splitting private key in two and giving it to two people

[EuroTrash]

I'm bothering with a way for the people I care the most to be able to recover the bitcoins in case of my demise.

Let's say there are two people I trust the most in my life and let's call them A and B.

What I have come up with at first was to create an offline paper wallet and give the details of it to them.

But that approach is not enough to give me peace of mind because empowering them with full access to my investments still has risks.

E.g. person A's partner might try to convert my BTCs to fiat and buy me real estate with them because he/she worries about my future and holds the belief that this "internet money thing" is too dangerous for me.

Or e.g. person B's partner is not trustworthy enough to me.

It is unlikely that person A and person B or their respective partners will ever join forces, unless in case of my demise.

So I am thinking: what if I split the private key in two, and I give half of it to each person?

To my understanding, with BTC we use 256bit encryption but in reality we only are 128bit secure. So if I split the private key in 2 each party would have to guess 64bit to recover the full key.

Your thoughts?

[TangibleCryptography]

You don't want to cut the key in half.  There are lots of complicated ways to share secrets (some even involving redundancy i.e 3 of 5 key fragments needed to rebuild key) but the simplest way is an XOR.

http://en.wikipedia.org/wiki/Secret_sharing

I will use 16 bit key as an example.

your private key:  1100010111010011
key partA:           0011101011010011
key partB:           1111111100000000

If you XOR (exclusive or) the two key parts you get the full key.

If you have an existing private key you can generate A randomly and then perform an XOR between full key & A to produce B.

Even with their key part the keyholder still can't brute force with any reduced difficulty.  Collusion is always a possibility but you haven't reduced key strength.

[Stephen Gornick]

Your thoughts?

Encrypted paper wallets. 

The encryption key goes to DeadMansSwitch and to some other trusted party.  If this is worth anything of significance you can pay an attorney to hold it and that attorney is bound by the attorney-client privilege to not share any of that information except as directed by you.

The paper wallets go to A and B.

Described here:

So the encrypted paper wallet(s) go to family members.  DeadMansSwitch gets the decryption key, as does the trustee.  From another thread:

I changed the colour to blue for encrypted paper wallets to provide distinction between encrypted/unencrypted paper wallets - a version in the original yellow is included in case you really like yellow, just delete 'note_encrypted.png' and rename 'note_yellow.png' in its place.

This solution (encrypted paper wallets) robably isn't ready for prime time, but give it a few weeks and that will probably become a very good method for offline / long term savings that is secure.