Gregory Maxwell [ARCHIVE] on Nostr: π Original date posted:2014-04-04 π Original message:On Fri, Apr 4, 2014 at ...
π
Original date posted:2014-04-04
π Original message:On Fri, Apr 4, 2014 at 6:51 AM, Nikita Schmidt
<nikita at megiontechnologies.com> wrote:
> Fair enough. Although I would have chosen the field order (p) simply
> because that's how all arithmetic already works in bitcoin. One field
> for everybody. It's also very close to 2^256, although still smaller
> than your maximum prime. Now of course with different bit lengths we
> have to pick one consistency over others.
Operation mod the group order is how secret keys must be combined in
type-2 private derivation for BIP-32. It's also absolutely essential
if you want to build a secret sharing scheme in which the shares are
usable for threshold ECDSA.
I still repeat my concern that any private key secret sharing scheme
really ought to be compatible with threshold ECDSA, otherwise we're
just going to have another redundant specification.
π Original message:On Fri, Apr 4, 2014 at 6:51 AM, Nikita Schmidt
<nikita at megiontechnologies.com> wrote:
> Fair enough. Although I would have chosen the field order (p) simply
> because that's how all arithmetic already works in bitcoin. One field
> for everybody. It's also very close to 2^256, although still smaller
> than your maximum prime. Now of course with different bit lengths we
> have to pick one consistency over others.
Operation mod the group order is how secret keys must be combined in
type-2 private derivation for BIP-32. It's also absolutely essential
if you want to build a secret sharing scheme in which the shares are
usable for threshold ECDSA.
I still repeat my concern that any private key secret sharing scheme
really ought to be compatible with threshold ECDSA, otherwise we're
just going to have another redundant specification.