You say that Mary is a household cook. Who is she a cook for? Talk to her clients and inform them of her condition. If they have any sanity, they would fire her in a heartbeat. If not, well, anything goes between consenting adults I guess.

I seriously doubt Windows can even be made to run on the likes of BFL's FPGA and ASICs. And nodes aren't exactly scarce - even if nine tenths of them go down in a day the Bitcoin network is basically fine.

Wow, June 2011.

I haven't touched Lojban in a long time, and I can still remember most of those gismu and grammatical structures that I wrote down...

Either I spent way too much time on that thing, or the vocabulary memorization app that I wrote actually works...

Has the Ripple project advanced at all this past year? It seems like such a good idea in theory, it's a shame to see it getting neglected so much.

Very high chance I'll come; if so then I'll be there around 5.

I'm right in Waterloo.

Waterloo would actually be a great place to organize one of these things; there are lots of university people that would probably love to come.

Because voluntarily disclosing your physical identity and location to give people more recourse in case you turn out to be a fraud is a good way to immediately build trust.

"When the industry is finally mature", ASICs are not going to be paying for themselves in two weeks, or even 200 days. They'll approach the same average interest rate as everything else in the Bitcoin economy. So you are actually giving up on a unique opportunity by waiting for things to settle down. But if low risk is what you want, then I guess it is the right option.

'

Biggest? Even if it is, BFL has not nearly had the $7 million in purchases that BTCST was at at its peak. And the double hash rate is perfectly plausible, there are a lot of limiting factors including chip design and heat that can all be tweaked. Doubling the hash rate in 3 months is actually not even faster than the average rate at which Bitcoin mining technology has been improving these past three years.

Nope, Russia has more bitcoin clients per million than pretty much everything outside other, even more extreme, Eastern European countries like Ukraine, and even if you correct for GDP its Bitcoin popularity is (or at least was back in February) nine times higher than expected.

And where in your model go those who simply want to live and let live?

Indeed. Fixed.

If you have a 1-of-2 split, then either part is fine to get you the key.
If you have a 4-of-5 split, then if any two of the five parts are lost you lose access to the key.
If you have a 8-of-11 split, then if any four of the eleven parts are lost you lose access to the key.

Also, there's a new thread now: https://bitcointalk.org/index.php?topic=104086.msg1139496#msg1139496

Here's a donation address.

1P3QJKmn5hUpRw6Xs4ENVoqiDTy9B4k974


Alright then, my code does the modular operation at every step so it should have that exact same effect - so, basically, it does work for above-N keys.

Changed the algorithm as per Casascius's suggestions. See latest commit. No brainwallet implementation yet though - I'll bring that back at some point in the future.

Feel free to look at and browse through the sources of this too: http://bitcoinmagazine.net/the-pirate-saga-and-so-it-ends/

That's actually a really good idea - no need to add any new constants that way. Also, aren't privkeys required to be below N anyway?

Looked up Shamir's scheme again - looks like you're right. The strict definition does require finite fields. I'm no fan of following strict definitions for their own sake, but here using finite fields would actually make sense since that way any keypiece could itself be split into keypieces, allowing a nested hierarchy system.

What do you think about picking a prime between 2^256 and 2^257, preferably one that can easily be defined (ie. you can memorize an algorithm to generate it), and just doing modular arithmetic over the integers below that? It would still support all the features needed for the system I made so far to work (addition, subtraction, multiplication, division), and you are right, it would get rid of the space problem. It would make more room for pieces too - I don't see a reason why we can't lower the upper limit from 2^280 to 2^272 and increase our limit from 15 all the way to 256.

I would have to think a bit about how to implement the brainwallet piece though - my preliminary reasoning on the matter tells me that the algorithm would involve generating the brainwallet piece and then deriving the key from that, so you cannot generate both the key and the brainwallet piece from a seed (which makes sense, keys that you store k-split don't need to have a single backdoor).

Edit: as a modulus, I found two candidates:

1. 2^256 + 1. It's not prime, but its lowest factor is about 1.2 quadrillion, so the algorithm will fail perhaps at most once every 40 trillion attempts.
2. The Woodall prime (https://oeis.org/A002234) 249 * 2^249 - 1. Slightly more complex in form, but with a size between 2^256 and 2^257 it may be just what we need.

Download link: https://github.com/vbuterin/btckeysplit

Donation address: 1P3QJKmn5hUpRw6Xs4ENVoqiDTy9B4k974

This topic came up about two weeks ago on these forums, and I had drafted a standard (which others improved upon) for an algorithm of how to split a private key into an arbitrary n pieces, such that any k (1 <= k <= n) of them could be used to reconstitute the original key. The idea is to make it safer too use offline wallets by maximizing both security against theft and protection against accidental loss by distributing these pieces out to different places all of which are unrelated to each other - if you have a 3-of-5 setup you might keep one at home, another on your computer, a third in a safety deposit box at your bank, a fourth with a friend and a fifth buried in a treasure chest on the beach.

The algorithm is an implementation of Shamir's secret sharing scheme, using modular arithmetic over modulo N (a prime number imperceptibly smaller than 2^256 that is already a core part of the Bitcoin protocol). To understand how it works, in the basic case of k = 2 the algorithm creates a line using the original data as the y-intercept and a randomly chosen value as the slope (eg. is you're encrypting 167, the line might be y = 13x + 167). It then hands out the pieces as points along the line - piece 1 would be (1, 180), piece 2 would be (2,193), etc. Since two points make a line, anyone with access to any two points can recreate the original line and then get back 167 as the secret. For higher k, like 3, 4 or even 12, polynomials are used instead of lines - the coefficients of a quadratic polynomial, for example, can be determined from any three points along the curve.

The maximum number of pieces that it supports so far is 15, although I am considering increasing that to 255 in the future.

Github for the software is available here: https://github.com/vbuterin/btckeysplit. It now includes a command line interface which gives you all of these options - run it by calling python main.py. So please download the software and try it out - generate a key, split a key, split a key with one piece from a seed, reconstitute using various combinations of the pieces that get outputted. I would be glad to accept any suggestions for improvement.

Don't forget the writers