onvej-sl
commented
6 years ago I went through Shamir39 by iancoleman. There is a significant difference between our approaches. SLIP39 is supposed to substitute BIP39 whereas Shamir39 works in cooperation with BIP39.
The reason we use 10-bit words instead of 11-bit ones is we want the dictionary to meet some criteria (e.g. all words are commonly used, all words have unique 4-letter prefix, no word is shorter than 4 letters and longer than 8 letters).
In my opinion allowing more than 32 shares isn't necessary for practical use.
Padding is a natural way to get rid of the ambiguity. We will definitely consider it. The disadvantage of a padding is that it is always at least one bit long. Which means that in our case 128-bit seed becomes one word longer.
rkagerer
prusnak
I came accross other approach of standardizing Shamir's secret sharing for use in bitcoin. I think in context of Bitcoin several points could be worth mentioning:
I'd also find quite nice, if the mapping message <-> shares were unambiguous for any message, not just BIP39 enthropy, so I thought some smarter padding could be used, e. g. append '1' and bunch of zeros to fill the word. If 11-bit words were used (using (2) from above), than any standard BIP39 enthropy length (3, 6, 9, 12, 15, 18, 21 or 24 mnemonic words) inside share won't fill whole last word (30 mnemonic phrases would fill), so no additional dummy block will be needed. On the other hand, if somebody wanted to use this technique for any other purpose, it would work unambiguously. In worst case additional dummy word would be appended (|1000 0000 000|bin)
In case those remarks have not been implemented on purpose, please, is there some reference to that discussion? I'd like to see pros and cons of why this particular design has been used.