Consider the situation. I initialized Trezor model T with a 256 bit key and made a backup of shamir according to scheme 3 of 5
Based on 256 bits of the key, I have generated a crypto wallet with a 128 bit key.
1 part of shamir’s backup was compromised.
Question: How many bits of crypto wallet security do I have left?
a)128-128:3=85 bits
b)256-256:3>128 hence I have 128 bits of the key left
And what would happen if 2 parts of shamir’s backup were compromised?
Question 2: How many bits of security do I have left in a 256 bit key? 256-256:3=170?
Are you planning a math problem? What is the point of calculating this?
There is no 100% security in this world.
Regardless of whether 1 shamir or 2 shamirs are stolen, your wallet is safe, but if your 2 shamirs are stolen, it means that you lose another shamir and you will permanently lose your assets.
It is important to do your best to protect your backups within a limited range of capabilities. If there is a fire, etc., you lose three of the shamir and trezor equipment. You don’t need to worry about being stolen, but your assets will always stay on those addresses and cannot be moved. You also completely lose control of your assets.
Are you planning a math problem? What is the point of calculating this?
I want to give one part of the backup to 2 people. So that they can restore the seed in case of my death. (There is also a way how they will receive the 3rd part). But I am extremely skeptical about the literacy of these people in terms of computer security.
The question to which I want to get an answer is: how much will the security decrease if they compromise their parts of the backup?
I think you should ask the inventor of the shamir backup method for this question.
Instead of this, you might as well directly specify in your will to whom the 5 backups will be given. Or leave a bank safe for the inheritance.
@Lurker Even if the attacker lacks only one share to reach the necessary threshold (e.g., 2 compromised shares in a 3-of-5 scheme), your backup is safe because the attacker would still need to attempt to guess the last share about 2^128 times, which is not computationally feasible.
This would mean that you have 5 shares of 33 words each.
This is not how it works. You would need to be more specific.
1 out of the 3 required parts is compromised.
Per Shamir’s Secret Sharing, having one share (or two, or M - 1 for M-of-N scheme) doesn’t decrease the difficulty at all.
If one of your shares is compromised, the difficulty is still 256 bits. If two shares are compromised, the difficulty is still 256 bits. If three shares are compromised, the difficulty is 0.
Assuming you’re talking about one particular private key that provides 128 bits of security, an attacker can attack this key directly for a difficulty of 128 bits – that is completely ignoring the strength of the backup or how many parts of it are compromised.
To answer this specific question: Cryptographic security will remain the same. If you’re worried about random hackers from across the world brute-forcing your backup, that is not going to happen.
Real world security is decreased, however, because whoever is after your money now only has one share left to find.
Consider leaving your shares with more responsible people.
Thanks everyone. I have no more questions on the topic.
Real world security is decreased, however, because whoever is after your money now only has one share left to find.
In the real world, there is not only the problem of compromise, but also the problem of losing seed. You have to make compromises. The problem with more responsible people is that they shouldn’t get a seed.
In the real world, compromising even 3 parts does not mean stealing a wallet. After all, it’s not a fact that all 3 parts will fall to one attacker. I don’t have such large sums that hackers would deliberately dig for me (I’m sure there are richer and more easily accessible wallets).