With the Shamir backup method, a password or seed phrase is split into multiple components called “shares”.
It’s an excellent security measure that helps ensure you retain access to your crypto assets in the unlikely worst-case scenario.
It was invented by Adi Shamir to allow for the sharing of passwords and other secret information.
Shares can be stored in different places, or with different people. To access the wallet would require a certain amount of these shares.
Remember, if you’re using a cold storage wallet (like Trezor), you’ll still have a PIN to unlock your device so you can use it day to day. The Seed Phrase (can be a Shamir backup) serves as a highly-secure recovery method.
You may never even need to use your recovery phrase since the only reason to is for recovery. In other words if you lose or damage your Trezor (or have it stolen).
If any of this happens you will just buy another wallet and instead of “setting it up as a new device” you’d choose to “back up an existing one”.
Why use a Shamir Backup?
A few reasons:
One example, a group treasury could split a passphrase between four members, requiring three of four of them to access the assets or unlock the wallet. No one person can take off with the funds.
In another scenario, you could split your private key into five pieces and require two to access your own wallet. By storing the other keys with lawyers, friends or banks, you can ensure that even if your house burns down you will retain access to your assets.
Or what about if you have roommates, or live in a place where you don’t always have privacy? It might be extra risky to have your seed phrase somewhere it can be found and quickly photographed with a mobile phone. It’s less likely that enough of the shares would be discovered if they are in different places.
Shamir Setup on Trezor Model T
Here's what you need:
- Trezor Model T
- USB-C to USB-A cable
- Google Chrome or Firefox browser
- Trusted Password Manager, CryptoSteel or Pen and Waterproof Paper
These are the steps:
Use the USB cable to plug your Trezor Model T into your computer.
Go to https://trezor.io/start/ to begin the process.
The Trezor site will ask you to select which device you’re using.
Click on the Trezor Model T and then click “Create Wallet”. It will give you two options, a single backup wallet or a Shamir backup wallet.
Select the Shamir backup option and continue.
Confirm that you want to continue on your Trezor’s screen.
Select how many shares you want to create in the Shamir backup. The Trezor Model T allows you to create up to 16 shares.
Select how many shares or parts of the key you will need to unlock the wallet and access the cryptocurrencies.
This number cannot be higher than the total amount of shares. Each share has 20 words by default but you can opt for up to 33 words to increase security.
Using either an indestructible Cryptosteel capsule, a Password Manager or a pen and paper, and write down the words for each of the shares.
Note: Do not save this in a note or text file on your hard drive. Keep it off line or use a secure password manager app.
The Trezor will also make sure you aren’t making mistakes by checking you’re writing the words correctly.
It may ask you to recall the third, fifth and sixth word for example.
It is time to split up the shares.
Store them in different locations, with different people or grant them to trusted parties like a lawyer.
Set up a PIN and pass phrase for extra security.
Are there any weaknesses or shortcomings with the Shamir method?
While it is fairly straightforward to set up, the Shamir method isn’t perfect for every situation. Most of the issues are that this extra layer of security comes as an inconvenience. As one would expect.
Shamir has a few shortcomings, according to this post.
- There is no way to revoke shares if you no longer trust a particular party.
- This cryptographic method can technically be cracked if an attacker has the first share and any other second share. This greatly reduces the amount of potential solutions and makes it possible to break the encryption.
I personally think this scenario next to impossible FTR.
- In time-sensitive scenarios, it might prove to be difficult to get the shares and recover the wallet because this often means contacting multiple sources and/or going to different places.
A Shamir backup method provides a highly secure but more complex way to setup and recover access to your (Trezor Model T) wallet.
Shamir backups splits a code into multiple “shares” (up to 16).
It requires a set amount of these shares (the threshold) to recover access to the wallet.
2 / 3 or 3 / 5 are common thresholds.
In the unlikely worst case that you forget your PIN or lose the device itself – your ability to backup and recover using the seed phrase is the only way to get the funds back under your control.
The Shamir backup is a bit more work and it may not be necessary or possible for everyone.
However, this method offers some real advantages and increases in security.
Whether you use a Shamir backup really depends on your situation. Consider: how much crypto you hold, how long you want to keep it in cold storage, and even whether you think having a single seed phrase somewhere poses a greater risk.