Silk Road forums
Discussion => Security => Topic started by: summer on February 20, 2013, 07:34 pm
-
5 business partners decides to make a bitcoin address as a backup plan, if anything happens any 3 of them will have to be enough to access the account, but none of them must know the full password for the brainwallet.
I think this can be done with Shamir's Secret Sharing Scheme, and a brainwallet, but the partners have to remain anonymous to each other so they can't meet IRL to make the brainwallet and share the secret.
It have to be done in a way that they can remain anonymous, and without involving anyone else (eg. an attorney )
Is there a way to do this?
-
I'm inclined to say yes, by using multi-sig addresses (not very popular, they're a new feature -- a few months old or so -- in the official client). I'm foggy on the specific details of how they work, but basically it's like escrow except you can fuck somebody over. You need two keys to get at the bitcoins, each person has one key. If they don't agree, the coins sit there at the third address forever and nobody gets them.
So you can get fucked over by some childish jerk, or ripped off by somebody who just bails if the scam doesn't work instead of giving you the coins. Something like that. But just the address you would use as the third in a multi-sig configuration, for another multi-sig. Then do it AGAIN with that one, and all of a sudden you have several people and you need the keys of all of them (all? I think all...) to get at the coins.
Like I say, I'm foggy on the details so that may not work. I think it may be the closest you're gonna get though.
-
Thanks, I didn't know about this multi sig feature.
Found this description helpful:
http://bitcoin.stackexchange.com/questions/3718/what-are-multi-signature-transactions
-
5 business partners decides to make a bitcoin address as a backup plan, if anything happens any 3 of them will have to be enough to access the account, but none of them must know the full password for the brainwallet.
I think this can be done with Shamir's Secret Sharing Scheme, and a brainwallet, but the partners have to remain anonymous to each other so they can't meet IRL to make the brainwallet and share the secret.
It have to be done in a way that they can remain anonymous, and without involving anyone else (eg. an attorney )
Is there a way to do this?
Shamir secret sharing doesn't meet all of your requirements. You can use it so that the password is shared over five people, and three of them are required to reconstruct the password. Also, at least one of you will need to know the password to split it up into secret shares in the first place. Also you need to generate the proper keys to know the bitcoin address, thus you need to have a password to use with brainwallet in the first place, and therefor it is obvious that someone will know the password. It can be split up and shared with five people with secret sharing schemes, but yeah one will need to have the ability to know the full thing because it is split up from the whole thing in the first place.
SelfSovereignty gave the best solution I think.
-
The brain wallet's password can be shared between them without anyone knowing the full password, if they can meet and use a computer together.
They meet, get a computer, pull off every HDD, boot from a Live CD, open brainwallet.org and http://point-at-infinity.org/ssss/demo.html or any other site or software capable of the sharing the secret with Shamir's scheme, and go offline at the end.
Then generate a 100 char password (with a software or by typing randomly) for the brainwallet, generate the brainwallet with that password, share the 100 char password with Shamir's sheme, write every share on a CD individually along with the BTC address and reboot.
If none of them is capable of memorizing the 100 char password or taking a picture of it they are OK as far as I can tell.
Am I missing something?
-
No but you changed the parameters of the problem , before you specified that they cannot meet
-
The problem is I can't find a practical way to make this multi-sig transaction happen, because it's not implemented yet in any client.
It have to be scripted somehow but I'm clueless regarding that.
-
Blockchain.info is the only client/service I'm aware of that has implemented support for m-of-n transactions:
https://blockchain.info/wallet/escrow
Not sure if you can chain them together like SS described (they support up to 2-of-3 or 3-of-3 at the moment).