Trezor Shamir Seed splitting

Has the shamir seed splitting code been independently audited for correctness?

Hi @puzzler

We believe that open-source and transparency is better to follow rather then relying on third party authorities audits.

Shamir Backup code is available to everyone on Github, dive into the code if you like; slips/ at master · satoshilabs/slips · GitHub

I agree that it’s always better if the code is somewhere where anyone who chooses to can audit it.

However, it doesn’t instill confidence unless someone knowledgeable actually bothers to do so.

For example, whenever Donald Knuth posts code, he asks people to let him know not only about errors, but also to let him know when they’ve read through it and are confident that it is correct. He maintains a list of things he has written that no one has independently proofed yet, so the community can direct their energies towards the parts no one has looked at.

Do you know for certain that someone other than the original author of your shamir seed splitting code has read it, understood it, thought about potential bugs, tested it, etc.? Has anyone tried making an alternative implementation from your spec and verified that the results match your implementation?

the answer to this is “sort of”

this is reportedly based on the reference implementation and not necessarily the spec though

One more proof of concept, don’t use it with a real recovery seed.