If I remember the details correctly you could combine (lagrange
interpolation) the results of m smaller encryptions/signatures without ever
sharing the secret key share itself. No idea if that is possible with ecdsa
at all, but it sure would solve quite a few problems, as it would allow
several independent servers to share a secret key, sign transactions with
it, but no m-1 compromised machines would endanger the whole balance.
I will definitely look into it when I'm back from holidays.
Cheers,
Cdecker
On Aug 24, 2011 9:29 PM, "Gregory Maxwell" <gmaxw...@gmail.com> wrote:
> On Wed, Aug 24, 2011 at 3:05 PM, Christian Decker
> <decker.christ...@gmail.com> wrote:
>> we could add an rsa-like scheme which allows m-out-of-n signatures. It
works
>> by distributing shares of the key which are points on a curve having the
>> actual key as 0-value. It does not require special length for the key so
if
>> ecdsa allows something similar there need not be anything changed.
>
> This works fine for ECC. But it requires that the composite key
> signer has simultaneous access to all the key-parts, so it doesn't
> solve the "my PC has malware" problem.
------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management
Up to 160% more powerful than alternatives and 25% more efficient.
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
