Trezor and Ledger hardware wallets have become the de-facto standard for safe storage of various cryptocurrencies ranging from Bitcoin to Zcash.
Both wallets use BIP39 mnemonic phrases of 24 words as a seed to generate an unlimited number of private keys and addresses that are used to store coins in each different address.
This ensures a backup of all your private keys can be written down and stored safely offline. After a catastrophic failure of your hardware device you can restore your seed to a new Trezor/Ledger device in the future, gaining access to your coins once more.
But the question now is, how to secure the 24 word BIP39 seed from multiple untrusted parties?
An evolution of key storage
In the early days there was no BIP39 24 word seed, instead, for each public key the corresponding private key would often be printed on paper wallets and stored offline. Many people kept wallets in a safe. You can still generate them online today. I printed mine and kept copies under my floorboards!
However, the problem still existed where the private key could be read by an offline attacker, restored, then money would be stolen from the wallet.
In 2012, BIP38 was created in order to store private keys encrypted with a passphrase, these could be printed as a QR code and stored safely offline. An attacker couldn’t view the private key without decrypting it first — I printed my keys and gave them to friends, so no more digging up floorboards!
However, the shortcoming still exists, the passphrase to decrypt keys still needs to be stored somewhere.
Shamir’s Secret Sharing, repurposed
Shamir’s Secret Sharing (SSS) is a method to encrypt any secret text into multiple parts, each part by itself does not reveal the secret, but, if some of the parts are recovered together they can reconstruct the secret text.
First generate a new BIP39 mnemonic seed for your wallet:
require struggle ketchup hurt draft undo garlic defy truth tell decade auto pond release law depart army elevator luxury analyst critic model warm sliceThen pip install secretsharing library, from the python cli you can create the shares:
>>> from secretsharing import PlaintextToHexSecretSharer
>>> PlaintextToHexSecretSharer.split_secret("require struggle ketchup hurt draft undo garlic defy truth tell decade auto pond release law depart army elevator luxury analyst critic model warm slice", 3, 5)
['1-29f88e1a <snip> 4aa072a'] ...The above produces 5 separate keys. These can be distributed amongst 5 different people (for example, 3 solicitors, yourself, and your partner or children). Saving each key in QR codes can make restoring simpler.
Only 3 of these 5 people need to come together to restore the 24 word list, these instructions can be added to a business protocol, or, in the event of a death, a Will.
The key benefits
- No single party has access to restore the word list
- At least 3 parties must be hacked/or malicious in order to restore the 24 words
- It can be difficult for a hacker to find 3 separate keys if they are well ‘hidden’
- If one key is uncovered the word list remains safe
- The number of keys printed (or keys required for restoration) can be modified to include more or less people as necessary
There is still more to be done
Security and custody of cryptocurrency is an ongoing problem, and as the space matures these techniques continue to evolve.
By using SSS to store a wordlist offline adds an additional layer of security, and, in an unfortunate event of a death to key personnel in a business, it can be the difference between losing or recovering millions.
