[cryptophile]

Unfortunately, multisig forces you to use the blockchain. There are use cases where you don't want that. SSS, on the other hand, seems too complex to feed back through the ECDSA signing algorithm. In the link above they just use the factors of the private key to distribute as shared secrets. So, your private key cannot be a prime. But then again, ECDSA does not seem to require that from a private key. It's not that using a composite number would make it easier to work your way back to the discrete ECC logarithm ...

[oleganza]

I was replying to your question on how to sign transactions. Multisig is the real and the best solution for this task. Maybe I don't understand the problem with "multisig forces you to use the blockchain". If you sign a bitcoin tx, then sure you need to get it on the blockchain. Or am I missing something?

[cryptophile]

Distributed signing is useful in other contexts too. It does not always have to be bitcoin-related ...