Thanks for looking! Any and all feedback is greatly appreciated :).īackground: As an Ethereum user, I’m concerned that the BIP-39 mnemonic backup of my wallet is a single point of failure. Summarizing current state and open questions: I think it is important that the shares are valid BIP-39 mnemonics, indistinguishable from any others, to hide the fact that there may be something greater behind it. Maybe then, the original solution where the initial BIP-39 is first converted to entropy is better? I might be missing something here, please correct me if I’m wrong.Īlternatively, if we decided that we didn’t really care that the shares were valid BIP-39 mnemonics, we could use the space where the checksum is to store the share id, avoiding the need to store any data outside the mnemonic. So, did we gain anything by using GF(2048)? We’d still need to convert to hex at some point to create a valid BIP-39. But, at that point, we’d need to convert the share mnemonic to hex to calculate the SHA256 to get the checksum. We could instead convert the entropy portion of the mnemonic to shares and calculate the checksum from for each share to recreate a valid BIP-39. By naively converting the mnemonic to shares, word for word, the shares would no longer be valid BIP-39’s. In my haste, I neglected that, originally, the shares were also valid BIP-39 mnemonics. I’ve been following several implementations closely in this, but am probably a bit over my head in math notation and finite field arithmetic, so any feedback on how to specify it more accurately is greatly appreciated. While I was able to find related standards (like SLIP-0039), I wasn’t able to find something that would work for this case exactly (though I’m open to suggestions and may have missed something obvious), so went about drafting a new standard. Ideally, the algorithm would follow a known standard, to ensure recovery some point down the road.Ideally, the shares would be mnemonics (they were hex strings initially).I got two pieces of feedback on the initial prototype: What’s the polynomial modulus that you are using? Although the various 256-element fields are all isomorphic, I think you still need to pick one to get consistent answers.Ī little background: This started as a UI-focused project to make it easier to interact with existing implementations of Shamir’s.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |