On Sat, Mar 29, 2014 at 10:38 AM, Matt Whitlock <b...@mattwhitlock.name> wrote: > But can threshold ECDSA work with BIP32?
Yes. >In other words, can a threshold ECDSA public key be generated from separate, >precomputed private keys, No. > can it only be generated interactively? Yes. But see the first question. Basically you can do an interactive step to generate a master pubkey and then use BIP32 non-hardened derivation to build thresholded children. On Sat, Mar 29, 2014 at 10:42 AM, Matt Whitlock <b...@mattwhitlock.name> wrote: > Respectfully, it's also possible to take a base58-encoded private key and run > it through GPG, which is included in most Linux distros. But yet we have > BIP38. BIP38 is a bad example (because it was created without public discussion due to a technical snafu). In this case I don't see anything wrong with specifying secret sharing, but I think— if possible— it should be carefully constructed so that the same polynomials and interpolation code can be used for threshold signatures (when encoding compatible data). If it requires entirely different code than the code for threshold signing it might as well be a file generic tool like SSSS. ------------------------------------------------------------------------------ _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development