Author: Alan Reiner 2014-03-29 17:52:20
Published on: 2014-03-29T17:52:20+00:00
In an email conversation from 03/29/2014 01:19 PM, Matt Whitlock expressed his intentional omission of the parameter M (minimum subset size) from shares because including it would give an adversary crucial information. He believed that providing any information that would allow a determination of whether the secret has been reconstructed correctly would give an adversary too much information. The failing silently when given incorrect shares or an insufficient number of shares was also intentional. However, the user’s understanding is more important to him than obfuscating the parameters of the secret sharing to provide a slight disadvantage to an adversary who gets ahold of one. The fact that it fails silently does not benefit the user in any way as if they have enough fragments; they can reconstruct the seed and see that it produces addresses with money. If not, they know they need more fragments. The main concern is that the user's family has all the information they need to recover the money, rather than an attacker knowing that they need two more fragments instead of which are well-secured anyway.
Updated on: 2023-06-08T17:05:34.811225+00:00