public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Tamas Blummer <tamas@bitsofproof.com>
To: Mike Hearn <mike@plan99.net>
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys
Date: Sat, 29 Mar 2014 14:38:53 +0100	[thread overview]
Message-ID: <7AB025F4-3C78-4E8E-B57D-2D5348CF95B1@bitsofproof.com> (raw)
In-Reply-To: <CANEZrP0WAMGV_ki3+9eFPaLQQVS7BJQ1c1c7KDuQatTeun-VwA@mail.gmail.com>


[-- Attachment #1.1: Type: text/plain, Size: 3617 bytes --]


This is why my motivation is rather secure backup, not multisig. Instead of storing encrypted seed in one location and the passphrase for it in an other location, one can just store two shares in two places.


> Right - the explanation in the BIP about the board of  directors is IMO a little misleading. The problem is with splitting a private key is that at some point, someone has to get the full private key back and they can then just remember the private key to undo the system. CHECKMULTISIG avoids this.
> 
> I can imagine that there may be occasional uses for splitting a wallet seed like this, like for higher security cold wallets, but I suspect an ongoing shared account like a corporate account is still best off using CHECKMULTISIG or the n-of-m ECDSA threshold scheme proposed by Ali et al.
> 
> 
> On Sat, Mar 29, 2014 at 2:27 PM, Jeff Garzik <jgarzik@bitpay.com> wrote:
> The comparison with multisig fails to mention that multi-signature
> transactions explicitly define security at the transaction level.
> This permits fine-grained specificity of what a key holder may
> approve.
> 
> Shamir is much more coarse-grained.  You reconstitute a private key,
> which may then be used to control anything that key controls.  Thus,
> in addition to Shamir itself, you need policies such as "no key
> reuse."
> 
> My first impression of Shamir many moons ago was "cool!" but that's
> since been tempered by thinking through the use cases.  Shamir has a
> higher D.I.Y. factor, with a correspondingly larger surface of
> things-that-could-go-wrong, IMO.
> 
> (None of this implies making an informational BIP lacks value; I'm all
> for an informational BIP)
> 
> 
> 
> 
> On Sat, Mar 29, 2014 at 7:54 AM, Chris Beams <chris@beams.io> wrote:
> > Enlightening; thanks, Matt. And apologies to the list for my earlier inadvertent double-post.
> >
> > On Mar 29, 2014, at 12:16 PM, Matt Whitlock <bip@mattwhitlock.name> wrote:
> >
> >> On Saturday, 29 March 2014, at 10:08 am, Chris Beams wrote:
> >>> Matt, could you expand on use cases for which you see Shamir's Secret Sharing Scheme as the best tool for the job? In particular, when do you see that it would be superior to simply going with multisig in the first place? Perhaps you see these as complimentary approaches, toward defense-in-depth? In any case, the Motivation and Rationale sections of the BIP in its current form are silent on these questions.
> >>
> >> I have added two new sections to address your questions.
> >>
> >> https://github.com/whitslack/btctool/blob/bip/bip-xxxx.mediawiki
> >
> >
> > ------------------------------------------------------------------------------
> >
> > _______________________________________________
> > Bitcoin-development mailing list
> > Bitcoin-development@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> >
> 
> 
> 
> --
> Jeff Garzik
> Bitcoin core developer and open source evangelist
> BitPay, Inc.      https://bitpay.com/
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
> 
> ------------------------------------------------------------------------------
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development


[-- Attachment #1.2: Type: text/html, Size: 5219 bytes --]

[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

  reply	other threads:[~2014-03-29 13:39 UTC|newest]

Thread overview: 90+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-29  8:05 [Bitcoin-development] Presenting a BIP for Shamir's Secret Sharing of Bitcoin private keys Matt Whitlock
2014-03-29  8:34 ` Tamas Blummer
2014-03-29  8:44 ` Tamas Blummer
2014-03-29  8:51   ` Matt Whitlock
2014-03-29  8:54     ` Matt Whitlock
2014-03-29 16:54   ` Matt Whitlock
2014-03-29 17:37     ` Tamas Blummer
2014-03-29  9:08 ` Chris Beams
2014-03-29  9:31   ` Matt Whitlock
2014-03-29 11:16   ` Matt Whitlock
2014-03-29 11:54     ` Chris Beams
2014-03-29 13:27       ` Jeff Garzik
2014-03-29 13:36         ` Mike Hearn
2014-03-29 13:38           ` Tamas Blummer [this message]
2014-03-29 14:10           ` Matt Whitlock
2014-03-29 14:19             ` Jeff Garzik
2014-03-29 14:55               ` Matt Whitlock
2014-03-29 15:04                 ` Mike Hearn
2014-03-29 14:28             ` Watson Ladd
2014-03-29 14:36               ` Gregory Maxwell
2014-03-29 15:01                 ` Matt Whitlock
2014-03-29  9:21 ` Chris Beams
     [not found] <CACsn0ckScTWG4YxNCscxvtdsmcUkxtR2Gi-rdBs2HCkirPz5rA@mail.gmail.com>
2014-03-29 15:44 ` Matt Whitlock
2014-03-29 16:59   ` Alan Reiner
2014-03-29 17:19     ` Matt Whitlock
2014-03-29 17:52       ` Alan Reiner
2014-03-29 18:00         ` Matt Whitlock
2014-03-29 18:08           ` Alan Reiner
2014-03-29 18:10             ` Matt Whitlock
     [not found]               ` <CAAt2M18j7bGDsKouVw+e4j+FMiJ4vK6-sx+nrkwHyiKLqiH7Jg@mail.gmail.com>
2014-03-29 19:34                 ` Natanael
2014-04-04  2:38               ` Jeff Garzik
2014-03-29 18:16         ` Tamas Blummer
2014-03-29 18:41           ` Alan Reiner
2014-03-29 17:28     ` Roy Badami
2014-03-29 17:42       ` Matt Whitlock
2014-03-29 17:51         ` Roy Badami
2014-03-29 17:28   ` devrandom
     [not found]   ` <1396113933.8809.91.camel@mimiz>
2014-03-29 17:38     ` Matt Whitlock
2014-03-29 17:46       ` Gregory Maxwell
2014-03-29 19:49         ` Tamas Blummer
2014-03-29 17:48       ` devrandom
2014-03-29 17:51         ` Matt Whitlock
2014-03-29 17:56           ` devrandom
2014-04-03 12:41 Nikita Schmidt
2014-04-03 21:42 ` Matt Whitlock
2014-04-04 13:51   ` Nikita Schmidt
2014-04-04 14:14     ` Gregory Maxwell
2014-04-04 16:05       ` Matt Whitlock
2014-04-04 16:25         ` Gregory Maxwell
2014-04-04 16:36           ` Matt Whitlock
2014-04-04 17:08             ` Gregory Maxwell
2014-04-04 17:16               ` Matt Whitlock
2014-04-04 17:51                 ` Gregory Maxwell
2014-04-04 18:53                   ` Matt Whitlock
2014-04-04 16:03     ` Matt Whitlock
2014-04-08  0:33       ` Nikita Schmidt
2014-04-08  0:38         ` Gregory Maxwell
2014-04-08  1:46           ` Matt Whitlock
2014-04-08  2:07             ` Gregory Maxwell
2014-04-08 11:52               ` Matt Whitlock
2014-04-10 22:31                 ` Nikita Schmidt
2014-04-22  8:06                   ` Jan Møller
2014-04-22  8:11                     ` Matt Whitlock
2014-04-22  8:27                       ` Jan Møller
2014-04-22  8:29                         ` Matt Whitlock
2014-04-22  8:39                           ` Jan Møller
2014-04-22  8:43                             ` Matt Whitlock
2014-04-22  8:51                               ` Jan Møller
2014-04-22  9:13                             ` Matt Whitlock
2014-04-22 11:50                               ` Justin A
2014-04-22  8:35                       ` Matt Whitlock
2014-04-22  8:39                         ` Tamas Blummer
2014-04-22  8:40                           ` Matt Whitlock
2014-04-22  8:43                             ` Tamas Blummer
2014-04-22  8:47                               ` Matt Whitlock
2014-04-22  8:50                                 ` Tamas Blummer
2014-04-22 15:32                           ` Mark Friedenbach
2014-04-22 15:49                             ` Tamas Blummer
2014-04-22 17:03                               ` Mark Friedenbach
2014-04-22 17:07                               ` Jan Møller
2014-04-22 18:29                                 ` Tamas Blummer
2014-04-22 18:46                                   ` Gregory Maxwell
2014-04-23  5:33                                     ` Tamas Blummer
2014-04-23  6:16                                       ` Gregory Maxwell
2014-05-05 19:36                                         ` Nikita Schmidt
2014-05-12 12:09                                           ` Jan Møller
2014-08-14 19:23                                             ` Nikita Schmidt
2014-04-22 13:37                       ` Nikita Schmidt
2014-04-22  8:15                     ` Gregory Maxwell
2014-04-22  8:49                       ` Jan Møller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7AB025F4-3C78-4E8E-B57D-2D5348CF95B1@bitsofproof.com \
    --to=tamas@bitsofproof.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=mike@plan99.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox