Open GraniteKeep opened 5 years ago
Your thinking sounds correct to me, but I suspect the text was referring not to a thief targeting your keys specifically, but (for example) a residential burglary where a thief steals the contents of a home safe that includes one of your keys. The thief won't have a clue what to do with it, or to whom it belongs, so it's effectively the same as a lost key.
Got it. It's a defence against an opportunistic theft rather than a pre-meditated one.
I'll close this in a couple of days if there's no more input.
Thanks.
The protocol currently states:
"For distributed custody, we recommend a 2-of-5 withdrawal policy. The extra key (5 keys, rather than the recommended 4 keys in Option 1) is recommended since you have less control over whether a signatory effectively protects their key against theft or loss"
I agree that an extra key protects against loss, but I would suggest that it increases the opportunity for theft:
In a m-of-n system, a thief's intention is to procure m of the n keys. As n increases, without a corresponding increase in m, the opportunities the thief has to acquire m keys increases.
As an extreme example:
A 2-of-3 system has a much smaller attack surface than a 2-of-100. 2-of-100 provides excellent contingency for a lost key, but the opportunity for a thief to select the two easiest targets out of 100 is far greater than 2-of-3.
Is my thinking correct?