From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id E1076D9F for ; Thu, 18 Jan 2018 05:00:34 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail.bluematt.me (mail.bluematt.me [192.241.179.72]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 73EAD44D for ; Thu, 18 Jan 2018 05:00:34 +0000 (UTC) Received: from [192.168.0.18] (cpe-66-8-230-13.hawaii.res.rr.com [66.8.230.13]) by mail.bluematt.me (Postfix) with ESMTPSA id A81D71A08DE; Thu, 18 Jan 2018 05:00:32 +0000 (UTC) Date: Thu, 18 Jan 2018 05:00:28 +0000 In-Reply-To: References: <51280a45-f86b-3191-d55e-f34e880c1da8@satoshilabs.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable To: Gregory Maxwell , Bitcoin Protocol Discussion , Gregory Maxwell via bitcoin-dev , =?UTF-8?Q?Ond=C5=99ej_Vejpustek?= From: Matt Corallo Message-ID: <08E5B040-973B-4089-9DA6-CE8AE6CF3D3B@mattcorallo.com> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jan 2018 05:00:35 -0000 Or make it a part of your secret-split logic=2E=2E=2E Gotta love how fast G= F(2^8) is: https://github=2Ecom/TheBlueMatt/shamirs/blob/master/main=2Ec#L57 On January 17, 2018 3:31:44 PM UTC, Gregory Maxwell via bitcoin-dev wrote: >If the generalization isn't obvious, it might be helpful to make a >little test utility that tries all possible one byte messages with all >possible share values using the GF(256) sharing scheme proposed in the >draft-- in this case information theory is why we can know SSS (and >similar) have (within their limited scope) _perfect_ security, rather >than it being a reason to speculate that they might not turn out to be >secure at all=2E (or, instead of a test utility just work through some >examples on paper in a small field)=2E >