1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
|
Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193]
helo=mx.sourceforge.net)
by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <tamas@bitsofproof.com>) id 1WTxCb-0004nW-Fq
for bitcoin-development@lists.sourceforge.net;
Sat, 29 Mar 2014 17:37:53 +0000
X-ACL-Warn:
Received: from wp059.webpack.hosteurope.de ([80.237.132.66])
by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.76) id 1WTxCZ-0000Xn-KZ
for bitcoin-development@lists.sourceforge.net;
Sat, 29 Mar 2014 17:37:53 +0000
Received: from [37.143.74.116] (helo=[192.168.2.2]); authenticated
by wp059.webpack.hosteurope.de running ExIM with esmtpsa
(TLS1.0:RSA_AES_128_CBC_SHA1:16)
id 1WTxCS-0007E8-MT; Sat, 29 Mar 2014 18:37:44 +0100
Content-Type: multipart/signed;
boundary="Apple-Mail=_487DB6AE-0174-4E5C-8BF0-162544E09383";
protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Tamas Blummer <tamas@bitsofproof.com>
In-Reply-To: <4676777.MQU5AqByQt@crushinator>
Date: Sat, 29 Mar 2014 18:37:44 +0100
Message-Id: <2F5F0459-B7D7-438C-A617-D116402F02BE@bitsofproof.com>
References: <1878927.J1e3zZmtIP@crushinator>
<AA48C372-6735-40E4-A8AF-264576F86BB1@bitsofproof.com>
<4676777.MQU5AqByQt@crushinator>
To: Matt Whitlock <bip@mattwhitlock.name>
X-Mailer: Apple Mail (2.1510)
X-bounce-key: webpack.hosteurope.de; tamas@bitsofproof.com; 1396114671;
eca66b40;
X-Spam-Score: 1.0 (+)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
1.0 HTML_MESSAGE BODY: HTML included in message
X-Headers-End: 1WTxCZ-0000Xn-KZ
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] Presenting a BIP for Shamir's Secret
Sharing of Bitcoin private keys
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Sat, 29 Mar 2014 17:37:53 -0000
--Apple-Mail=_487DB6AE-0174-4E5C-8BF0-162544E09383
Content-Type: multipart/alternative;
boundary="Apple-Mail=_0A7AE987-CA14-498C-80EA-2901A195D5E5"
--Apple-Mail=_0A7AE987-CA14-498C-80EA-2901A195D5E5
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
I had Matt's answer already, see below, but then I recognized that the =
group was not cc:-d, so I repeat:
It would help on the user interface to include into individual shares:
1. Number of shares needed
2. A few bytes fingerprint of the secret so shares that likely belong =
together can be identified.
I wonder how others weight security vs. usability in these questions.
Regards,
Tamas Blummer
http://bitsofproof.com
On Saturday, 29 March 2014, at 6:22 pm, Tamas Blummer wrote:
> It might make sense to store the number of shares needed. I know it is =
not needed by math, but could help on user interface to say,
> you need x more shares..
I intentionally omitted that information because it's a security risk. =
If an adversary gains control of one share and can see exactly how many =
more shares he needs, he may be able to plan a better attack. If he is =
clueless about how many shares he needs, then he may not be able to =
execute an attack at all because he may not know whether his information =
about what shares exist and where is complete.
On 29.03.2014, at 17:54, Matt Whitlock <bip@mattwhitlock.name> wrote:
> On Saturday, 29 March 2014, at 9:44 am, Tamas Blummer wrote:
>> I used Shamir's Secret Sharing to decompose a seed for a BIP32 master =
key, that is I think more future relevant than a single key.
>> Therefore suggest to adapt the BIP for a length used there typically =
16 or 32 bytes and have a magic code to indicate its use as key vs. =
seed.
>=20
> I have expanded the BIP so that it additionally applies to BIP32 =
master seeds of sizes 128, 256, and 512 bits.
>=20
> https://github.com/whitslack/btctool/blob/bip/bip-xxxx.mediawiki
>=20
> The most significant change versus the previous version is how the =
coefficients of the polynomials are constructed. Previously they were =
SHA-256 digests. Now they are SHA-512 digests, modulo a prime number =
that is selected depending on the size of the secret.
>=20
--Apple-Mail=_0A7AE987-CA14-498C-80EA-2901A195D5E5
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I had =
Matt's answer already, see below, but then I recognized that the group =
was not cc:-d, so I repeat:<div><br></div><div>It would help on the user =
interface to include into individual shares:</div><div><br></div><div>1. =
Number of shares needed</div><div>2. A few bytes fingerprint of the =
secret so shares that likely belong together can be =
identified.</div><div><br></div><div>I wonder how others weight security =
vs. usability in these questions.</div><div><br></div><div><div =
apple-content-edited=3D"true"><span style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: medium; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; =
display: inline !important; float: none; ">Regards,</span><br =
style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: 2; text-align: =
-webkit-auto; text-indent: 0px; text-transform: none; white-space: =
normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px; "><br style=3D"color: rgb(0, 0, 0); =
font-family: Helvetica; font-size: medium; font-style: normal; =
font-variant: normal; font-weight: normal; letter-spacing: normal; =
line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: =
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: =
0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; =
"><span style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: =
medium; font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: 2; text-align: =
-webkit-auto; text-indent: 0px; text-transform: none; white-space: =
normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px; display: inline !important; float: none; =
">Tamas Blummer</span><br style=3D"color: rgb(0, 0, 0); font-family: =
Helvetica; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: =
none; white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><span =
style=3D"color: rgb(0, 0, 0); font-family: Helvetica; font-size: medium; =
font-style: normal; font-variant: normal; font-weight: normal; =
letter-spacing: normal; line-height: normal; orphans: 2; text-align: =
-webkit-auto; text-indent: 0px; text-transform: none; white-space: =
normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; =
-webkit-text-stroke-width: 0px; display: inline !important; float: none; =
"><a href=3D"http://bitsofproof.com">http://bitsofproof.com</a></span>
</div>
<div><br></div><div>On Saturday, 29 March 2014, at 6:22 pm, Tamas =
Blummer wrote:<br><blockquote type=3D"cite">It might make sense to store =
the number of shares needed. I know it is not needed by math, but could =
help on user interface to say,<br>you need x more =
shares..<br></blockquote><br>I intentionally omitted that information =
because it's a security risk. If an adversary gains control of one share =
and can see exactly how many more shares he needs, he may be able to =
plan a better attack. If he is clueless about how many shares he needs, =
then he may not be able to execute an attack at all because he may not =
know whether his information about what shares exist and where is =
complete.<br></div><br><div><div>On 29.03.2014, at 17:54, Matt Whitlock =
<<a href=3D"mailto:bip@mattwhitlock.name">bip@mattwhitlock.name</a>>=
wrote:</div><br class=3D"Apple-interchange-newline"><blockquote =
type=3D"cite">On Saturday, 29 March 2014, at 9:44 am, Tamas Blummer =
wrote:<br><blockquote type=3D"cite">I used Shamir's Secret Sharing to =
decompose a seed for a BIP32 master key, that is I think more future =
relevant than a single key.<br>Therefore suggest to adapt the BIP for a =
length used there typically 16 or 32 bytes and have a magic code to =
indicate its use as key vs. seed.<br></blockquote><br>I have expanded =
the BIP so that it additionally applies to BIP32 master seeds of sizes =
128, 256, and 512 bits.<br><br><a =
href=3D"https://github.com/whitslack/btctool/blob/bip/bip-xxxx.mediawiki">=
https://github.com/whitslack/btctool/blob/bip/bip-xxxx.mediawiki</a><br><b=
r>The most significant change versus the previous version is how the =
coefficients of the polynomials are constructed. Previously they were =
SHA-256 digests. Now they are SHA-512 digests, modulo a prime number =
that is selected depending on the size of the =
secret.<br><br></blockquote></div><br></div></body></html>=
--Apple-Mail=_0A7AE987-CA14-498C-80EA-2901A195D5E5--
--Apple-Mail=_487DB6AE-0174-4E5C-8BF0-162544E09383
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJTNwToAAoJEPZykcUXcTkcpgsH/2VeTWbmsRsHESHOYxnoTfDT
0HEalTPFLGFGMqAc+I/m7i7tSH2m43esgfO3ct3XpgWZlQc7nBthz7LxmpAuBdnJ
w33zkRlk2+EpHlXNE4KNKNCoqBK5awfMEGuUoi5Vwquhk36dTZ8kR9n+3OyzooRa
xz2rxpnQZ5Ak+zPoUJu4zFcdk10BEXO52+i3B8MHuTwSrH0lFwdicB+7oBZ6q335
RLCmrMJrQZzHDBLp6NjAwim94v31VzhdpRwdqU2PBhGsMRi6X7tIeo+dgkUOzlpr
b8EjVW7GIjuTItYi00uRM9Iq4knxSd2/tcpdgMrTqf2yVR8kw/a5Bk1MyGxy3EM=
=iOs0
-----END PGP SIGNATURE-----
--Apple-Mail=_487DB6AE-0174-4E5C-8BF0-162544E09383--
|
