If I remember the details correctly you could combine (lagrange
interpolation) the results of m smaller encryptions/signatures without ever
sharing the secret key share itself. No idea if that is possible with ecdsa
at all, but it sure would solve quite a few problems, as it would allow
several independent servers to share a secret key, sign transactions with
it, but no m-1 compromised machines would endanger the whole balance.
I will definitely look into it when I'm back from holidays.

Cheers,
Cdecker
On Aug 24, 2011 9:29 PM, "Gregory Maxwell" <gmaxwell@gmail.com> wrote:
> On Wed, Aug 24, 2011 at 3:05 PM, Christian Decker
> <decker.christian@gmail.com> wrote:
>> we could add an rsa-like scheme which allows m-out-of-n signatures. It
works
>> by distributing shares of the key which are points on a curve having the
>> actual key as 0-value. It does not require special length for the key so
if
>> ecdsa allows something similar there need not be anything changed.
>
> This works fine for ECC. But it requires that the composite key
> signer has simultaneous access to all the key-parts, so it doesn't
> solve the "my PC has malware" problem.