Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1WTxLF-00058W-Az for bitcoin-development@lists.sourceforge.net; Sat, 29 Mar 2014 17:46:49 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.217.171 as permitted sender) client-ip=209.85.217.171; envelope-from=gmaxwell@gmail.com; helo=mail-lb0-f171.google.com; Received: from mail-lb0-f171.google.com ([209.85.217.171]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1WTxLE-0000vA-Kf for bitcoin-development@lists.sourceforge.net; Sat, 29 Mar 2014 17:46:49 +0000 Received: by mail-lb0-f171.google.com with SMTP id w7so4642557lbi.16 for ; Sat, 29 Mar 2014 10:46:41 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.152.42.196 with SMTP id q4mr11051741lal.14.1396115201874; Sat, 29 Mar 2014 10:46:41 -0700 (PDT) Received: by 10.112.89.68 with HTTP; Sat, 29 Mar 2014 10:46:41 -0700 (PDT) In-Reply-To: <3760502.BsfnhHlzm1@crushinator> References: <4906130.DUyjhm1C93@crushinator> <1396113933.8809.91.camel@mimiz> <3760502.BsfnhHlzm1@crushinator> Date: Sat, 29 Mar 2014 10:46:41 -0700 Message-ID: From: Gregory Maxwell To: Matt Whitlock Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.6 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1WTxLE-0000vA-Kf Cc: Bitcoin Dev , Dev Random Subject: Re: [Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Mar 2014 17:46:49 -0000 On Sat, Mar 29, 2014 at 10:38 AM, Matt Whitlock wro= te: > But can threshold ECDSA work with BIP32? Yes. >In other words, can a threshold ECDSA public key be generated from separat= e, precomputed private keys, No. > can it only be generated interactively? Yes. But see the first question. Basically you can do an interactive step to generate a master pubkey and then use BIP32 non-hardened derivation to build thresholded children. On Sat, Mar 29, 2014 at 10:42 AM, Matt Whitlock wro= te: > Respectfully, it's also possible to take a base58-encoded private key and= run it through GPG, which is included in most Linux distros. But yet we ha= ve BIP38. BIP38 is a bad example (because it was created without public discussion due to a technical snafu). In this case I don't see anything wrong with specifying secret sharing, but I think=E2=80=94 if possible=E2=80=94 it should be carefully c= onstructed so that the same polynomials and interpolation code can be used for threshold signatures (when encoding compatible data). If it requires entirely different code than the code for threshold signing it might as well be a file generic tool like SSSS.