From: Roy Badami <roy@gnomon•org.uk>
To: Alan Reiner <etotheipi@gmail•com>
Cc: bitcoin-development@lists•sourceforge.net
Subject: Re: [Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys
Date: Sat, 29 Mar 2014 17:28:16 +0000 [thread overview]
Message-ID: <20140329172815.GH62995@giles.gnomon.org.uk> (raw)
In-Reply-To: <5336FBE7.7030209@gmail.com>
Right now there are also people simply taking base58-encoded private
keys and running them through ssss-split.
It has a lot going for it, since it can easily be reassembled on any
Linux machine without special software (B Poettering's Linux command
line SSSS implementation[1] seems to be included in most Linux distros).
roy
[1] http://point-at-infinity.org/ssss/
On Sat, Mar 29, 2014 at 12:59:19PM -0400, Alan Reiner wrote:
>
> Armory has had "Fragmented Backups" for over a year, now. Advanced
> users love it. Though, I would say it's kind of difficult to
> standardize the way I did it since I was able to implement all the
> finite field math with recursion, list comprehensions and python
> arbitrary-big-integers in about 100 lines. I'm not sure how "portable"
> it is to other languages. There's obviously better ways to do it, but I
> didn't need a better way, because I don't need to support fragmentation
> above M=8 and this was 100% sufficient for it. And I was the only one
> doing it, so there was no one to be compatible with.
>
> I won't lie, there's a lot of work that goes into making an interface
> that makes this feature "usable." The user needs clear ways to identify
> which fragments are associated with which wallet, and which fragments
> are compatible with each other. They need a way to save some fragments
> to file, print them, or simply write them down. They need a way to
> re-enter fragment, reject duplicates, identify errors, etc. Without it,
> the math fails silently, and you end up restoring a different wallet.
> And they need a way to test that it all works. Armory did all this,
> but it was no trivial task. Including an interface that will test up to
> 50 subsets of make sure the math produces the same values every time
> (which still is not sufficient for some users, who won't be satisified
> til they see they're wallet actually restored from fragments.
>
> Also I put the secret in the highest-order coefficient of the
> polynomial, and made sure that the other coefficients were
> deterministic. This meant that if print out an M-of-N wallet, I can
> later print out an M-of-(N+1) wallet and the first N fragments will be
> the same. I'm not sure how many users would trust this, but we felt it
> was important in case a user needs to export some fragments, even if
> they don't increase N.
>
> You might consider loading Armory in offline mode, create a wallet, and
> then do a fragmented backup to see how we did it. I am extremely
> satisfied with the interface, but it's most definitely an "advanced"
> tool. But so is Armory ... which made it a good fit. But it might not
> be for everyone.
>
> -Alan
>
>
>
> On 03/29/2014 11:44 AM, Matt Whitlock wrote:
> > On Saturday, 29 March 2014, at 11:08 am, Watson Ladd wrote:
> >> https://freedom-to-tinker.com/blog/stevenag/new-research-better-wallet-security-for-bitcoin/
> > Thanks. This is great, although it makes some critical references to an ACM paper for which no URL is provided, and thus I cannot implement it.
> >
> > A distributed ECDSA notwithstanding, we still need a way to decompose a BIP32 master seed into shares. I am envisioning a scenario in which I might meet my sudden and untimely demise, and I wish to allow my beneficiaries to reconstruct my wallet's master seed after my death. I would like to distribute seed shares to each of my beneficiaries and some close friends, such that some subset of the shares must be joined together to reconstitute my master seed. Shamir's Secret Sharing Scheme is perfect for this use case. I am presently working on extending my draft BIP so that it also applies to BIP32 master seeds of various sizes.
> >
> > ------------------------------------------------------------------------------
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists•sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
next prev parent reply other threads:[~2014-03-29 17:28 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CACsn0ckScTWG4YxNCscxvtdsmcUkxtR2Gi-rdBs2HCkirPz5rA@mail.gmail.com>
2014-03-29 15:44 ` Matt Whitlock
2014-03-29 16:59 ` Alan Reiner
2014-03-29 17:19 ` Matt Whitlock
2014-03-29 17:52 ` Alan Reiner
2014-03-29 18:00 ` Matt Whitlock
2014-03-29 18:08 ` Alan Reiner
2014-03-29 18:10 ` Matt Whitlock
[not found] ` <CAAt2M18j7bGDsKouVw+e4j+FMiJ4vK6-sx+nrkwHyiKLqiH7Jg@mail.gmail.com>
2014-03-29 19:34 ` Natanael
2014-04-04 2:38 ` Jeff Garzik
2014-03-29 18:16 ` Tamas Blummer
2014-03-29 18:41 ` Alan Reiner
2014-03-29 17:28 ` Roy Badami [this message]
2014-03-29 17:42 ` Matt Whitlock
2014-03-29 17:51 ` Roy Badami
2014-03-29 17:28 ` devrandom
[not found] ` <1396113933.8809.91.camel@mimiz>
2014-03-29 17:38 ` Matt Whitlock
2014-03-29 17:46 ` Gregory Maxwell
2014-03-29 19:49 ` Tamas Blummer
2014-03-29 17:48 ` devrandom
2014-03-29 17:51 ` Matt Whitlock
2014-03-29 17:56 ` devrandom
2014-04-03 12:41 Nikita Schmidt
2014-04-03 21:42 ` Matt Whitlock
2014-04-04 13:51 ` Nikita Schmidt
2014-04-04 14:14 ` Gregory Maxwell
2014-04-04 16:05 ` Matt Whitlock
2014-04-04 16:25 ` Gregory Maxwell
2014-04-04 16:36 ` Matt Whitlock
2014-04-04 17:08 ` Gregory Maxwell
2014-04-04 17:16 ` Matt Whitlock
2014-04-04 17:51 ` Gregory Maxwell
2014-04-04 18:53 ` Matt Whitlock
2014-04-04 16:03 ` Matt Whitlock
2014-04-08 0:33 ` Nikita Schmidt
2014-04-08 0:38 ` Gregory Maxwell
2014-04-08 1:46 ` Matt Whitlock
2014-04-08 2:07 ` Gregory Maxwell
2014-04-08 11:52 ` Matt Whitlock
2014-04-10 22:31 ` Nikita Schmidt
2014-04-22 8:06 ` Jan Møller
2014-04-22 8:11 ` Matt Whitlock
2014-04-22 8:27 ` Jan Møller
2014-04-22 8:29 ` Matt Whitlock
2014-04-22 8:39 ` Jan Møller
2014-04-22 8:43 ` Matt Whitlock
2014-04-22 8:51 ` Jan Møller
2014-04-22 9:13 ` Matt Whitlock
2014-04-22 11:50 ` Justin A
2014-04-22 8:35 ` Matt Whitlock
2014-04-22 8:39 ` Tamas Blummer
2014-04-22 8:40 ` Matt Whitlock
2014-04-22 8:43 ` Tamas Blummer
2014-04-22 8:47 ` Matt Whitlock
2014-04-22 8:50 ` Tamas Blummer
2014-04-22 15:32 ` Mark Friedenbach
2014-04-22 15:49 ` Tamas Blummer
2014-04-22 17:03 ` Mark Friedenbach
2014-04-22 17:07 ` Jan Møller
2014-04-22 18:29 ` Tamas Blummer
2014-04-22 18:46 ` Gregory Maxwell
2014-04-23 5:33 ` Tamas Blummer
2014-04-23 6:16 ` Gregory Maxwell
2014-05-05 19:36 ` Nikita Schmidt
2014-05-12 12:09 ` Jan Møller
2014-08-14 19:23 ` Nikita Schmidt
2014-04-22 13:37 ` Nikita Schmidt
2014-04-22 8:15 ` Gregory Maxwell
2014-04-22 8:49 ` Jan Møller
-- strict thread matches above, loose matches on Subject: below --
2014-03-29 8:05 Matt Whitlock
2014-03-29 8:34 ` Tamas Blummer
2014-03-29 8:44 ` Tamas Blummer
2014-03-29 8:51 ` Matt Whitlock
2014-03-29 8:54 ` Matt Whitlock
2014-03-29 16:54 ` Matt Whitlock
2014-03-29 17:37 ` Tamas Blummer
2014-03-29 9:08 ` Chris Beams
2014-03-29 9:31 ` Matt Whitlock
2014-03-29 11:16 ` Matt Whitlock
2014-03-29 11:54 ` Chris Beams
2014-03-29 13:27 ` Jeff Garzik
2014-03-29 13:36 ` Mike Hearn
2014-03-29 13:38 ` Tamas Blummer
2014-03-29 14:10 ` Matt Whitlock
2014-03-29 14:19 ` Jeff Garzik
2014-03-29 14:55 ` Matt Whitlock
2014-03-29 15:04 ` Mike Hearn
2014-03-29 14:28 ` Watson Ladd
2014-03-29 14:36 ` Gregory Maxwell
2014-03-29 15:01 ` Matt Whitlock
2014-03-29 9:21 ` Chris Beams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140329172815.GH62995@giles.gnomon.org.uk \
--to=roy@gnomon$(echo .)org.uk \
--cc=bitcoin-development@lists$(echo .)sourceforge.net \
--cc=etotheipi@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox