Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com
	designates 209.85.192.44 as permitted sender)
	client-ip=209.85.192.44; envelope-from=jan.moller@gmail.com;
	helo=mail-qg0-f44.google.com; 
MIME-Version: 1.0
In-Reply-To: <CAC7yFxQR6oVdASacCefPiuWocvrDHTTnVU4xyVdZTwvMr4ZPNw@mail.gmail.com>
References: <CAC7yFxSE8-TWPN-kuFiqdPKMDuprbiVJi7-z-ym+AUyA_f-xJw@mail.gmail.com>
	<CABh=4qNaJht-MnnjEguZ=UOuXN3uQ-s4-dkDUVErbHj6W44J_g@mail.gmail.com>
	<1927948.OEZHQcsQ9n@crushinator> <2025496.b5Y3n7qx8B@crushinator>
	<1582E990-4E14-4EF7-9C9C-AA505B815104@bitsofproof.com>
	<53568B87.8040009@monetize.io>
	<11528A13-5D66-4D2B-BEE0-1C26F9987BC8@bitsofproof.com>
	<CABh=4qPsR1YbhJDeAPjr37Zjqawo9ZFAH43scFnEg7p9a7EkeQ@mail.gmail.com>
	<F292CC2F-BAA7-45ED-801E-1475D94632AF@bitsofproof.com>
	<CAAS2fgR5ciUeFonOXBD1d9b_inOuxQKJ-LaoGmoyjoeQ_KxQxQ@mail.gmail.com>
	<621AAD7D-FDC0-4C3C-B810-8C1F0B088586@bitsofproof.com>
	<CAAS2fgTyndBG=airHoAcW4W2WgFZ61THXP4JGuUQCSWV99tCtg@mail.gmail.com>
	<CAC7yFxQR6oVdASacCefPiuWocvrDHTTnVU4xyVdZTwvMr4ZPNw@mail.gmail.com>
Date: Mon, 12 May 2014 14:09:53 +0200
Message-ID: <CABh=4qMpge4q-CmKNNnxj5C_jGEFhwAVrUHSNbqy3njeUiSHvQ@mail.gmail.com>
From: =?UTF-8?Q?Jan_M=C3=B8ller?= <jan.moller@gmail.com>
To: Nikita Schmidt <nikita@megiontechnologies.com>, 
	Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Content-Type: multipart/alternative; boundary=001a1139bcd42da74504f932d3a1
Subject: Re: [Bitcoin-development] Presenting a BIP for Shamir's Secret
 Sharing of Bitcoin private keys
Precedence: list
Reply-To: jan.moller@gmail.com

--001a1139bcd42da74504f932d3a1
Content-Type: text/plain; charset=UTF-8

A Java implementation of what is called BIPSS in lack of an official number
can be found here:
https://github.com/mycelium-com/wallet/blob/master/public/bitlib/src/main/java/com/mrd/bitlib/crypto/BipSs.java
(passing all test vectors)

Which is based on a GF2^8 implementation here:
https://github.com/mycelium-com/wallet/blob/master/public/bitlib/src/main/java/com/mrd/bitlib/crypto/Gf256.java

I think having 3 encoding formats (long/short/compact) is over engineered,
and basically only makes implementing the standard a pain in the rear. From
a user experience point of view only the long format makes sense, and it is
only a few bytes longer than the short version.


On Mon, May 5, 2014 at 9:36 PM, Nikita Schmidt <
nikita@megiontechnologies.com> wrote:

> A fork of Matt's proposal converted to GF(2^8) is here:
> https://github.com/cetuscetus/btctool/blob/bip/bip-xxxx.mediawiki
>
> Other changes include:
> - only six application/version bytes are allocated, which is the
> minimum to ensure that the encoded form starts with S in all cases;
> - encoded prefixes are SK/SL for a shared private key
> (mainnet/testnet) and SS/ST for a shared BIP32 seed;
> - the only hash function in use is SHA-256, which is the all-purpose
> hash function in the Bitcoin protocol;
> - double SHA is used for similarity with Bitcoin, although Jan and I
> believe single SHA is enough in this application;
> - bias-less encoding of M and x, because there can't be more than 255
> shares over GF(2^8).
>
>
> On 23 April 2014 09:16, Gregory Maxwell <gmaxwell@gmail.com> wrote:
> > On Tue, Apr 22, 2014 at 10:33 PM, Tamas Blummer <tamas@bitsofproof.com>
> wrote:
> >> So you agree, that SSS should not contain specific flag for testnet?
> >>
> >> Or for that matter not even BIP32 needs them since it is not an address
> to
> >> send to.
> >
> > I think the convention we have so far is that addresses and address
> > relate thing we share normally contain an opaque 'version' identifier
> > which we use to identify the purpose for the data (E.g. network
> > meaning, etc.) and I think its a generally reasonable custom.
> >
> >
> ------------------------------------------------------------------------------
> > Start Your Social Network Today - Download eXo Platform
> > Build your Enterprise Intranet with eXo Platform Software
> > Java Based Open Source Intranet - Social, Extensible, Cloud Ready
> > Get Started Now And Turn Your Intranet Into A Collaboration Platform
> > http://p.sf.net/sfu/ExoPlatform
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
> ------------------------------------------------------------------------------
> Is your legacy SCM system holding you back? Join Perforce May 7 to find
> out:
> &#149; 3 signs your SCM is hindering your productivity
> &#149; Requirements for releasing software faster
> &#149; Expert tips and advice for migrating your SCM now
> http://p.sf.net/sfu/perforce
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

--001a1139bcd42da74504f932d3a1
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">A Java implementation of what is called BIPSS in lack of a=
n official number can be found here:<div><a href=3D"https://github.com/myce=
lium-com/wallet/blob/master/public/bitlib/src/main/java/com/mrd/bitlib/cryp=
to/BipSs.java">https://github.com/mycelium-com/wallet/blob/master/public/bi=
tlib/src/main/java/com/mrd/bitlib/crypto/BipSs.java</a></div>
<div>(passing all test vectors)<br></div><div><br></div><div>Which is based=
 on a GF2^8 implementation here:</div><div><a href=3D"https://github.com/my=
celium-com/wallet/blob/master/public/bitlib/src/main/java/com/mrd/bitlib/cr=
ypto/Gf256.java">https://github.com/mycelium-com/wallet/blob/master/public/=
bitlib/src/main/java/com/mrd/bitlib/crypto/Gf256.java</a><br>
</div><div><br></div><div>I think having 3 encoding formats (long/short/com=
pact) is over engineered, and basically only makes implementing the standar=
d a pain in the rear. From a user experience point of view only the long fo=
rmat makes sense, and it is only a few bytes longer than the short version.=
</div>
<div><br></div><div><br></div></div><div class=3D"gmail_extra"><br><br><div=
 class=3D"gmail_quote">On Mon, May 5, 2014 at 9:36 PM, Nikita Schmidt <span=
 dir=3D"ltr">&lt;<a href=3D"mailto:nikita@megiontechnologies.com" target=3D=
"_blank">nikita@megiontechnologies.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">A fork of Matt&#39;s proposal converted to G=
F(2^8) is here:<br>
<a href=3D"https://github.com/cetuscetus/btctool/blob/bip/bip-xxxx.mediawik=
i" target=3D"_blank">https://github.com/cetuscetus/btctool/blob/bip/bip-xxx=
x.mediawiki</a><br>
<br>
Other changes include:<br>
- only six application/version bytes are allocated, which is the<br>
minimum to ensure that the encoded form starts with S in all cases;<br>
- encoded prefixes are SK/SL for a shared private key<br>
(mainnet/testnet) and SS/ST for a shared BIP32 seed;<br>
- the only hash function in use is SHA-256, which is the all-purpose<br>
hash function in the Bitcoin protocol;<br>
- double SHA is used for similarity with Bitcoin, although Jan and I<br>
believe single SHA is enough in this application;<br>
- bias-less encoding of M and x, because there can&#39;t be more than 255<b=
r>
shares over GF(2^8).<br>
<div><div class=3D"h5"><br>
<br>
On 23 April 2014 09:16, Gregory Maxwell &lt;<a href=3D"mailto:gmaxwell@gmai=
l.com">gmaxwell@gmail.com</a>&gt; wrote:<br>
&gt; On Tue, Apr 22, 2014 at 10:33 PM, Tamas Blummer &lt;<a href=3D"mailto:=
tamas@bitsofproof.com">tamas@bitsofproof.com</a>&gt; wrote:<br>
&gt;&gt; So you agree, that SSS should not contain specific flag for testne=
t?<br>
&gt;&gt;<br>
&gt;&gt; Or for that matter not even BIP32 needs them since it is not an ad=
dress to<br>
&gt;&gt; send to.<br>
&gt;<br>
&gt; I think the convention we have so far is that addresses and address<br=
>
&gt; relate thing we share normally contain an opaque &#39;version&#39; ide=
ntifier<br>
&gt; which we use to identify the purpose for the data (E.g. network<br>
&gt; meaning, etc.) and I think its a generally reasonable custom.<br>
&gt;<br>
</div></div><div class=3D"">&gt; ------------------------------------------=
------------------------------------<br>
&gt; Start Your Social Network Today - Download eXo Platform<br>
&gt; Build your Enterprise Intranet with eXo Platform Software<br>
&gt; Java Based Open Source Intranet - Social, Extensible, Cloud Ready<br>
&gt; Get Started Now And Turn Your Intranet Into A Collaboration Platform<b=
r>
&gt; <a href=3D"http://p.sf.net/sfu/ExoPlatform" target=3D"_blank">http://p=
.sf.net/sfu/ExoPlatform</a><br>
&gt; _______________________________________________<br>
&gt; Bitcoin-development mailing list<br>
&gt; <a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-d=
evelopment@lists.sourceforge.net</a><br>
&gt; <a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-develo=
pment" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitco=
in-development</a><br>
<br>
</div>---------------------------------------------------------------------=
---------<br>
Is your legacy SCM system holding you back? Join Perforce May 7 to find out=
:<br>
&amp;#149; 3 signs your SCM is hindering your productivity<br>
&amp;#149; Requirements for releasing software faster<br>
&amp;#149; Expert tips and advice for migrating your SCM now<br>
<a href=3D"http://p.sf.net/sfu/perforce" target=3D"_blank">http://p.sf.net/=
sfu/perforce</a><br>
<div class=3D"HOEnZb"><div class=3D"h5">___________________________________=
____________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net">Bitcoin-develo=
pment@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>

--001a1139bcd42da74504f932d3a1--