Author: Matt Whitlock 2014-03-29 17:19:29
Published on: 2014-03-29T17:19:29+00:00
Alan Reiner discussed the challenges involved in making a feature that allows users to identify which fragments are associated with which wallet and which fragments are compatible with each other. He also highlighted the need for a way to save, print or write down the fragments, re-enter them, reject duplicates, and identify errors. To address these issues, he proposed a share encoding scheme that intentionally omits the parameter M (minimum subset size) from the shares to prevent giving the adversary vital information. He also put the secret in the highest-order coefficient of the polynomial and ensured that the other coefficients were deterministic. Reiner felt it was important to choose coefficients that make the shares of a secret consistent across all runs of the algorithm having the same M, as opposed to using N (the number of shares to output), which only controls how many times the outermost loop is executed and doesn't play a part in the calculation. Additionally, he noted that failing silently when given incorrect shares or an insufficient number of shares is intentional. While some users may not trust exporting fragments without increasing N, Reiner's BIP ensures consistency in the shares of a secret across all runs of the algorithm having the same M.
Updated on: 2023-06-08T17:12:15.778354+00:00