1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <gmaxwell@gmail.com>) id 1WTxLF-00058W-Az
for bitcoin-development@lists.sourceforge.net;
Sat, 29 Mar 2014 17:46:49 +0000
Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.217.171 as permitted sender)
client-ip=209.85.217.171; envelope-from=gmaxwell@gmail.com;
helo=mail-lb0-f171.google.com;
Received: from mail-lb0-f171.google.com ([209.85.217.171])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1WTxLE-0000vA-Kf
for bitcoin-development@lists.sourceforge.net;
Sat, 29 Mar 2014 17:46:49 +0000
Received: by mail-lb0-f171.google.com with SMTP id w7so4642557lbi.16
for <bitcoin-development@lists.sourceforge.net>;
Sat, 29 Mar 2014 10:46:41 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.152.42.196 with SMTP id q4mr11051741lal.14.1396115201874;
Sat, 29 Mar 2014 10:46:41 -0700 (PDT)
Received: by 10.112.89.68 with HTTP; Sat, 29 Mar 2014 10:46:41 -0700 (PDT)
In-Reply-To: <3760502.BsfnhHlzm1@crushinator>
References: <CACsn0ckScTWG4YxNCscxvtdsmcUkxtR2Gi-rdBs2HCkirPz5rA@mail.gmail.com>
<4906130.DUyjhm1C93@crushinator> <1396113933.8809.91.camel@mimiz>
<3760502.BsfnhHlzm1@crushinator>
Date: Sat, 29 Mar 2014 10:46:41 -0700
Message-ID: <CAAS2fgTVo_j9NkDdHBw8mEDjw6i7yY2_Y5-Z=Yer7WUi0ZySQw@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Matt Whitlock <bip@mattwhitlock.name>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -1.6 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(gmaxwell[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1WTxLE-0000vA-Kf
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>,
Dev Random <c1.devrandom@niftybox.net>
Subject: Re: [Bitcoin-development] Presenting a BIP for Shamir's Secret
Sharing of Bitcoin private keys
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 29 Mar 2014 17:46:49 -0000
On Sat, Mar 29, 2014 at 10:38 AM, Matt Whitlock <bip@mattwhitlock.name> wro=
te:
> But can threshold ECDSA work with BIP32?
Yes.
>In other words, can a threshold ECDSA public key be generated from separat=
e, precomputed private keys,
No.
> can it only be generated interactively?
Yes.
But see the first question. Basically you can do an interactive step
to generate a master pubkey and then use BIP32 non-hardened derivation
to build thresholded children.
On Sat, Mar 29, 2014 at 10:42 AM, Matt Whitlock <bip@mattwhitlock.name> wro=
te:
> Respectfully, it's also possible to take a base58-encoded private key and=
run it through GPG, which is included in most Linux distros. But yet we ha=
ve BIP38.
BIP38 is a bad example (because it was created without public
discussion due to a technical snafu).
In this case I don't see anything wrong with specifying secret
sharing, but I think=E2=80=94 if possible=E2=80=94 it should be carefully c=
onstructed
so that the same polynomials and interpolation code can be used for
threshold signatures (when encoding compatible data).
If it requires entirely different code than the code for threshold
signing it might as well be a file generic tool like SSSS.
|
