Odds are, if you spent any time at all looking over the hardware wallet market, that you’ve come across the term Shamir backup and could only guess that it has something to do with recovering your data in the event of the theft or loss of your wallet – specifically the Trezor model T, currently the only device with the Shamir Backup feature.
While you might not yet know exactly what Shamir Backup is, you can rest assured it is destined to become a prevalent fixture across the hardware wallet space as a superior means of protecting your data from both your self, mother nature, and would be crypto thieves.
Heck, even SatoshiLabs, the very people who first implemented the backup scheme in their Trezor Model T hope, for the good of the consumer, that Shamir Backup will become a new industry standard. But what exactly is Shamir Backup? What makes it superior to a simple master seed recovery protocol and why should you know about it?
What is Shamir Backup?
Down below we will explain, step-by-step, the general landscape of crypto-security, the problems Shamir Backup solves and why we expect the protocol to become a widespread industry standard for crypto-security.
First: What Are You Backing Up?
Before we dive into how Shamir backup works, it’s important to first illustrate the basic crypto-security landscape and the need for hardware wallets in general. If you’re interested in Shamir Backup, he probably has a foundational understanding of cryptocurrency in general and are aware of how public addresses and private keys work. But just in case you don’t, here’s a super-quick refresher:
Public addresses function like a mailbox stored on a blockchain — everybody can see it, anybody can send mail (cryptocurrency) to it, but only the person with the key to the mailbox can open them and take out what’s inside. In this analogy, the key to the mailbox is your private key that is used to operate transactions with your public address. Every blockchain, whether it’s Bitcoin‘s, Ethereum‘s, or Cardano’s, all operate on this basic framework — a publicly viewable address that is controlled using a private key.
This private key is the only thing that determines “ownership” of any public address. Nobody can truly “own” a public address in a legal sense because of the decentralized nature of blockchain and thus all of the crypto stored inside a public address is only yours insofar as you can maintain singular control over its private key. This is why hardware wallets are such a vital component of security when it comes to cryptocurrency.
Hot wallets (software-based wallets connected to the Internet) are vulnerable to cyber attacks via keyloggers and other malware that can expose your private key. Similarly, the reason you should never store cryptocurrency on an exchange wallet like that of Coinbase or Binance is that the account data for these wallets are stored on centralized servers run and maintained by private entities, meaning that they too have the “key” to your mailbox. Any failure in the security on their part will expose your’s and many other users’ Crypto to attackers.
A common thread here is the internet serving as an avenue for attack. Hardware wallets store your addresses and private keys offline, out of reach of attackers, and solely under your control.
Shamir Backup is an Alternative to the Master Seed
But what happens if you lose your hardware wallet? Do all of your private keys and public addresses go with it? Technically, yes. While the device itself is secured with a pin and password and numerous other security protocols are in place to keep it safe in the event of theft or loss, you yourself will no longer possess the private keys and public addresses. This is because part of the security protocol of a hardware wallet is that it keeps the private keys and public address on the device and away from prying eyes — even yours.
But, fortunately, there is a failsafe: something called the Master Seed. This is a 12 to 24-word recovery phrase that can be used to reconstruct your wallet in the event of the loss or theft of your physical device. This phrase is the root of all your crypto-secrets: all of your public and private keys can be reconstructed from this singular phrase (yes, that means all of the addresses on your device.)
This is an important security protocol for obvious reasons. People lose things all the time, even important things, And storing all your eggs in one basket is especially found one in a security context. But isn’t the master feed in its own way a basket full of eggs? Indeed.
Though it gives users the crucial ability to restore their wallet in the event that it is lost, it also represents a single point of failure they can be exploited by attackers. It also leaves you vulnerable to the permanent loss of your wallet in case you lose the phrase — leaving the device as the sole repository of your information.
People have come up with all sorts of ways to combat these two risks associated with the Master Seed. Some split their Master Seed into multiple parts (For example splitting a 24-word passphrase in two, keeping 12 with themselves and 12 with a trusted other). While this reduces the risk of an attacker gaining access to your private keys, it exponentially increases the risk of losing your own passphrase — you now have two sources of entropy that introduce an opportunity for Murphy’s Law to destroy your passphrase. Only one half needs to be compromised to lose it completely.
Another strategy is to simply make multiple copies of the passphrase and keep them in separate locations. But now you have all the more opportunities for cybercriminals to obtain your information by hook or by crook; an attacker has multiple opportunities to steal just one of the numerous copies available to reconstruct your wallet.
This way, when you reduce the risk of loss, you increase the risk of theft and vice-versa.
Shamir Backup Kills Two Birds With One Stone
Now that you understand the security risks posed by the Master Seed, you’re ready to understand what makes Shamir Backup such an elegant solution to an otherwise widespread problem. What Shamir Backup does is simple: It splits your master seed into up to 16 different Recovery Shares and sets a minimum threshold for recovery. For example, a seven out of 10 Shamir backup scheme could create 10 different Recovery Shares, each with its own 24-word passphrase. Recovery of your device would require any seven of these 10.
It really is that simple.
But how does this answer the two risks posed by the Master Seed recovery protocol? First, it makes the theft of your private keys exponentially more difficult for an attacker. By stashing all of your 10 recovery shares in different locations, the attackers need to compromise seven out of those 10. As long as you have taken the appropriate measures to maintain the secrecy of these locations, this provides an infinitely more potent buffer against attack; You can fail six out of ten times and still keep your data safe.
It also guards against loss in the same way — any seven of the ten will be adequate for recovery, allowing you to lose up to three of your 10 recovery phrases. As long as you are taking the necessary steps to keep your recovery shares safe, this shouldn’t be a problem. Instead of sudden death, you can now play the security game with extra lives.
This way, Shamir Backup provides you mitigated risk on both fronts without presenting any others and is the principle reason we can expect Shamir Backup to become an industry-standard protocol in the time to come.
Currently, however, Shamir Backup is only available on the Trezor Model T, which is likely part of the reason the Model T charges something of a premium over its major competitor, the Ledger Nano X, and why we highly recommend it as a top-tier crypto-security solution.
For a more in-depth breakdown of the Trezor vs Ledger debate, a comparison of the Ledger Nano S vs X, and more, be sure to check out our cryptocurrency archives!