Author: Alan Reiner 2014-03-29 18:41:17
Published on: 2014-03-29T18:41:17+00:00
Armory is a Bitcoin wallet that defines the "Fragment ID" as the first few bytes of the hash of the root pubKey + M-parameter, converted to base58. Each fragment is then labeled with "[FragID]-#1", "[FragID]-#2", etc. All fragments with the same Fragment ID are compatible, only if deterministic coefficients are used. This feature helps in organizing and documenting the distribution of fragments, especially when the same fragment is printed or saved twice by accident. Tamas Blummer suggests usability features can be added while keeping the underlying secret well protected. He believes that knowledge of the degree of the polynomial would not aid an attacker and similarly, a fingerprint of the secret would leak no useful information if it is unrelated to the hash used in the polynomial. He suggests using a fingerprint of length four bytes and the degree (one byte) would not be a big overhead. Blummer emphasizes that usability is the biggest obstacle of Bitcoin, not security.Alan Reiner disagrees with Matt Whitlock's decision to omit the parameter M (minimum subset size) from the shares intentionally, as including it would give adversaries vital information. Reiner believes that obfuscating something already considered secure at the expense of usability is not a good tradeoff. He argues that it is more important for users to understand what they have, rather than obfuscating the parameters of the secret sharing to provide a tiny disadvantage to an adversary who gets ahold of one. The fact that it fails silently is all downside, not a benefit. Reiner is concerned about his family having all the information they need to recover the money, rather than an attacker knowing that they need two more fragments, which are already well-secured.
Updated on: 2023-06-08T17:06:03.203118+00:00