On Fri, Apr 4, 2014 at 10:16 AM, Matt Whitlock <b...@mattwhitlock.name> wrote: > Honestly, that sounds a lot more complicated than what I have now. I made my > current implementation because I just wanted something simple that would let > me divide a private key into shares for purposes of dissemination to my next > of kin et al.
I suggest you go look at some of the other secret sharing implementations that use GF(2^8), they end up just being a couple of dozen lines of code. Pretty simple stuff, and they work efficiently for all sizes of data, there are implementations in a multitude of languages. There are a whole bunch of these. > I already have a fairly polished implementation of my BIP, and it's not > written in a "very high-level language"; it's C++, and the parts that do the > big-integer arithmetic are basically C. I'm using the GMP library: very > straightforward, very reliable, very fast. With respect for the awesome work that GMP is— It's 250,000 lines of LGPLed code. It's not just "pic microcontrollers" that would find that scale of a dependency unwelcome. > Do you have a use case in mind that would benefit from byte-wise operations > rather than big-integer operations? I mean, I guess if you were trying to > implement this BIP on a PIC microcontroller, it might be nice to process the > secret in smaller bites. (No pun intended.) But I get this feeling that > you're only pushing me away from the present incarnation of my proposal > because you think it's too similar (but not quite similar enough) to a > threshold ECDSA key scheme. It lets you efficiently scale to any size data being encoded without extra overhead or having additional primes. It can be compactly implemented in Javascript (there are several implementations you can find if you google), it shouldn't be burdensome to implement on a device like a trezor (much less a real microcontroller). And yea, sure, it's distinct from the implementation you'd use for threshold signing. A threshold singing one would lack the size agility or the easy of implementation on limited devices. So I do think that if there is to be two it would be good to gain the advantages that can't be achieved in an threshold ECDSA compatible approach. ------------------------------------------------------------------------------ _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
