Introduce SSS (Shamir's secret sharing) onto Krux

[prepsin]

I reached out to odudex♱ on Twitter about adding this feature in Krux and he suggested to open a discussion on GitHub.

Shamir secret sharing would be a great feature to add to Krux

Take a seed and then split it into a number of 'shares'. Let's say, 3 of 5. So 5 seeds are created and 3 are needed to reassemble the seed. With krux you would be able to 'create' Shamir secrets and reassemble them.

It sits somewhere between having a single seed/encrypted seed and multi-sig.

In reality its securing that storing/reassembling a single seed but less technical/risky to setup true multi-sig (in its current form).

Shamir has a lot of history and predates Bitcoin. I'm sure it also ships with a lot of Linux distributions any way?

Happy to donate some sats for anyone who can introduce it to Krux.

[tadeubas]

I don't like Shamir's secret sharing (SSS) because of the points listed here by Lopp: https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings/

Basically it has:

• Single point of failure
• No sharing revocation
• Complexity
• No default implementation
• Poor auditability

All these problems are solved by multisig, and today Krux already supports multisig! You can see how easy, secure and stable the protocol is, even with multi-vendor devices, as shown here:
https://www.youtube.com/watch?v=JfK2m8ucuxU

Plz @prepsin consider reading the above article by Jameson Lopp and watching the Crypto Guide video to understand why SSS is not a good/safe/protected/standard option as we already have a good/safe/protected/standard way of doing things. things in Bitcoin!

[thedon702]

Benefits of codex32 which uses ssss

• has great a checksum, can detect up to 8 errors, and fix up to 4
• no descriptor needed (big privacy risk with multisig) *note privacy not security
• nobody can know if you're doing a mutli-share or single share transaction on the bitcoin base layer (additional privacy)
• you can setup the the entire ssss setup with a paper computer, which eliminates side channel attacks that was mentioned in the casa article you linked

Single point of failure remains an issue, so i think ssss is intended more for people who want to store their sats for a long time without ever spending it, so only heirs etc would combine the shares to unlock it.

A lot more wallet support is needed.

Check out the codex32 book for additional info.

[prepsin]

Thanks for sending the article over. Whilst I understand the implementation side of things on SSS sounds somewhat more troublesome than first thought, you could also list a number of negatives to go with the pros for multi-sig as well.

[odudex]

My knowledge about it is none, so o don't have an opinion about it yet.
As you mentioned a donation, you could offer a bounty. Krux is a great environment to concretize ideas like this, a bounty could be the missing incentive for someone is waiting to dive into Krux.
(Not saying any implementation would be incorporated on krux, but it would be available somewhere)

[prepsin]

yes I have no issue in donating some sats as a feature request and I would be happy to do that. However taking tadeubas points on board, I think agreeing a default implementation of SSS would be the hardest thing. I need to double check on Tails because I am sure it ships (and has done for some time)

[tadeubas]

Another good article about SSS: https://unchained.com/features/mpc-vs-multisig-vs-sss