You know that saying "No knowledge is Lost"? That's why I'm curious about this. I just got my air-gapped hardware wallet a couple of days ago and went with the standard 12 recovery seed. Everything's been set up and running smoothly, but I keep thinking about this thing called Shamir backup.
Honestly, I’ve tried to figure it out, but I'm just lost. I’ve learned that sometimes it’s better to stick to what you know, especially when you’re unsure about something.
What’s up with the numbers of shares and the threshold? I’m completely in the dark here. So I thought I’d ask you all. Can someone explain what this is all about, what kind of extra security it offers, and who might really benefit from using it?
Who’s actually using Shamir backups?
19 replies 20 views
I know how Shamir was even before it was modified to be words, they were characters before, when after it was modified to be words, I still did not see any reason to use it as I prefer with seed phrase and passphrase, or multisig wallet if 2 or more people are involved. If I can use these, why alternatives.
You can read about wallet backup guide.
How to back up a seed phrase?
There are many backup methods and the Generic Shamir's Secret Sharing is one of them but this method has its pitfalls too.
Shamir's Secret Sharing shortcomings
Seed splitting need to be avoided as your backup method too.
Bitcoin Q&A: Why is Seed Splitting a Bad Idea?
You basically put your seed in shares, each one would be on a card, and if you have at least 2 out of 3, you are good to go and get access to your wallet.
defi_whaleFull Member
Posts: 140 · Reputation: 461
#5Jan 3, 2018, 09:15 AM
Looks similar to a multi signature setup, but unlike multisig where 5 people(5 shares, in the case of your device) control 5 different secret keys, your device 5 shamir shares are made of 5 different keys (with each Share having one different key) and all Shares controlled by one person (you) which maybe distributed or shared to different people to keep for you.. A minimum of 3 of the 5 share are needed to access your assets.
*While "Threshold" is probably the length of key in each Share
Your shamir backup doesn't have to be 2 of 3.
You can choose any number from 1 to 16 for the number of shares and any number from 1 to total shares for threshold.
Threshold is the number of shares that will be required for generating the wallet.
What I like about Shamir Secret Shares:
As long as you have shares below the threshold number, the shares don't reveal anything about the encoded secret. So if you distribute shares over locations and someone finds or peeks at one or few (below threshold) shares, nothing is compromised.You can afford to loose shares for whatever reason as long as you have the threshold number of unique shares intact which allows successful recovery.
What I don't like about Shamir Secret Shares:
It adds complexity.Only very few wallets support it.It's to my knowledge not really standardized. Yes, I know about SLIP-39, primarily supported by Trezor (Electrum can import, but not create it). I'm certainly missing other wallets that may support it.It's way less common than BIP-39.
Good instinct to ask, think of it like a treasure map torn into pieces, you decide how many pieces (shares) and how many are needed to read the map (threshold) it adds complexity but protects against a single point of failure useful if you have a lot of value to protect and trusted family-locations to split shares with. For most of us it's overkill and adds more things to manage safely.
diamond_atlasSenior Member
Posts: 408 · Reputation: 1359
#9Jan 3, 2018, 09:13 PM
Adding more complexity into the wallet backup process and wallet recovery later means adding more risk factors for wallet recovery. In his helpful blog post, Jameson Lopp warned about seed backup threat model.
With whatever backup method you use, Shamir or not, if it is too complex and if you can not restore your wallet in the future, you fail and you lose your bitcoin.
atlas_2015Senior Member
Posts: 151 · Reputation: 999
#10Jan 3, 2018, 10:24 PM
Wasabi Wallet supports SLIP39 and it will become the default seed type in the next release - https://github.com/WalletWasabi/WalletWasabi/pull/14209
jake.chainSenior Member
Posts: 280 · Reputation: 1307
#11Jan 4, 2018, 12:11 AM
First time hearing of this shamir backup but it seems like others have discussed about this before. Here are some threads about shamir backups.
Shamir backup sounds dumb to me
Single vs Shamir vs Multisig, which is easiest to hack statistically?
I have lost myself reading these threads and basically what I have concluded is that multisig is still the best method for security. Some even say they see no point in using shamir backups if youre keeping it yourself. I have seen others say that with shamir backups they distribute the shares to trusted people. Most Ive seen discourage the use of this though. Heres an article about its shortcomings
diamond_atlasSenior Member
Posts: 408 · Reputation: 1359
#12Jan 5, 2018, 10:57 PM
If it is your first time hearing and knowing about Shamir backup method, and you still don't understand about it after reading some documents, you can simply ignore this wallet backup method until a time you fully understand about Shamir backup and are able to use it properly.
The purpose of wallet backups is to have it for your wallet recovery later, that is vital for safety of your bitcoins. It's the ultimate goal of wallet backups and if you can not recover your wallets from backups, can not access your bitcoins, what you did before are actually non sense and even harmful.
The best wallet backup method is the one you master well enough from how to make backups and how to use backups for recovery.
Keystone uses the same SLIP 39 standard that was created by Satoshi Labs, the company that makes Trezor. With SLIP 39 you can have a single share, although from your screenshot, it looks like Keystone requires a minimum of 2 shares for some reason. By now it is already supported by the most popular Bitcoin wallets Electrum, Sparrow, Wasabi and Blue Wallet. Compatibility isnt much of a concern anymore for anyone worried they might not be able to recover their funds easily if their hardware wallet stops working.
Plenty of people use Shamir backup as alternative for multisig setup.
In fact all new Trezor hardware wallets are using Slip39 setup that is just a different name for Shamir Secret Sharing.
Keystone and Trezor SLIP39 is compatible, and I am sure more wallets will adopt this backup in future.
Electrum and Sparrow wallet also support importing SLIP39 shares but cannot sign transactions.
Electrum cannot sign transactions?
After importing the required shares of a SLIP39 seed, electrum will generate the wallet and the wallet file will contain the master private key. I don't understand why electrum shouldn't be able to sign transactions.
Am I missing something here?
h0dl3r_foxFull Member
Posts: 48 · Reputation: 326
#16Jan 6, 2018, 04:01 PM
ah, the advanced mode. shamir backup is for the ultra-paranoid or ppl with a massive bag.
splits your one seed phrase into multiple "shares." u set a number, like need 3 out of 5 shares to unlock. hide em in different places. way harder for a thief to find all the pieces.
if ur just startin, the regular 12 words is fine. shamir is for OGs or inheritance planning.
SwiftMinerSenior Member
Posts: 259 · Reputation: 1036
#17Jan 6, 2018, 09:39 PM
Personally I really don't fancy anything that relates to splitting of seed phases. Sure it seems quite safer but the complexity involved can take a sudden twist against you. Instead of a Shamir backup I'll prefer to straight up create a multi sig wallet instead. Like others have mentioned you hardly come across wallets that support this.
I believe it's quite similar to why SLIP-39 isn't as prominently used as BIP-39. One major positive side I see though is that if it isn't common then there's a high chance attackers may not know about it.
Use shamir backup if you're sure people could accidentally read your seed phrase and steal your bitcoin.
Binance in their Web3 wallet uses MPC (Multi Party Computation) that's very similar to shamir backup except they split their private key into shards and store it across different storages. Thousands of people are using it without knowing.
But like other said, it's an added complexity.
lynx_degenFull Member
Posts: 61 · Reputation: 253
#19Jan 7, 2018, 07:31 AM
Many people lost their coins because they're not capable to hold many secret thing.
I think people have to try to access their seed phrase after long period of time e.g. 6 months or a year, if they don't find a struggle to access the coins for long period of time, they can use more complicated ways.
The purpose of using this method is to make no one able to access our coins except the owner, but Binance split the private keys to themselves, user's device and user's cloud, which mean Binance have access to the coins since they store users' login credentials, they can decrypt the file.
It looks same, but very different in terms of safety.
QuantumYieldSenior Member
Posts: 117 · Reputation: 813
#20Jan 7, 2018, 07:48 AM
I don't trust that. It's my coins and I need to control my keys.
Even only splits, I don't want to store it on cloud and I don't want any split hold by Binance or by Ledger.
Ledger or Binance will not get any use from me, and perhaps I am only paranoid about risk but I think it is worthy to do. If people criticized Ledger and their Ledger Recover a lot, it's funny if they feel it is better with a similar product / service from Binance.
Related topics
- Creating a list of non-zero wallets and their balances using Python 4
- CipherSeed: A Comprehensive Guide to Super-Secure Crypto Wallet Backups 5
- Using two different Bitcoin versions without messing up blockchain data 3
- Using Electrum to Transfer from BRD Wallet with HPS Address 8
- bitcoin-qt sync issues and slow speeds 6
- Recovering a Bitcoin wallet and address 8