Author: Nikita Schmidt 2014-04-03 12:41:06
Published on: 2014-04-03T12:41:06+00:00
In a discussion about implementing SSS, Matt Whitlock was convinced to improve his BIP. However, since the consensus was that his BIP was unneeded, he wasn't sure if it was worth the effort. The person requesting the BIP stated that they'd rather stick with something publicly discussed than invent their own stuff. Despite the lack of consensus, the person went ahead and proposed finalising the spec for those who want to implement SSS now or in the future. It was suggested to make non-essential metadata optional, and their fields can be added individually at an implementation's discretion. The compromise between usability and security is to supply metadata out-of-band, like in plain text accompanying the Base-58 encoded share. Encoding for the testnet is not specified, and it was questioned whether it is wasteful to allocate three different application/version bytes just for the sake of always starting with 'SS'. A clause allowing the use of random coefficients instead of deterministic was suggested, as long as the implementation guarantees to never make another set of shares for the same private key or master seed. It was also suggested to use the same P256 prime as for the elliptic curve for consistency's sake. Lastly, it was suggested to use the actual x instead of j in encoding, which would denote a special case for future extensions. There was no technical reason behind this suggestion, it was just for clarity and consistency.
Updated on: 2023-06-08T16:58:45.606473+00:00