge.net; Fri, 04 Apr 2014 16:05:51 +0000 Received: from omta07.westchester.pa.mail.comcast.net ([76.96.62.59]) by qmta05.westchester.pa.mail.comcast.net with comcast id lrED1n0021GhbT855s5lM8; Fri, 04 Apr 2014 16:05:45 +0000 Received: from crushinator.localnet ([IPv6:2601:6:4800:47f:219:d1ff:fe75:dc2f]) by omta07.westchester.pa.mail.comcast.net with comcast id ls5k1n00S4VnV2P3Ts5kJR; Fri, 04 Apr 2014 16:05:44 +0000 From: Matt Whitlock To: Gregory Maxwell Date: Fri, 04 Apr 2014 12:05:44 -0400 Message-ID: <12583269.b0SUbSGuCb@crushinator> User-Agent: KMail/4.12.4 (Linux/3.12.13-gentoo; KDE/4.12.4; x86_64; ; ) In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Score: 0.0 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [76.96.62.48 listed in list.dnswl.org] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WW6co-00008F-7o Cc: bitcoin-development Subject: Re: [Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Apr 2014 16:05:52 -0000 On Friday, 4 April 2014, at 7:14 am, Gregory Maxwell wrote: > I still repeat my concern that any private key secret sharing scheme > really ought to be compatible with threshold ECDSA, otherwise we're > just going to have another redundant specification. I have that concern too, but then how can we support secrets of sizes other than 256 bits? A likely use case for this BIP (even more likely than using it to decompose Bitcoin private keys) is using it to decompose BIP32 master seeds, which can be 512 bits in size. We can't use secp256k1_n as the modulus there.