Open-Source Standards Unchained

First published: 10/16/2019
| Last updated: 01/18/2023
| -- min read

SatoshiLabs recently announced the release of a new security standard called Shamir Backup, or SLIP-0039, which has revolutionized the way that you can store and manage the physical backup of your wallet’s private keys.

This development is exciting in a lot of ways for individuals, groups, and businesses. SLIP-0039 covers use cases for a variety of threat models, but there are some challenges to implementing it.

Innovative new ideas are always exciting, but they can often be just complex enough to be poorly put into practice. Let’s take a look at some of the use cases for SLIP-0039 for both individuals, and groups and businesses operating on a larger scale, so you can better understand how Shamir Backup works, and whether or not it fits into your security needs according to your threat model.

SLIP-0039 for me, myself, and I

No matter how you use your hardware wallet — whether you want to hodl in cold storage or safely manage your crypto portfolio while protecting your private keys offline — the weak link in your security is your recovery seed.

If you don’t hide it well enough and someone steals that sequence of 12–24 words, then they can use it to recover your wallet on any other hardware or software wallet. Then they’re just a couple short steps away from taking all your crypto from your wallet and sending it to their own.

Regardless of how well you hide your recovery seed to keep it safe from theft, it’s still susceptible to loss or destruction by accident. You could lose it in a fire or natural disaster, your dog might eat it; any number of bizarre and unpredictable disasters could cost you your recovery seed.

True, you wouldn’t lose your crypto because of that, but you wouldn’t be able to recover your wallet without the recovery seed, which can still result in you losing access to your assets forever if anything happens to your device.

So, how does SLIP-0039 counteract these threats?

SLIP-0039, or Shamir Backup, used on a Trezor Model T hardware wallet gives you room to customize your security according to your threat model. You can create up to 16 recovery shares, and then choose the threshold.

Let’s say you create five shares, and you set the threshold to three. If someone steals one of your recovery shares, they won’t be able to do anything with it; one piece of the backup doesn’t reveal anything about your private keys. In fact, they would have to know what your threshold is, find out where or with whom you hid all the shares, and then steal any three of those shares in order to steal your funds.

Shamir Backup protects your backup against accidental loss as well. Once you distribute your shares, your chances of losing access to your backup are much lower. You can lose or accidentally destroy one or two shares, and you’ll still be able to meet the threshold and recover your wallet.

Did you know? You can recover your wallet with Shamir Backup by entering one recovery share, unplugging your Model T, and continuing recovery later in a different location if necessary. Your device will be able to pick up right where you left off.

When someone introduces a new security standard, it’s a chance for the entire security industry to take a step forward. As an open-source standard, SLIP-0039 is paving the way for industry-wide implementation, but not just for other hardware wallet companies.

Which brings us to a brand new tool created by a company that has already taken that step forward to innovate a solution with cutting-edge security.

SLIP-0039 for yours, mine, and ours

Groups cooperating to protect private keys have different challenges compared to individuals, and these challenges become especially apparent for businesses. Businesses have to deal with the human aspect on a large scale.

Employees with different levels of security clearance, employees leaving the company, and malicious employees who might attempt to subvert a company’s operational security protocols are just three situations that have to be taken into account. Each one presents challenges to private key management that are distinct from those faced by an individual; but now, SLIP-0039 helps provide solutions to the unique issues businesses must overcome.

As a collaborative custody business protecting 1-of-3 private keys for clients in a multisig quorum, Unchained Capital needs the most secure way to distribute trust among its different employees with different levels of security clearance.

Until SLIP-0039, Shamir’s secret sharing scheme didn’t provide the flexibility or scalability necessary for an organization, since it allowed for only one level of shares, with each share being equal. SLIP-0039 includes the ability to create groups of shares with thresholds at multiple levels, allowing a company to allocate trust differently among employees.

Unchained Capital uses SLIP-0039 in a recently released, open-source, air-gapped command line wallet called Hermit. By including SLIP-0039, Unchained Capital is able to customize its private key shares hierarchically to allocate trust appropriately among different employees.

SLIP-0039 gives organizations more flexibility to securely manage different signing shifts of employees as well as employee turnover, although it’s still safest to move funds to an entirely new private key in the event an employee leaves.

It also reduces complexity for individuals holding shares, mitigates threats presented by any individual, and gives companies a more secure path to adjust signing structures internally without having to publicly broadcast a transaction. By better securing a single key with SLIP-0039 within a multisig quorum of keys, Unchained Capital’s client funds are ultimately more secure.

Hermit is just one example of the SLIP-0039 open-source ecosystem. It’s a technical solution for businesses and groups looking to leverage hierarchical shares to protect a key. On Unchained Capital’s vault platform, Hermit will be used in conjunction with Trezor devices to form a multisig quorum that increases security for a user’s bitcoin and allows for a collaborative team to protect private keys.

Is SLIP-0039 for you?

Well, if you’re an individual looking for the best way to store and protect the physical backup of your wallet’s private keys, and you include theft or loss in your threat model, then Shamir Backup is your best bet to counteract the possibility of losing access to your cryptocurrency.

If you’re operating on a large scale and you’re looking for the best way to split up your private key and distribute trust within an organization, then check out Unchained Capital’s implementation of SLIP-0039: Hermit.

Sign up to get notified for future blog articles.