{"id":19426,"date":"2019-09-06T14:54:54","date_gmt":"2019-09-06T14:54:54","guid":{"rendered":"http:\/\/ci027cfe70e00826c3"},"modified":"2025-01-27T21:26:47","modified_gmt":"2025-01-27T21:26:47","slug":"hardware-wallets-just-got-a-bit-more-secure-with-trezors-shamir-backups","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/culture\/hardware-wallets-just-got-a-bit-more-secure-with-trezors-shamir-backups","title":{"rendered":"Hardware Wallets Just Got a Bit More Secure With Trezor\u2019s Shamir Backups"},"content":{"rendered":"
<\/div>
<\/figure>\n

If hardware wallets have one Achilles\u2019 heel, recovery seeds may be it. But Trezor\u2019s SatoshiLabs<\/a> has figured out a solution.<\/p>\n

Hardware wallets are generally considered to be among the most secure solutions for storing bitcoin. As the private keys to sign transactions never leave the device, these keys are never exposed to the internet and can, therefore, not be hacked remotely. Even with physical access to the device, subtracting the keys is no straightforward job \u2014 if it\u2019s possible at all. (This appears to be an ongoing cat-and-mouse game between security researchers.)<\/p>\n

But even if we assume that they are secure, hardware wallets can still break, get lost, get stolen or become otherwise unusable. For these cases, users should keep a backup seed: a list of a couple of dozen words typically written down on a piece of paper, from which all the device\u2019s private keys can be generated.<\/p>\n

But what if the backup seed itself gets lost or \u2014 worse \u2014 stolen? <\/p>\n

A New Way to Split Backup Seeds<\/h2>\n

A chain is only as strong as its weakest link, and a hardware wallet is only as secure as its backup seed. If the piece of paper is stolen, the thief can claim all the coins on the hardware wallet \u2014 without any advanced technical skills. If the backup seed is lost, it is, of course, of no help when the hardware wallet is also lost, stolen or destroyed \u2014 and the coins would be inaccessible forever.<\/p>\n

After more than a year of development, Prague-based SatoshiLabs, the company behind the Trezor hardware wallet, has now introduced Shamir Backups. Based on Shamir\u2019s Secret Sharing<\/a>, a cryptographic algorithm created by well-known cryptographer Adi Shamir (the \u201cS\u201d in RSA<\/a>, one of the first public key cryptosystems), Shamir Backups let users \u201csplit up\u201d their backup seeds into several word lists or \u201cshares.\u201d The wallet\u2019s private keys can then be recovered by combining some predetermined subset of the shares. SatoshiLabs\u2019 Shamir Backups allow for the creation of up to 16 shares (and individual shares can be even further divided into sub-shares).<\/p>\n

As a practical example, you could set up a two-out-of-three backup. In that case, you would generate three different word lists, and you would need any two of the three to restore your private keys. This way, you could, for example, distribute the three lists over three different locations, minimizing the risk that two of them are lost (say, in a fire) or stolen. <\/p>\n

If an attacker manages to steal only one of three backup seeds, it would be of no use to them at all (as opposed to cutting a normal backup seed into multiple pieces; stealing some of these pieces could enable an attacker to guess or brute-force the remaining words). Meanwhile, if only one of the three shares is lost, the remaining two can be used to restore the wallet.<\/p>\n

Open Standard<\/h2>\n

Shamir Backups are available for SatoshiLabs\u2019 Trezor Model T, the company\u2019s latest hardware wallet. Users who already have a Trezor Model T can opt to migrate to a Shamir Backup using this guide<\/a>. New users can follow the regular setup guide<\/a>. As an open standard (SatoshiLabs Improvement Proposal 0039<\/a>), other wallet providers could opt to follow in SatoshiLabs\u2019 footsteps and offer Shamir Backups down the road as well.<\/p>\n

For more information on Shamir Backups, also see SatoshiLabs\u2019 blog post<\/a> announcing the solution and its additional detailed guide<\/a>.<\/p>\n