BIP93: correct threshold range #2023

pull Lil-Duckling-22 wants to merge 2 commits into bitcoin:master from Lil-Duckling-22:fix/threshold-description-consistency changing 1 files +5 −5
  1. Lil-Duckling-22 commented at 11:50 am on October 29, 2025: none

    Update Abstract to align with specification: threshold can be 0 for unshared secret or 2-9 for shares.

    Apparently previous “between 1 and 9” range appears inconsistent with the detailed spec (threshold=1 isn’t valid in codex32).

  2. Update bip-0093.mediawiki 91bbe04242
  3. jonatack renamed this:
    fix: correct threshold range in Abstract section
    BIP93: correct threshold range
    on Oct 29, 2025
  4. in bip-0093.mediawiki:23 in 91bbe04242 
    19@@ -20,7 +20,7 @@ This document describes a standard for backing up and restoring the master seed
20 [https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki BIP-0032] hierarchical deterministic wallet, using Shamir's secret sharing.
21 It includes an encoding format, a BCH error-correcting checksum, and algorithms for share generation and secret recovery.
22 Secret data can be split into up to 31 shares.
23-A minimum threshold of shares, which can be between 1 and 9, is needed to recover the secret, whereas without sufficient shares, no information about the secret is recoverable.
24+A minimum threshold of shares, which can be 0 (for unshared secret) or between 2 and 9 (for shares), is needed to recover the secret, whereas without sufficient shares, no information about the secret is recoverable.
    jonatack commented at 7:59 pm on November 4, 2025:

    Not sure about this change.

    The current abstract states “between 1 and 9” for what “is needed to recover the secret”.

    And the Recovering Master Seed section stipulates: “The first character of the data part indicates the threshold of the share, and it is required to be a non-“0” digit.”

    So these two excerpts seem to concur? Perhaps it could be clearer.

    cc @apoelstra for feedback

    BenWestgate commented at 12:37 pm on November 6, 2025:

    It’s correct as it is.

    Threshold is a value 1 through 9 and refers to the number of strings needed to recover the seed.

    k is the literal first numeric character of the bech32 data so it cannot be “1” even if the threshold is 1. “0” is recommended for unshared secrets (threshold 1) although any numeric value is allowed as it is ignored when share_idx = "s".

    Whether it is clear or not is another matter. You’d have to read the body to know these details so I think the abstract is fine. There may be some conflation of “threshold” with “threshold digit” which is called k in the codex book and many reference implementations, which is what lead you to opening this PR.

  5. jonatack added the label Proposed BIP modification on Nov 4, 2025
  6. jonatack added the label Pending acceptance on Nov 4, 2025
  7. BenWestgate commented at 12:48 pm on November 6, 2025: none

    They call the threshold parameter k in the codex book but used t or threshold in this BIP.

    I can see how this might be confusing.

  8. jonatack added the label PR Author action required on Nov 6, 2025
  9. Update bip-0093.mediawiki affbe854f3
  10. Lil-Duckling-22 requested review from BenWestgate on Nov 6, 2025
  11. Lil-Duckling-22 commented at 7:42 pm on November 6, 2025: none

    Thanks for the review and giving a justified correction!

    Is this closer to what you suggested?

  12. in bip-0093.mediawiki:70 in affbe854f3 
    66@@ -67,8 +67,8 @@ It reuses the base-32 character set from BIP-0173, and consists of:
67 * A human-readable part, which is the string "ms" (or "MS").
68 * A separator, which is always "1".
69 * A data part which is in turn subdivided into:
70-** A threshold parameter, which MUST be a single digit between "2" and "9", or the digit "0".
71-*** If the threshold parameter is "0" then the share index, defined below, MUST have a value of "s" (or "S").
72+** A threshold digit (also called ''k'' in the codex book), which MUST be a single digit between "2" and "9", or the digit "0". This digit encodes the threshold (the number of shares required for recovery), where threshold 1 is encoded as "0" for unshared secrets, and thresholds 2-9 are encoded as digits "2"-"9" for shared secrets.
    BenWestgate commented at 8:05 pm on November 6, 2025:

    I don’t know if we need to mention what the digit is called in the Codex32 book.

    This digit does not always directly encode the threshold number of strings required for recovery.

    Threshold 1 is denoted by share index “s” NOT the first data character being “0”. “0” is merely a recommendation, and if used, forces the share index to “s”.

  13. in bip-0093.mediawiki:71 in affbe854f3 
    66@@ -67,8 +67,8 @@ It reuses the base-32 character set from BIP-0173, and consists of:
67 * A human-readable part, which is the string "ms" (or "MS").
68 * A separator, which is always "1".
69 * A data part which is in turn subdivided into:
70-** A threshold parameter, which MUST be a single digit between "2" and "9", or the digit "0".
71-*** If the threshold parameter is "0" then the share index, defined below, MUST have a value of "s" (or "S").
72+** A threshold digit (also called ''k'' in the codex book), which MUST be a single digit between "2" and "9", or the digit "0". This digit encodes the threshold (the number of shares required for recovery), where threshold 1 is encoded as "0" for unshared secrets, and thresholds 2-9 are encoded as digits "2"-"9" for shared secrets.
73+*** If the threshold digit is "0" then the share index, defined below, MUST have a value of "s" (or "S").
    BenWestgate commented at 8:08 pm on November 6, 2025:
    Digit vs parameter is probably bikeshedding
  14. in bip-0093.mediawiki:149 in affbe854f3 
    145@@ -146,14 +146,14 @@ The master seed is decoded by converting the payload to bytes:
146 
147 Note that unlike the decoding process in BIP-0173, we do NOT require that the incomplete group be all zeros.
148 
149-For an unshared secret, the threshold parameter (the first character of the data part) is ignored (beyond the fact it must be a digit for the codex32 string to be valid).
150-We recommend using the digit "0" for the threshold parameter in this case.
151+For an unshared secret, the threshold digit (the first character of the data part, also called ''k'') is ignored (beyond the fact it must be a digit for the codex32 string to be valid).
    BenWestgate commented at 8:11 pm on November 6, 2025:
    Even if @apoelstra believes BIP93 should clarify the Codex32 book uses a different term k for the threshold parameter. We definitely should not keep repeating both nomenclatures.
  15. in bip-0093.mediawiki:150 in affbe854f3 
    145@@ -146,14 +146,14 @@ The master seed is decoded by converting the payload to bytes:
146 
147 Note that unlike the decoding process in BIP-0173, we do NOT require that the incomplete group be all zeros.
148 
149-For an unshared secret, the threshold parameter (the first character of the data part) is ignored (beyond the fact it must be a digit for the codex32 string to be valid).
150-We recommend using the digit "0" for the threshold parameter in this case.
151+For an unshared secret, the threshold digit (the first character of the data part, also called ''k'') is ignored (beyond the fact it must be a digit for the codex32 string to be valid).
152+We recommend using the digit "0" for the threshold digit in this case, which encodes a threshold of 1 (no sharing).
    BenWestgate commented at 8:15 pm on November 6, 2025:
    This is false. As mentioned above share index “s” denotes the unshared secret (threshold 1) while the threshold parameter is ignored and it should stay that way for interoperability.
  16. in bip-0093.mediawiki:156 in affbe854f3 
    153 The 4 character identifier also has no effect beyond aiding users in distinguishing between multiple different master seeds in cases where they have more than one.
154 
155 ===Recovering Master Seed===
156 
157 When the share index of a valid codex32 string (converted to lowercase) is not the letter "s", we call the string an codex32 share.
158-The first character of the data part indicates the threshold of the share, and it is required to be a non-"0" digit.
    BenWestgate commented at 8:19 pm on November 6, 2025:
    This line is correct. Read the line above: when the share index is not “s”. The threshold parameter cannot be “0” in that case, so we know that for a codex32 share, the threshold parameter is required to be 2-9.


Lil-Duckling-22 jonatack BenWestgate

Labels
Proposed BIP modification Pending acceptance PR Author action required

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bips. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-11-09 18:10 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me