# Shamir Secret Sharing ## General - Example of [[Threshold Signatures]] ## Conclusions: - [[SLIP 39]] does not allow for BIP39<->seed<->shards roundtrip ## Appraisal by [[Jameson Lopp]] https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings/ - Good and informative post - "Key splitting can function as an alternative to multisig, but after researching its practical application at Casa, **==we rejected implementing Shamir's Secret Sharing Scheme because it exposes clients to many more risks==**." ### List of risks Fully research these if you decide to use Shamir's Secret Sharing in the future, such as if [[Ledger]] implements it - Single Points of Failure - Share Revocation - Implementation Complexity - Lack of Implementation Standards - Social Recovery Issues - Auditability - Share Integrity - Side Channel Attacks ## [[SLIP 39]] implementation: non-compatible with [[BIP39]], do not use!!! ![[SLIP 39#BIP 39 and SLIP 39 generated wallets do not match]] ## [[Christopher Allen]] [[Shamir Secret Sharing]] standard: [[SSKR]] - ![[SSKR#General]] ## [[Trezor]]'s implementation (not good) ![[Trezor#Trezor wallet implements Shamir Secret Sharing but it's based on SLIP 39]] ## Converting from existing [[BIP39]] seed ### Questionable, hacky way to do it using an open-source library https://bitcoin.stackexchange.com/questions/60540/practical-way-to-split-a-bip39-seed-into-a-2-out-of-3-factor-auth - It is not offline and therefore not good - Does not appear to be a standard method - Quentionable, it barely mentions the passphrase isuse