slip-0039: it's SSS not SSSS

04647bfa · Pavol Rusnak · 63ab98b7 · 04647bfa · 04647bfa
Unverified Commit 04647bfa authored Jan 09, 2018 by Pavol Rusnak
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 17 deletions

README.md README.md +1 -1

slip-0039.md slip-0039.md +16 -16

No files found.
--- a/README.md
+++ b/README.md
@@ -24,7 +24,7 @@ Each SLIP should provide a concise technical specification of the feature and a
 | [SLIP-0017](slip-0017.md) | Elliptic Curve Diffie-Hellman using deterministic hierarchy           | Standard      | Draft    |
 | [SLIP-0018](slip-0018.md) | reserved                                                              | Standard      | Draft    |
 | [SLIP-0032](slip-0032.md) | Extended serialization format for BIP-32 wallets                      | Standard      | Draft    |
-| [SLIP-0039](slip-0039.md) | Shamir's Secret-Sharing Scheme for Mnemonic Codes                     | Standard      | Draft    |
+| [SLIP-0039](slip-0039.md) | Shamir's Secret-Sharing for Mnemonic Codes                            | Standard      | Draft    |
 | [SLIP-0044](slip-0044.md) | Registered coin types for BIP-0044                                    | Standard      | Draft    |
 | [SLIP-0048](slip-0048.md) | Deterministic key hierarchy for Graphene-based networks               | Informational | Draft    |
 | [SLIP-0173](slip-0173.md) | Registered human-readable parts for BIP-0173                          | Standard      | Draft    |

--- a/slip-0039.md
+++ b/slip-0039.md
-# SLIP-0039 : Shamir's Secret-Sharing Scheme for Mnemonic Codes
+# SLIP-0039 : Shamir's Secret-Sharing for Mnemonic Codes

 ```
 Number:  SLIP-0039
-Title:   Shamir's Secret-Sharing Scheme for Mnemonic Codes
+Title:   Shamir's Secret-Sharing for Mnemonic Codes
 Type:    Standard
 Status:  Draft
 Authors: Pavol Rusnak <stick@satoshilabs.com>
@@ -15,19 +15,19 @@ Created: 2017-12-18

 ## Abstract

-This SLIP describes a standard and interoperable implementation of Shamir's secret-sharing scheme (SSSS), which is a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part, where some of the parts or all of them are needed in order to reconstruct the secret.
+This SLIP describes a standard and interoperable implementation of Shamir's secret-sharing (SSS), which is a form of secret sharing, where a secret is divided into parts, giving each participant its own unique part, where some of the parts or all of them are needed in order to reconstruct the secret.

 ## Motivation

-Preservation of digital assets is generally important and it is especially important in the case of decentralized payments systems such as Bitcoin, where there is no recourse in the case of loss of an asset. The usual approach to protecting digital assets is redundant backups, but when the asset itself is a valuable capability, there is a substantial risk of the backup holder absconding with the asset. Shamir's secret-sharing scheme provides a better mechanism for replicating secrets without  giving the capability to the backup holder.
+Preservation of digital assets is generally important and it is especially important in the case of decentralized payments systems such as Bitcoin, where there is no recourse in the case of loss of an asset. The usual approach to protecting digital assets is redundant backups, but when the asset itself is a valuable capability, there is a substantial risk of the backup holder absconding with the asset. Shamir's secret-sharing provides a better mechanism for replicating secrets without  giving the capability to the backup holder.

-However, SSSS is not standardized today, making it possible for a future secret recovery to be put in jeopardy if the tools have changed. Therefore, we propose standardizing SSSS so that SLIP-0039 compatible implementations will be interoperable.
+However, SSS is not standardized today, making it possible for a future secret recovery to be put in jeopardy if the tools have changed. Therefore, we propose standardizing SSS so that SLIP-0039 compatible implementations will be interoperable.

-## Shamir's secret-sharing scheme
+## Shamir's secret-sharing

-Shamir's secret-sharing scheme (SSSS) is a cryptographic mechanism how to divide a secret into `N` unique parts, where `M` of them are required to reconstruct the secret. First, a polynomial of `N-1` degree is constructed and each party is given a corresponding point - a non-zero integer input to the polynomial and the corresponding output.
+Shamir's secret-sharing (SSS) is a cryptographic mechanism how to divide a secret into `N` unique parts, where `M` of them are required to reconstruct the secret. First, a polynomial of `N-1` degree is constructed and each party is given a corresponding point - a non-zero integer input to the polynomial and the corresponding output.

-In case sufficient `M` values are provided the points exactly define the polynomial. The polynomial's value of `f(0) = S` corresponds to the master secret. You may read more on SSSS on [Wikipedia](https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing).
+In case sufficient `M` values are provided the points exactly define the polynomial. The polynomial's value of `f(0) = S` corresponds to the master secret. You may read more on SSS on [Wikipedia](https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing).

 ![curve](slip-0039/curve.png)

@@ -40,10 +40,10 @@ The value to be encoded as the master secret must be a multiple of 8 bits. This

 From this value, every byte is mapped to the specified field in a little-endian fashion (i.e. the first bit maps to `a_7`, the last bit maps to `a_0`). For each such field element, `N`-share field elements are generated and mapped back to bytes. Each participating party receives the following data:

-| 5-bit index | 5-bit M threshold | variable-bit SSSS part | 16-bit checksum |
-|-------------|-------------------|------------------------|-----------------|
+| 5-bit index | 5-bit M threshold | variable-bit SSS part | 16-bit checksum |
+|-------------|-------------------|-----------------------|-----------------|

-The index corresponds to the SSSS part's `x` value (see the diagram above) and the SSSS part is the corresponding `y` value.
+The index corresponds to the SSS part's `x` value (see the diagram above) and the SSS part is the corresponding `y` value.

 Index and threshold are encoding using the following scheme (convert from bits to decimal and add 1):

@@ -57,14 +57,14 @@ Index and threshold are encoding using the following scheme (convert from bits t
 | 11110       | 31                    |
 | 11111       | 32                    |

-The checksum field is a checksum of the whole share (i.e. index, threshold, SSSS part).
+The checksum field is a checksum of the whole share (i.e. index, threshold, SSS part).

 This structure is then converted into a mnemonic passphrase by splitting it up by 10 bits which correspond as an index to the a word list containing exactly 1024 words (see below).

-| master secret | SSSS part | share length           |
-|---------------|-----------|------------------------|
-| 128 bits      | 144 bits  | 170 bits = 17 words    |
-| 256 bits      | 272 bits  | 298 bits = 30 words    |
+| master secret | SSS part | share length           |
+|---------------|----------|------------------------|
+| 128 bits      | 144 bits | 170 bits = 17 words    |
+| 256 bits      | 272 bits | 298 bits = 30 words    |

 The selection of 5-bit sizes for index/threshold values and 10-bit for wordlist index has a nice property that the first word of the mnemonic encodes exactly these two values. And, vice versa, only these two values determine the first word.