|
March 28, 2013, 09:37:52 AM |
|
you could use P2SH or Shamir's secret sharing but those are probably a bit heavyweight. A lighter weight solution that you can just do with your calculator, but requires more storage (3 c 5 = 10x256bits) would be in this case:
Generate a random 256 bit key for each of the participants.
Go through all the permutations of how you wish the unlock to happen - e.g. in your case there are ten combinations:
{a,b,c} {a,b,d} {a,b,e} {a,c,d} {a,c,e} {a,d,e} {b,c,d} {b,c,e} {b,d,e} {c,d,e}
and XOR the keys against each other e.g. for A, B and C to unlock you generate K(A|B|C). Then XOR each of these generated intermediate with the master private key you wish to secure (obtain the bitcoin private key from dumprivkey RPC command, then convert to raw 256bit value). You will end up with ten, 256 bit values which you then publish to all participants, or on a website (it can be public).
EDIT: in fact, you should put the intermediate keys through a SHA256 hash before XORing with the bitcoin private key - this avoids a depth attack where you can just XOR the public values against each other to leak information. Sorry. Now when three participants wish to decode the public key, they XOR their three secrets with each other along with the correct value from the public intermediate list, and this recovers the private key.
Will
|