Introduction
Accepting one's own mortality is a sign of maturity. So is recognizing the critical importance of securing your bitcoin legacy for posterity. Bitcoin is a bearer instrument, meaning it’s not enough for your survivors to know you owned bitcoin—they must be able to access the keys. However, you also don’t want your family to have access while you’re still alive. A backup scheme that allows for controlled access is essential, and Shamir backup offers precisely this solution.
Understanding Seed Backups
In the early days of Bitcoin, backing up wallets was a challenge. Before hierarchical deterministic (HD) wallets, users had to back up each private key individually. This clunky process led to many bitcoins being lost.
The invention of HD wallets, standardized by BIP32, simplified backups. Instead of backing up hundreds of keys, users only need to secure one master seed. BIP39 further improved this by introducing mnemonic seeds—a group of words in a specific order that serve as a backup. Today, you back up your recovery seed, typically 12 or 24 words, rather than individual private keys.
However, storing the recovery seed safely involves balancing two risks:
- Theft: The seed must be protected from strangers.
- Loss: Your bitcoin shouldn’t depend on a single copy; multiple copies in different locations mitigate risks like fire or flood.
A plain recovery seed can’t meet both criteria effectively. This is where Shamir backup comes in.
What Is Shamir Backup?
Shamir’s Secret Sharing (SSS) is a cryptographic technique developed by Adi Shamir in 1979. It allows you to break a secret (like your recovery seed) into multiple shares. Individually, these shares are useless and reveal nothing about the original secret. To reconstruct the secret, a specified number of shares (the threshold) must be combined.
For example, in a "3 out of 5" Shamir backup:
- You create five shares.
- Any three shares can recover the secret.
- The specific shares used don’t matter.
This setup lets you distribute shares across multiple locations—home, a friend’s house, a bank safe deposit box—without any single location holding enough shares to access the bitcoin. Shares should always be stored in analog form, such as handwritten on paper or stamped into metal, and never on an internet-connected device.
Benefits of Shamir Backup
Shamir backup effectively addresses both theft and loss:
- Theft Prevention: No single location holds the threshold required to access the funds.
- Loss Prevention: Even if some shares are lost or destroyed, the remaining shares can recover the secret.
The standard for using Shamir backup in seed backups is SLIP-0039, published in late 2017. It’s open for anyone to study and implement. Today, products like Trezor Model T and Unchained Capital’s Hermit wallet support SLIP-39-based Shamir backups.
Using Shamir Backup for Inheritance Planning
The same qualities that make Shamir backup secure for everyday use also make it ideal for inheritance planning. By distributing shares, you ensure that your survivors can access your bitcoin only when necessary. However, clear written guidance is crucial for them to do so safely.
Dos and Don’ts for Inheritance Guidance
- Do write it down: Don’t rely on verbal instructions; details can be forgotten.
- Don’t include it in your last will: Wills can become public documents in some jurisdictions, posing a security risk.
- Use pen and paper: Avoid digital copies to prevent exposure to hackers.
- Explain Shamir backup: Describe what it is, why it’s secure, and emphasize that shares should never be entered online or shared with strangers.
- Specify share details: Include the total number of shares, the threshold, and instructions for locating them.
- Store the guide securely: Keep it in a safe place accessible only to your loved ones, like a home safe.
- Update the guide: Revise it if share locations change.
Additionally, inform your survivors about any bitcoin held on exchanges or in hot wallets. Every satoshi should be accessible to them.
Put yourself in the shoes of a non-bitcoiner. If your family isn’t familiar with bitcoin, they might make mistakes or fall prey to scams. Clarity is key. Consider recommending a trusted bitcoin-savvy friend to assist them. This provides a known contact and legal recourse if needed, unlike seeking help from strangers online.
Shamir Backup vs. Multisig
Some critics, like Jameson Lopp, have pointed out shortcomings in earlier implementations of Shamir backup and recommended multisig schemes instead. However, SLIP-39 has proven robust since its implementation in 2019, with no vulnerabilities found.
Shamir and multisig address slightly different needs:
- Shamir backup protects the recovery seed.
- Multisig enhances security during transactions.
They can even be combined: use multisig for transactions and Shamir to back up each wallet’s seed.
Multisig requires ongoing coordination between parties to sign transactions, which can be impractical for individuals. It also has pitfalls in transaction verification and backup. While suitable for organizations, it’s often cumbersome for everyday users. Shamir backup, by contrast, is practical and user-friendly today.
👉 Explore advanced security methods
Frequently Asked Questions
What is a Shamir backup?
Shamir backup is a method to split a recovery seed into multiple shares. A threshold number of shares is required to reconstruct the seed, balancing security and accessibility.
How does Shamir backup prevent theft?
By distributing shares across locations, no single place holds enough shares to access the funds. Even if one share is stolen, it’s useless on its own.
Can I use Shamir backup with any wallet?
Not all wallets support it. Look for SLIP-39 compatibility in devices like Trezor Model T or software like Unchained Capital’s Hermit wallet.
Is Shamir backup better than multisig?
They serve different purposes. Shamir secures the seed backup, while multisig secures transactions. Shamir is often more practical for individual users.
How should I store Shamir shares?
Use analog methods like writing on paper or stamping into metal. Avoid digital storage to prevent hacking risks.
What happens if I lose some shares?
As long as you have the threshold number, you can recover the secret. For example, in a "3 out of 5" setup, losing one or two shares doesn’t prevent access.
Conclusion
Shamir backup is a powerful tool for securing your bitcoin against both theft and loss. It’s also an effective solution for inheritance planning, ensuring your loved ones can access your funds without unnecessary risk. By combining Shamir with clear written instructions, you create a robust legacy plan. While multisig has its place, Shamir offers practicality and security for most users today.