This is a very useful BIP, and I am very much looking forward to implementing it in Mycelium, in particular for bip32 wallets.

To me this is not about whether to use SSS instead of multisig transactions. In the end you want to protect a secret (be it a HD master seed or a private key) in such a way that you can recover it in case of partial theft/loss. Whether I'll use the master seed to generate keys that are going to be used for multisig transactions is another discussion IMO.

A few suggestions:

- I think it is very useful to define different prefixes for testnet keys/seeds. As a developer I use the testnet every day, and many of our users use it for trying out new functionality. Mixing up keys meant for testnet and mainnet is bad.

- Please allow M=1. From a usability point of view it makes sense to allow the user to select 1 share if that is what he wants.

I have no strong opinions of whether to use GF(2^8) over Shamir's Secret Sharing, but the simplicity of GF(2^8) is appealing.

- Jan

On Fri, Apr 11, 2014 at 12:31 AM, Nikita Schmidt <nikita@megiontechnologies.com> wrote:

> What do you think a big-integer division by a word-sized divisor *is*? Obviously rolling your own is always an option. Are you just saying that Base58 encoding and decoding is easier than Shamir's Secret Sharing because the divisors are small?

Well, yes, to be fair, in fact it is. The small divisor and lack of
modulo arithmetic make base-58 encoding and decoding noticeably
smaller and easier than Shamir's Secret Sharing over GF(P256).

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development