summaryrefslogtreecommitdiff
path: root/ef/95d5d161016f201e994b40a50d228c94b1810d
blob: 98b92e8448293b8cf4708d39044a0a1622b8d31c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <jan.moller@gmail.com>) id 1WcVib-00021c-Qv
	for bitcoin-development@lists.sourceforge.net;
	Tue, 22 Apr 2014 08:06:17 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.216.52 as permitted sender)
	client-ip=209.85.216.52; envelope-from=jan.moller@gmail.com;
	helo=mail-qa0-f52.google.com; 
Received: from mail-qa0-f52.google.com ([209.85.216.52])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.76) id 1WcViY-00028P-Hl
	for bitcoin-development@lists.sourceforge.net;
	Tue, 22 Apr 2014 08:06:17 +0000
Received: by mail-qa0-f52.google.com with SMTP id ih12so686094qab.25
	for <bitcoin-development@lists.sourceforge.net>;
	Tue, 22 Apr 2014 01:06:09 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.224.114.130 with SMTP id e2mr45365835qaq.53.1398153969135;
	Tue, 22 Apr 2014 01:06:09 -0700 (PDT)
Received: by 10.140.24.201 with HTTP; Tue, 22 Apr 2014 01:06:09 -0700 (PDT)
In-Reply-To: <CAC7yFxR7XWtFSMeHgbMZOMKbr+kK_7Ezb7zBUQP08rfC0am9sQ@mail.gmail.com>
References: <CAC7yFxSE8-TWPN-kuFiqdPKMDuprbiVJi7-z-ym+AUyA_f-xJw@mail.gmail.com>
	<6669921.kYEqrMqt0u@crushinator>
	<CAAS2fgSfiYwD-M7+k65JF0Kjeod1zEiPcxPN1iDBHLzYV7UQyA@mail.gmail.com>
	<16848732.PiyLLsBBZa@crushinator>
	<CAC7yFxR7XWtFSMeHgbMZOMKbr+kK_7Ezb7zBUQP08rfC0am9sQ@mail.gmail.com>
Date: Tue, 22 Apr 2014 10:06:09 +0200
Message-ID: <CABh=4qNaJht-MnnjEguZ=UOuXN3uQ-s4-dkDUVErbHj6W44J_g@mail.gmail.com>
From: =?UTF-8?Q?Jan_M=C3=B8ller?= <jan.moller@gmail.com>
To: Nikita Schmidt <nikita@megiontechnologies.com>
Content-Type: multipart/alternative; boundary=047d7bea44ccabf74904f79d16b7
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(jan.moller[at]gmail.com)
	-0.0 SPF_PASS               SPF: sender matches SPF record
	1.0 HTML_MESSAGE           BODY: HTML included in message
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WcViY-00028P-Hl
Cc: bitcoin-development <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Presenting a BIP for Shamir's Secret
 Sharing of Bitcoin private keys
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: jan.moller@gmail.com
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Tue, 22 Apr 2014 08:06:18 -0000

--047d7bea44ccabf74904f79d16b7
Content-Type: text/plain; charset=UTF-8

This is a very useful BIP, and I am very much looking forward to
implementing it in Mycelium, in particular for bip32 wallets.
To me this is not about whether to use SSS instead of multisig
transactions. In the end you want to protect a secret (be it a HD master
seed or a private key) in such a way that you can recover it in case of
partial theft/loss. Whether I'll use the master seed to generate keys that
are going to be used for multisig transactions is another discussion IMO.

A few suggestions:
 - I think it is very useful to define different prefixes for testnet
keys/seeds. As a developer I use the testnet every day, and many of our
users use it for trying out new functionality. Mixing up keys meant for
testnet and mainnet is bad.
 - Please allow M=1. From a usability point of view it makes sense to allow
the user to select 1 share if that is what he wants.

I have no strong opinions of whether to use GF(2^8) over Shamir's Secret
Sharing, but the simplicity of GF(2^8) is appealing.

 - Jan


On Fri, Apr 11, 2014 at 12:31 AM, Nikita Schmidt <
nikita@megiontechnologies.com> wrote:

> > What do you think a big-integer division by a word-sized divisor *is*?
> Obviously rolling your own is always an option. Are you just saying that
> Base58 encoding and decoding is easier than Shamir's Secret Sharing because
> the divisors are small?
>
> Well, yes, to be fair, in fact it is.  The small divisor and lack of
> modulo arithmetic make base-58 encoding and decoding noticeably
> smaller and easier than Shamir's Secret Sharing over GF(P256).
>
>
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

--047d7bea44ccabf74904f79d16b7
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">This is a very useful BIP, and I am very much looking forw=
ard to implementing it in Mycelium, in particular for bip32 wallets.<div>To=
 me this is not about whether to use SSS instead of multisig transactions. =
In the end you want to protect a secret (be it a HD master seed or a privat=
e key) in such a way that you can recover it in case of partial theft/loss.=
 Whether I&#39;ll use the master seed to generate keys that are going to be=
 used for multisig transactions is another discussion IMO.</div>
<div>=C2=A0<br><div>A few suggestions:</div><div>=C2=A0- I think it is very=
 useful to define different prefixes for testnet keys/seeds. As a developer=
 I use the testnet every day, and many of our users use it for trying out n=
ew functionality. Mixing up keys meant for testnet and mainnet is bad.</div=
>

<div>=C2=A0- Please allow M=3D1. From a usability point of view it makes se=
nse to allow the user to select 1 share if that is what he wants.</div><div=
><br></div><div>I have no strong opinions of whether to use GF(2^8) over Sh=
amir&#39;s Secret Sharing, but the simplicity of GF(2^8) is appealing.</div=
>
<div><br></div><div>=C2=A0- Jan</div>
</div></div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">O=
n Fri, Apr 11, 2014 at 12:31 AM, Nikita Schmidt <span dir=3D"ltr">&lt;<a hr=
ef=3D"mailto:nikita@megiontechnologies.com" target=3D"_blank">nikita@megion=
technologies.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div class=3D"">&gt; What do you think a big=
-integer division by a word-sized divisor *is*? Obviously rolling your own =
is always an option. Are you just saying that Base58 encoding and decoding =
is easier than Shamir&#39;s Secret Sharing because the divisors are small?<=
br>

<br>
</div>Well, yes, to be fair, in fact it is. =C2=A0The small divisor and lac=
k of<br>
modulo arithmetic make base-58 encoding and decoding noticeably<br>
smaller and easier than Shamir&#39;s Secret Sharing over GF(P256).<br>
<div class=3D"HOEnZb"><div class=3D"h5"><br>
---------------------------------------------------------------------------=
---<br>
Put Bad Developers to Shame<br>
Dominate Development with Jenkins Continuous Integration<br>
Continuously Automate Build, Test &amp; Deployment<br>
Start a new project now. Try Jenkins in the cloud.<br>
<a href=3D"http://p.sf.net/sfu/13600_Cloudbees" target=3D"_blank">http://p.=
sf.net/sfu/13600_Cloudbees</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>

--047d7bea44ccabf74904f79d16b7--