Beyond Shamir: Expanding Multisig for All Available Seeds

I would like to suggest the development of a more conventional multisig mechanism, allowing individuals to create their own multisig configuration without solely relying on the Shamir Backup. I am not undermining the effectiveness of the Shamir method, but advocating for the ability to maintain the three seeds I have already memorized, without the obligation to create a Shamir Backup. I have possessed these seeds for years, and Trezor is hindering the establishment of an added layer of security by centralizing everything in the Shamir Backup. This exposes users who already have their own seeds to third-party technologies, which may pose security concerns. For instance, Electrum has encountered numerous issues.

It would be highly beneficial if Trezor utilized the interface and existing functionalities within the Shamir system to enable any generated seed to establish its own security layer using Trezor and the Trezor Suite, such as a 2-of-3 seeds or more. Please consider this new possibility and allow us to use our 12 or 24-word seeds to set up our own multisig configurations.

Multisig and shamir are fundamentally different tho.

Multisig depends on a chain’s capabilities to allow multiple private keys to be involved in an address and let multiple parties sign independently. Note that while these “parties” can be backups and wallets in your control, they don’t have to be.

For example you could have a company with a CEO, VP and accountant with a 2/3 setup and out of these 3, 2 would need to agree to EACH TRANSACTION by signing it. That could easily be across the globe too.

With shamir you just have one wallet which has a split backup, and when they come together and get restored you have one single wallet with full control over everything.

However due to the way slip39 only replaces bip39 and derivation continues from bip32 as normal a shamir wallet is, aside from the backup indistinguishable from a standard single wallet.


Okay, I understand, but wouldn’t it be possible to create something similar to Shamir’s backup without the complexities of multisignature?

Something like a single wallet generated by the chosen ‘SEEDs’ that I already possess, without needing to create a new Shamir seed.

So what you’re asking for is a way to combine existing seed phrases in a way that gives you a new wallet?

That’s basically the exact opposite of what you should be doing.

Do you want a new wallet for yourself, with backup shared by multiple people and/or locations? Then you don’t want to be giving out existing seeds, because that gives the people access to your existing wallets. Instead, create a new Shamir backup. Having one share reveals absolutely nothing about the wallet.

Do you want multiple people with multiple existing seeds to co-own a wallet? Then set up a multisig scheme like @My1 is saying. That allows everyone to co-sign a shared account under controlled conditions instead of giving everyone full rights to take the money and run.

Do you want to … uhh … combine three seeds that you have already memorized?? Why do that, instead of just picking one and using it?

Do you want to create a new wallet and back it up between several people, Shamir style, and at the same time keep one seed on yourself that allows you to fully recover it?
Make a SuperShamir with 1of1 + 3of5 groups. Back it up on cryptosteel like the rest of us, and if you want to memorize something, make a good strong randomly generated passphrase.

FWIW, memorizing key material is generally a bad idea. It makes you one unfortunate bang on the head away from losing all your money. Humans suck as storage media.

(It is technically possible to take your BIP39 seed and back it up via Shamir shares of 59 words each. This is not enabled on Trezor because, basically, we haven’t yet figured out a way to do it without making it a perfect way to shoot yourself in the foot.

Which, to be perfectly honest, what you seem to be proposing is exactly that: a grand big opportunity to mess up catastrophically.)


I think choosing seeds generally isnt a good idea and in terms of how shamir works that’s not how that works, just from the math of it.

in shamir (be it from trezor or not), you have one thing you start with, and select how you want to split that (as in how many shares needed of how many total, like 2/3)

as far as I know you cannot just make up shares and hope it goes well as the mathematical properties likely have to be set in advance by the splitting process.

I mean the math of shamir is likely way too advanced for me to understand but I cannot just make up some random numbers and declare them e.g. public and private key, because they need to have some mathematical relationship with each other, same with shamir shares.


frankly if SLIP39 would have shamir’d the BIP39 entropy instead of the BIP32 starting secret it would have been easy to convert between normal and shamir, but sadly that wasnt done, which could have been nice

but then again, if you have enough coins to warrant a shamir, making a new wallet can still be worth it, even if you need new metal backups

1 Like

Let’s forget about it. It seems you haven’t grasped the core of what I’m saying. The reason I’ve never used Shamir is that I would never endorse a system that requires me to hand over my seed to anyone. In my view, nobody should even be aware that I possess a physical wallet. My intention was simply to create a wallet that would necessitate my three existing seeds, serving as an additional layer of security. But alright, it appears that only your team persists in the notion of sharing seeds with third parties. When I mentioned Shamir, it wasn’t about the reference of giving seeds to anyone, regardless of whether they have access or not. It was about the use of 3 out of 2. Well, let’s drop it.

But I don’t want to forget to thank you for your attention. Thank you very much.

I’m sorry what?

Do I understand you correctly that what you’re after is not “sharding” but, essentially, using a single 36-word seed composed of your three 12-word seeds?

What would be the purpose of this scheme? If you’re the only one who knows all the seeds, why not simply pick one and use that?

1 Like

Wait what? With shamir you aren’t giving anything to anyone.

1 Like

Exactly, that’s it, simple as that!

In my perspective, yes, it does lead to exposure. In the future, someone who previously didn’t understand the concept of a ‘seed’ sequence might now comprehend it, establishing a connection with me. Even though this person doesn’t have access to the funds, there could be an implication that I hold assets in self-custody. However, there’s no guarantee that this trusted individual might not hire someone to harm me and coerce me into transferring the funds.

I don’t see the need to explain my purpose or the structure of my wallet, as it probably won’t happen anyway. It would be highly beneficial for me to have a single wallet that accepts three sets of 12 words! This would serve my needs very well. Thank you for your attention!

Just to provide full information: you can of course set up a 3-of-3 Shamir backup, where you generate 3 shares of 20 words each, do not give them to anyone, and all 3 shares are required to recover the wallet.

(Shamir itself doesn’t require you to give out the shares, and, to be absolutely clear here, Trezor itself is not doing that either. The only person who gets the shares is the one who is setting up the backup. Whether you decide to give them out or not is completely up to you. The point of Shamir is that you can safely do it. But you don’t have to. Another scenario is, for example, you burying the shares in multiple separate locations, so that even if one of the hiding spots is compromised, your wallet is still safe.)

If deniability is what you’re after (set up a decoy wallet on all three seeds, but only when combined your real stash is revealed), the standard solution to that is the passphrase feature. You can use the standard wallet as a decoy, and you can set up passphrase A as another decoy to give out under duress, while keeping passphrase B with the majority of your funds a secret.

While I can say with 100 % confidence that “layering seeds” is not going to become part of Trezor (it’s a UX nightmare, just look at how easy it is for people to lose funds just with passphrase alone), it might not be difficult to implement in custom firmware. You could do something as simple as modulo-addition of individual words: then any combination of seeds would produce a different seed (with failing checksum but that doesn’t matter for this purpose).

Thank you very much for your guidance

You don’t have to give your seed, be it a standalone one in a multisig or a shamir shard to anyone in the first place.

1 Like