Published on: 2018-09-26T13:44:16+00:00
Andrew Kozlik, a member of the TREZOR team, has proposed a new specification for splitting BIP-32 master seeds into multiple mnemonics using Shamir's secret sharing (SSS) scheme. Ignacio Berrozpe, who previously proposed a similar concept of splitting Bitcoin private keys into shares using BIP-0039 mnemonic words, commented on Kozlik's proposal. He suggested standardizing the encoding format, splitting the pre-master secret into shares, and deriving the master secret from the pre-master secret under the same proposal. Berrozpe also raised concerns about migrating existing legacy private keys encoded into BIP-0039 or stored in other formats securely into an encoded SSS shares schema.Kozlik responded that their intention is to standardize the encoding format, split the pre-master secret into shares, and derive the master secret from the pre-master secret in a single document. However, only one of the four proposed master secret derivation functions will be selected for the final version. Kozlik also mentioned that three of the four proposed master secret derivation functions are symmetric, allowing users to migrate any existing master secret, including a BIP-0039 mnemonic, to the new scheme.A developer is currently working on a specification for splitting BIP-32 master seeds into multiple mnemonics using Shamir's secret sharing scheme and seeks feedback from the Bitcoin development community. The developer specifically requests input on the "Master secret derivation functions" section of the document, which proposes various solutions. Although some technical details have yet to be fully specified, they will be completed once the high-level design is settled. Christopher Allen expressed interest in the proposal, as it relates to his previous work on improving mnemonic word lists. He posed several questions regarding the design of the scheme, including discussions on standardizing a Shamir Secret Sharing Scheme and mitigating adversarial problems associated with recovery of a SSS.Ignacio Berrozpe reached out to Andrew Kozlik via bitcoin-dev to comment on the proposal for splitting BIP-32 master seeds into multiple mnemonics using Shamir's secret sharing scheme. Berrozpe suggested that hardware wallet providers like Trezor could offer a more secure alternative to existing BIP-0039 private key backups by utilizing SSS shares encoded directly with BIP-0039 mnemonics. He asked Kozlik if he planned to standardize different topics under the same proposal and how to deal with existing legacy private keys already encoded into BIP-0039 or stored in other formats securely migrating them into an encoded SSS shares schema. Kozlik responded by sharing the high-level design of the new specification and seeking feedback, particularly on the "Master secret derivation functions" section. Kozlik acknowledged that some technical details are yet to be specified but assured they would be completed once the high-level design is finalized. The document is still a work in progress, and Kozlik is interested in receiving input from the community.A new specification is being developed for splitting BIP-32 master seeds into multiple mnemonics using Shamir's secret sharing scheme. The developer is seeking feedback on the design, specifically on the "Master secret derivation functions" section, which proposes different solutions. The document is currently a work in progress, and once the high-level design is settled, the remaining technical details will be specified. Christopher Allen and various companies and communities have shown interest in the proposal. Allen has raised questions about standardizing a Shamir Secret Sharing Scheme and suggested incorporating the Lightning Network community's ability to have a birthday in the seed. Additionally, he proposed using a filtered word list inspired by iambic pentameter poetry for improved memorability.The development of a new specification for splitting BIP-32 master seeds into multiple mnemonics using Shamir's secret sharing scheme is underway. The document, available on Github, seeks feedback from the community, with a focus on the "Master secret derivation functions" section. Various companies and communities, including #RebootingWebOfTrust, have expressed interest in standardizing the Shamir Secret Sharing Scheme. Discussions can be held on the mailing list or issues in the SLIPS repo. Potential adversarial problems during recovery of a SSS, such as impersonation and MitM attacks causing potential DOS attacks, should be considered. The Lightning Network community has added the ability to have a birthday in the seed for improved scanning of the blockchain for keys. Chris Vickery's work on mnemonic word lists, including an iambic pentameter poetry-inspired word list filtered for memorability, can be incorporated into the criteria for replication.
Updated on: 2023-08-01T23:54:21.912176+00:00