2 of 3 transaction realized by Shared Secret Phrase vs Multisig

[abstream]

Guys,

if you need  2 of 3 authorized transaction , the conventional way would be to use 2 of 3 multisig, right?
what about BrainWallet with shared secret ? Consider the following situation:

party1 - holds the first half of the passphrase
center - holds the second part of the passphrase
party2 - holds , again the first half of the passphrase

For obvious reasons party1 and party2 cannot access the funds without the center.
Once the center(arbitrator) decides where the money should go, it will give it's half of the passphrase to the corresponding party.

 The solution is simple and secure as long as the center make sure that it's half of the passphrase is secure enough(random seed generation,long enough, special symbols, etc)
How does this solution related to the multisig transactions in terms of security?

regards.

[turvarya]

So, you have a 2 of 2 Multisig and give one sig to 2 people.
That is not a good security concept.

[abstream]

So, you have a 2 of 2 Multisig and give one sig to 2 people.
That is not a good security concept.

Hello,

could you elaborate, where is the security hole and in which situation(motivation) is it present?

[turvarya]

So, you have a 2 of 2 Multisig and give one sig to 2 people.
That is not a good security concept.

Hello,

could you elaborate, where is the security hole and in which situation(motivation) is it present?

center-person dies, nobody get's his Bitcoin or center person blackmails you.
The arbitrator can still be a fool player.
The concept of the arbitrator is, that you just need him, when there is a problem, not that he can fuck up the whole transaction when ever he wants.

[abstream]

So, you have a 2 of 2 Multisig and give one sig to 2 people.
That is not a good security concept.

Hello,

could you elaborate, where is the security hole and in which situation(motivation) is it present?

center-person dies, nobody get's his Bitcoin or center person blackmails you.
The arbitrator can still be a fool player.
The concept of the arbitrator is, that you just need him, when there is a problem, not that he can fuck up the whole transaction when ever he wants.

Correct, I had to mention that there are sharing secret algorithms used to share the secret within N people with the possibility of the secret to be reconstructed with K parties,
e.g. http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

If that one is accomplished, would it be less secure than multisig?

[turvarya]

So, you have a 2 of 2 Multisig and give one sig to 2 people.
That is not a good security concept.

Hello,

could you elaborate, where is the security hole and in which situation(motivation) is it present?

center-person dies, nobody get's his Bitcoin or center person blackmails you.
The arbitrator can still be a fool player.
The concept of the arbitrator is, that you just need him, when there is a problem, not that he can fuck up the whole transaction when ever he wants.

Correct, I had to mention that there are sharing secret algorithms used to share the secret within N people with the possibility of the secret to be reconstructed with K parties,
e.g. http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

If that one is accomplished, would it be less secure than multisig?

Maybe I am wrong, but is Shamir's_Secret_Sharing and Multisig not the same thing?

[hhanh00]

Not the same thing. Shared Secret => you don't pick the value, it's calculated. Multi sig, you bring your own key. The later is more flexible but requires native support.

[abstream]

So, you have a 2 of 2 Multisig and give one sig to 2 people.
That is not a good security concept.

Hello,

could you elaborate, where is the security hole and in which situation(motivation) is it present?

center-person dies, nobody get's his Bitcoin or center person blackmails you.
The arbitrator can still be a fool player.
The concept of the arbitrator is, that you just need him, when there is a problem, not that he can fuck up the whole transaction when ever he wants.

Correct, I had to mention that there are sharing secret algorithms used to share the secret within N people with the possibility of the secret to be reconstructed with K parties,
e.g. http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

If that one is accomplished, would it be less secure than multisig?

Maybe I am wrong, but is Shamir's_Secret_Sharing and Multisig not the same thing?

Hmmm could be, in a very deep technical level...I was just thinking that sharing a secret could be easier in terms of technical implementation vs multisig...but there is another inherited problem - the center needs the whole secret in order to generate the private key and the bitcoin address, right?

https://brainwallet.github.io

the other parties needs to trust the center - that it will split the secret according to the publicly announce  algorithm and will hold only it's part ....from security point of view the center would be motivated to do so....if you accept preliminary that the center is trusted )

[abstream]

Not the same thing. Shared Secret => you don't pick the value, it's calculated. Multi sig, you bring your own key. The later is more flexible but requires native support.

I am trying to find a solution that is feasible to be implemented for bitcoin and all derived coins (bip32 wallets)

[turvarya]

So, you have a 2 of 2 Multisig and give one sig to 2 people.
That is not a good security concept.

Hello,

could you elaborate, where is the security hole and in which situation(motivation) is it present?

center-person dies, nobody get's his Bitcoin or center person blackmails you.
The arbitrator can still be a fool player.
The concept of the arbitrator is, that you just need him, when there is a problem, not that he can fuck up the whole transaction when ever he wants.

Correct, I had to mention that there are sharing secret algorithms used to share the secret within N people with the possibility of the secret to be reconstructed with K parties,
e.g. http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

If that one is accomplished, would it be less secure than multisig?

Maybe I am wrong, but is Shamir's_Secret_Sharing and Multisig not the same thing?

Hmmm could be, in a very deep technical level...I was just thinking that sharing a secret could be easier in terms of technical implementation vs multisig...but there is another inherited problem - the center needs the whole secret in order to generate the private key and the bitcoin address, right?

https://brainwallet.github.io

the other parties needs to trust the center - that it will split the secret according to the publicly announce  algorithm and will hold only it's part ....from security point of view the center would be motivated to do so....if you accept preliminary that the center is trusted )

As far as I understand it, you could use brain wallet or something likely to generate your private keys and than just use the Multisig logic with this private keys.
Trusting a centralized party is exactly what most people on this forum will tell you not to do.

[abstream]

So, you have a 2 of 2 Multisig and give one sig to 2 people.
That is not a good security concept.

Hello,

could you elaborate, where is the security hole and in which situation(motivation) is it present?

center-person dies, nobody get's his Bitcoin or center person blackmails you.
The arbitrator can still be a fool player.
The concept of the arbitrator is, that you just need him, when there is a problem, not that he can fuck up the whole transaction when ever he wants.

Correct, I had to mention that there are sharing secret algorithms used to share the secret within N people with the possibility of the secret to be reconstructed with K parties,
e.g. http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

If that one is accomplished, would it be less secure than multisig?

Maybe I am wrong, but is Shamir's_Secret_Sharing and Multisig not the same thing?

Hmmm could be, in a very deep technical level...I was just thinking that sharing a secret could be easier in terms of technical implementation vs multisig...but there is another inherited problem - the center needs the whole secret in order to generate the private key and the bitcoin address, right?

https://brainwallet.github.io

the other parties needs to trust the center - that it will split the secret according to the publicly announce  algorithm and will hold only it's part ....from security point of view the center would be motivated to do so....if you accept preliminary that the center is trusted )

As far as I understand it, you could use brain wallet or something likely to generate your private keys and than just use the Multisig logic with this private keys.
Trusting a centralized party is exactly what most people on this forum will tell you not to do.

I would like to make it trustless, but the problem is that the creator of either the shared secret scheme or the multisig transaction would know all the relevant parts...
have a look at this multisig tool:

http://ms-brainwallet.org/

Ok it creates the 3 private keys in a 2 of 3 scheme but they are presented to 1 party at once right? How would you do it in a matter that all the 3 parties independently and securely receive the private keys? How do you hide the 2 keys from the creator of the multisig address?

[abstream]

So, you have a 2 of 2 Multisig and give one sig to 2 people.
That is not a good security concept.

Hello,

could you elaborate, where is the security hole and in which situation(motivation) is it present?

center-person dies, nobody get's his Bitcoin or center person blackmails you.
The arbitrator can still be a fool player.
The concept of the arbitrator is, that you just need him, when there is a problem, not that he can fuck up the whole transaction when ever he wants.

Correct, I had to mention that there are sharing secret algorithms used to share the secret within N people with the possibility of the secret to be reconstructed with K parties,
e.g. http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing

If that one is accomplished, would it be less secure than multisig?

Maybe I am wrong, but is Shamir's_Secret_Sharing and Multisig not the same thing?

Hmmm could be, in a very deep technical level...I was just thinking that sharing a secret could be easier in terms of technical implementation vs multisig...but there is another inherited problem - the center needs the whole secret in order to generate the private key and the bitcoin address, right?

https://brainwallet.github.io

the other parties needs to trust the center - that it will split the secret according to the publicly announce  algorithm and will hold only it's part ....from security point of view the center would be motivated to do so....if you accept preliminary that the center is trusted )

As far as I understand it, you could use brain wallet or something likely to generate your private keys and than just use the Multisig logic with this private keys.
Trusting a centralized party is exactly what most people on this forum will tell you not to do.

I would like to make it trustless, but the problem is that the creator of either the shared secret scheme or the multisig transaction would know all the relevant parts...
have a look at this multisig tool:

http://ms-brainwallet.org/

Ok it creates the 3 private keys in a 2 of 3 scheme but they are presented to 1 party at once right? How would you do it in a matter that all the 3 parties independently and securely receive the private keys? How do you hide the 2 keys from the creator of the multisig address?

Well, the tool above is actually using 3 public keys, generating a transaction to be broadcasted