Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from <decker.christian@gmail.com>) id 1QwhVw-0005ED-TP for bitcoin-development@lists.sourceforge.net; Thu, 25 Aug 2011 21:31:04 +0000 Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.216.182 as permitted sender) client-ip=209.85.216.182; envelope-from=decker.christian@gmail.com; helo=mail-qy0-f182.google.com; Received: from mail-qy0-f182.google.com ([209.85.216.182]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1QwhVw-0005Su-76 for bitcoin-development@lists.sourceforge.net; Thu, 25 Aug 2011 21:31:04 +0000 Received: by qyk9 with SMTP id 9so2225647qyk.13 for <bitcoin-development@lists.sourceforge.net>; Thu, 25 Aug 2011 14:30:58 -0700 (PDT) MIME-Version: 1.0 Received: by 10.142.238.8 with SMTP id l8mr100140wfh.337.1314307858516; Thu, 25 Aug 2011 14:30:58 -0700 (PDT) Received: by 10.68.54.163 with HTTP; Thu, 25 Aug 2011 14:30:56 -0700 (PDT) Received: by 10.68.54.163 with HTTP; Thu, 25 Aug 2011 14:30:56 -0700 (PDT) In-Reply-To: <CAAS2fgSwkvcpFTUAAEdXg2upGTXfToztS_bKfUNbUGcvRJ9xOQ@mail.gmail.com> References: <CABsx9T1uw43JuvhEmJP0KCyojsDi1r7v6BaLBHz7wWazduE5iw@mail.gmail.com> <CALxbBHXAcRse9YE-evKNmDut684vjkUMHkbx+8E+aTNT5wMg5A@mail.gmail.com> <CAAS2fgSwkvcpFTUAAEdXg2upGTXfToztS_bKfUNbUGcvRJ9xOQ@mail.gmail.com> Date: Thu, 25 Aug 2011 23:30:56 +0200 Message-ID: <CALxbBHWYg_OmPcNnckAyRM_rsaeWkUWwQCA=ZLFPuUWCRKiyKQ@mail.gmail.com> From: Christian Decker <decker.christian@gmail.com> To: Bitcoin Dev <bitcoin-development@lists.sourceforge.net> Content-Type: multipart/alternative; boundary=000e0cd23ecc084ad504ab5b255d X-Spam-Score: -0.1 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (decker.christian[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.5 AWL AWL: From: address is in the auto white-list X-Headers-End: 1QwhVw-0005Su-76 Subject: Re: [Bitcoin-development] New standard transaction types: time to schedule a blockchain split? X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: <bitcoin-development.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development> List-Post: <mailto:bitcoin-development@lists.sourceforge.net> List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>, <mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe> X-List-Received-Date: Thu, 25 Aug 2011 21:31:05 -0000 --000e0cd23ecc084ad504ab5b255d Content-Type: text/plain; charset=ISO-8859-1 If I remember the details correctly you could combine (lagrange interpolation) the results of m smaller encryptions/signatures without ever sharing the secret key share itself. No idea if that is possible with ecdsa at all, but it sure would solve quite a few problems, as it would allow several independent servers to share a secret key, sign transactions with it, but no m-1 compromised machines would endanger the whole balance. I will definitely look into it when I'm back from holidays. Cheers, Cdecker On Aug 24, 2011 9:29 PM, "Gregory Maxwell" <gmaxwell@gmail.com> wrote: > On Wed, Aug 24, 2011 at 3:05 PM, Christian Decker > <decker.christian@gmail.com> wrote: >> we could add an rsa-like scheme which allows m-out-of-n signatures. It works >> by distributing shares of the key which are points on a curve having the >> actual key as 0-value. It does not require special length for the key so if >> ecdsa allows something similar there need not be anything changed. > > This works fine for ECC. But it requires that the composite key > signer has simultaneous access to all the key-parts, so it doesn't > solve the "my PC has malware" problem. --000e0cd23ecc084ad504ab5b255d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <p>If I remember the details correctly you could combine (lagrange interpol= ation) the results of m smaller encryptions/signatures without ever sharing= the secret key share itself. No idea if that is possible with ecdsa at all= , but it sure would solve quite a few problems, as it would allow several i= ndependent servers to share a secret key, sign transactions with it, but no= m-1 compromised machines would endanger the whole balance.<br> I will definitely look into it when I'm back from holidays.</p> <p>Cheers,<br> Cdecker</p> <div class=3D"gmail_quote">On Aug 24, 2011 9:29 PM, "Gregory Maxwell&q= uot; <<a href=3D"mailto:gmaxwell@gmail.com">gmaxwell@gmail.com</a>> w= rote:<br type=3D"attribution">> On Wed, Aug 24, 2011 at 3:05 PM, Christi= an Decker<br> > <<a href=3D"mailto:decker.christian@gmail.com">decker.christian@gma= il.com</a>> wrote:<br>>> we could add an rsa-like scheme which all= ows m-out-of-n signatures. It works<br>>> by distributing shares of t= he key which are points on a curve having the<br> >> actual key as 0-value. It does not require special length for the = key so if<br>>> ecdsa allows something similar there need not be anyt= hing changed.<br>> <br>> This works fine for ECC. But it requires th= at the composite key<br> > signer has simultaneous access to all the key-parts, so it doesn't= <br>> solve the "my PC has malware" problem.<br></div> --000e0cd23ecc084ad504ab5b255d--