📅 Original date posted:2014-04-03
📝 Original message:Matt Whitlock wrote:
> Okay, you've convinced me. However, it looks like the consensus here is
> that my BIP is unneeded, so I'm not sure it would be worth the effort
> for me to improve it with your suggestions.
I need your BIP.
We are going to implement SSS and we'd rather stick with something
publicly discussed, even if it has not formally become a BIP, than
invent our own stuff.
I'll go ahead and comment on the current proposal here. BIP or no
BIP, I propose to finalise this spec anyway for those who want to
implement SSS now or in future.
I agree with the recently mentioned suggestion to make non-essential
metadata, namely key fingerprint and degree (M), optional. Their
4-byte and 1-byte fields can be added individually at an
implementation's discretion. During decoding, the total length will
determine which fields are included.
For example, as a compromise between usability and security, the
metadata can be supplied out-of-band, like in plain text accompanying
the Base-58 encoded share.
Encoding for the testnet is not specified.
Speaking of encoding, is it not wasteful to allocate three different
application/version bytes just for the sake of always starting with
'SS'? It would be OK if it were accepted as a BIP, but merely as a
de-facto standard it should aim at minimising future chances of
collision.
I'd add a clause allowing the use of random coefficients instead of
deterministic, as long as the implementation guarantees to never make
another set of shares for the same private key or master seed.
What about using the same P256 prime as for the elliptic curve? Just
for consistency's sake.
Also, I'm somewhat inclined towards using the actual x instead of j in
the encoding. I find it more direct and straightforward to encode the
pair (x, y). And x=0 can denote a special case for future extensions.
There is no technical reason behind this, it's just for (subjective)
clarity and consistency.
Nikita Schmidt [ARCHIVE] /
npub1ae…u7ctd
2023-06-07 15:17:05
in reply to nevent1q…c55j
Author Public Key
npub1aeetueshkcgcx4x7uze7qteaq85d9d4c8kzrwxqmxq2rjnl5drmssu7ctdSeen on
wss://relay.noswhere.comPublished at
2023-06-07 15:17:05Event JSON
{
"id": "000e418b70715e904e8cf1b02a0bfdfcb4e59a0adbda0393c39518dd0107a172",
"pubkey": "ee72be6617b6118354dee0b3e02f3d01e8d2b6b83d8437181b3014394ff468f7",
"created_at": 1686151025,
"kind": 1,
"tags": [
[
"e",
"ec3db7ea61043d2181c683590cc6472afc1e727a155c1437be680d2ee4f9939c",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2014-04-03\n📝 Original message:Matt Whitlock wrote:\n\u003e Okay, you've convinced me. However, it looks like the consensus here is\n\u003e that my BIP is unneeded, so I'm not sure it would be worth the effort\n\u003e for me to improve it with your suggestions.\n\nI need your BIP.\n\nWe are going to implement SSS and we'd rather stick with something\npublicly discussed, even if it has not formally become a BIP, than\ninvent our own stuff.\n\nI'll go ahead and comment on the current proposal here. BIP or no\nBIP, I propose to finalise this spec anyway for those who want to\nimplement SSS now or in future.\n\nI agree with the recently mentioned suggestion to make non-essential\nmetadata, namely key fingerprint and degree (M), optional. Their\n4-byte and 1-byte fields can be added individually at an\nimplementation's discretion. During decoding, the total length will\ndetermine which fields are included.\n\nFor example, as a compromise between usability and security, the\nmetadata can be supplied out-of-band, like in plain text accompanying\nthe Base-58 encoded share.\n\nEncoding for the testnet is not specified.\n\nSpeaking of encoding, is it not wasteful to allocate three different\napplication/version bytes just for the sake of always starting with\n'SS'? It would be OK if it were accepted as a BIP, but merely as a\nde-facto standard it should aim at minimising future chances of\ncollision.\n\nI'd add a clause allowing the use of random coefficients instead of\ndeterministic, as long as the implementation guarantees to never make\nanother set of shares for the same private key or master seed.\n\nWhat about using the same P256 prime as for the elliptic curve? Just\nfor consistency's sake.\n\nAlso, I'm somewhat inclined towards using the actual x instead of j in\nthe encoding. I find it more direct and straightforward to encode the\npair (x, y). And x=0 can denote a special case for future extensions.\n There is no technical reason behind this, it's just for (subjective)\nclarity and consistency.",
"sig": "1adb97a669d74bfa3a8244c0204f52a0d077211bc15f8d91312540a287c035ef3f5869385fe94b571f19e37fbbe3c583baf32483f2abb3db44d0f3dd15146ae1"
}