Gregory Maxwell [ARCHIVE] on Nostr: π
Original date posted:2014-04-04 π Original message:On Fri, Apr 4, 2014 at ...
π
Original date posted:2014-04-04
π Original message:On Fri, Apr 4, 2014 at 6:51 AM, Nikita Schmidt
<nikita at megiontechnologies.com> wrote:
> Fair enough. Although I would have chosen the field order (p) simply
> because that's how all arithmetic already works in bitcoin. One field
> for everybody. It's also very close to 2^256, although still smaller
> than your maximum prime. Now of course with different bit lengths we
> have to pick one consistency over others.
Operation mod the group order is how secret keys must be combined in
type-2 private derivation for BIP-32. It's also absolutely essential
if you want to build a secret sharing scheme in which the shares are
usable for threshold ECDSA.
I still repeat my concern that any private key secret sharing scheme
really ought to be compatible with threshold ECDSA, otherwise we're
just going to have another redundant specification.
Published at
2023-06-07 15:17:06Event JSON
{
"id": "792413be396723699385c34acc477fd24c756179719b72f142c4afad1aa3934c",
"pubkey": "4aa6cf9aa5c8e98f401dac603c6a10207509b6a07317676e9d6615f3d7103d73",
"created_at": 1686151026,
"kind": 1,
"tags": [
[
"e",
"ec3db7ea61043d2181c683590cc6472afc1e727a155c1437be680d2ee4f9939c",
"",
"root"
],
[
"e",
"320e56c96a41473869b45d4ce0557c7231bb5d28b4fd3a0f03a3f858aac6b6f5",
"",
"reply"
],
[
"p",
"ee72be6617b6118354dee0b3e02f3d01e8d2b6b83d8437181b3014394ff468f7"
]
],
"content": "π
Original date posted:2014-04-04\nπ Original message:On Fri, Apr 4, 2014 at 6:51 AM, Nikita Schmidt\n\u003cnikita at megiontechnologies.com\u003e wrote:\n\u003e Fair enough. Although I would have chosen the field order (p) simply\n\u003e because that's how all arithmetic already works in bitcoin. One field\n\u003e for everybody. It's also very close to 2^256, although still smaller\n\u003e than your maximum prime. Now of course with different bit lengths we\n\u003e have to pick one consistency over others.\n\nOperation mod the group order is how secret keys must be combined in\ntype-2 private derivation for BIP-32. It's also absolutely essential\nif you want to build a secret sharing scheme in which the shares are\nusable for threshold ECDSA.\n\nI still repeat my concern that any private key secret sharing scheme\nreally ought to be compatible with threshold ECDSA, otherwise we're\njust going to have another redundant specification.",
"sig": "ad0965138ac7e0d24f787a38a006ab58cf56575f1ab61e451c43cc4947b863a65198fd095810b4b92919eddc1d357d22abecc6981b045f7027e9a2678b8d645e"
}