📅 Original date posted:2011-08-25
🗒️ Summary of this message: A suggestion to combine the results of smaller encryptions/signatures without sharing the secret key share itself, which could solve problems with independent servers sharing a secret key.
📝 Original message:If I remember the details correctly you could combine (lagrange
interpolation) the results of m smaller encryptions/signatures without ever
sharing the secret key share itself. No idea if that is possible with ecdsa
at all, but it sure would solve quite a few problems, as it would allow
several independent servers to share a secret key, sign transactions with
it, but no m-1 compromised machines would endanger the whole balance.
I will definitely look into it when I'm back from holidays.
Cheers,
Cdecker
On Aug 24, 2011 9:29 PM, "Gregory Maxwell" <gmaxwell at gmail.com> wrote:
> On Wed, Aug 24, 2011 at 3:05 PM, Christian Decker
> <decker.christian at gmail.com> wrote:
>> we could add an rsa-like scheme which allows m-out-of-n signatures. It
works
>> by distributing shares of the key which are points on a curve having the
>> actual key as 0-value. It does not require special length for the key so
if
>> ecdsa allows something similar there need not be anything changed.
>
> This works fine for ECC. But it requires that the composite key
> signer has simultaneous access to all the key-parts, so it doesn't
> solve the "my PC has malware" problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20110825/1c075b51/attachment.html>;
Christian Decker [ARCHIVE] /
npub1wt…gtuyn
2023-06-07 02:18:51
in reply to nevent1q…l570
Author Public Key
npub1wtx5qvewc7pd6znlvwktq03mdld05mv3h5dkzfwd3dc30gdmsptsugtuynPublished at
2023-06-07 02:18:51Event JSON
{
"id": "4740aead68c9e76001923c2c34e9a1233f6e41544db9e4ad97ff5d0a0ab85929",
"pubkey": "72cd40332ec782dd0a7f63acb03e3b6fdafa6d91bd1b6125cd8b7117a1bb8057",
"created_at": 1686104331,
"kind": 1,
"tags": [
[
"e",
"391ebcb8eb3f9b5884cfbf66f4a99b12c015cc93baa9452c114d68f52d1168ec",
"",
"root"
],
[
"e",
"9d071e9464c687585cfe0206adc1f3b5f285e6cafc1bb84ad602085fd310ad86",
"",
"reply"
],
[
"p",
"304641dbb49ee6a600bce6ea04cb0cb25b3c969f8f11581aedb62736f2bce6b2"
]
],
"content": "📅 Original date posted:2011-08-25\n🗒️ Summary of this message: A suggestion to combine the results of smaller encryptions/signatures without sharing the secret key share itself, which could solve problems with independent servers sharing a secret key.\n📝 Original message:If I remember the details correctly you could combine (lagrange\ninterpolation) the results of m smaller encryptions/signatures without ever\nsharing the secret key share itself. No idea if that is possible with ecdsa\nat all, but it sure would solve quite a few problems, as it would allow\nseveral independent servers to share a secret key, sign transactions with\nit, but no m-1 compromised machines would endanger the whole balance.\nI will definitely look into it when I'm back from holidays.\n\nCheers,\nCdecker\nOn Aug 24, 2011 9:29 PM, \"Gregory Maxwell\" \u003cgmaxwell at gmail.com\u003e wrote:\n\u003e On Wed, Aug 24, 2011 at 3:05 PM, Christian Decker\n\u003e \u003cdecker.christian at gmail.com\u003e wrote:\n\u003e\u003e we could add an rsa-like scheme which allows m-out-of-n signatures. It\nworks\n\u003e\u003e by distributing shares of the key which are points on a curve having the\n\u003e\u003e actual key as 0-value. It does not require special length for the key so\nif\n\u003e\u003e ecdsa allows something similar there need not be anything changed.\n\u003e\n\u003e This works fine for ECC. But it requires that the composite key\n\u003e signer has simultaneous access to all the key-parts, so it doesn't\n\u003e solve the \"my PC has malware\" problem.\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20110825/1c075b51/attachment.html\u003e",
"sig": "4f655b53b6e0551bb8b2ccd4e005678c2c8d550ad0751cdd4b780be49b7bc0d42eb02ae82d3d6068a69e3df1d2aabd6a2b5db2fd154de7052e1802991aa00a7c"
}