Author: Matt Whitlock 2014-03-29 18:00:15
Published on: 2014-03-29T18:00:15+00:00
In an email exchange between Alan Reiner and Matt Whitlock on March 29th, 2014, they discussed the omission of the parameter M (minimum subset size) from shares. Whitlock purposely left it out to prevent adversaries from gaining valuable information. However, Reiner disagreed with this decision, stating that usability was more important than trying to obfuscate security which is already considered secure. He also argued that failing silently when given incorrect shares or an insufficient number of shares is not beneficial since it only creates a disadvantage for the user. Reiner expressed concern about making sure his family has all the necessary information to recover any money stored in Bitcoin addresses. He believed that attackers knowing how many more fragments are needed is not a significant risk since those fragments are well-secured anyway. Additionally, he mentioned that ssss also omits information about the threshold and will provide a garbage secret if too few shares are combined, or even if too many shares are combined.
Updated on: 2023-06-08T17:15:08.765814+00:00