All articles

Multi-share Backup on Trezor

At Trezor, we're always looking for ways to improve bitcoin and crypto security, all while maintaining our customary user-friendliness. For scenarios where you need enhanced security and resilience, we've got just what you need: Multi-share Backup.

Table of Contents

Multi-share Backup allows users to split their wallet backup into multiple shares—a process that has been streamlined for those upgrading from a Single-share Backup. The number of shares can range from 1 to 16, and a set number (threshold) must be combined to recover the associated wallets and accounts.

By splitting your backup into multiple shares, you no longer have to worry about losing a single backup and losing access to your funds. As long as you have the threshold number of shares, you can safely recover your wallet.

Multi-share Backup is supported on Trezor Safe Family and Trezor Model T. It is not supported on Trezor Model One.

Multi-share Backup in practice

The foundation of Multi-share Backup is SLIP39, also known as Shamir’s Secret-Sharing for Mnemonic Codes. This serves as a multi-party alternative to BIP39, the widely used backup method in hardware wallets.

Using Multi-share Backup on your Trezor offers enhanced security and flexibility in safeguarding your bitcoin and cryptocurrency assets. This advanced method splits your wallet backup into multiple shares, requiring a minimum number (threshold) of these to restore the wallet.

By distributing shares between different locations or trusted individuals, you significantly reduce the risk of total loss or theft.

Even if some shares are lost, your wallet remains secure as long as the threshold number of shares is intact. Moreover, if some shares fall into the wrong hands, your wallet remains secure as long as fewer than the threshold number of shares are compromised.

This redundancy and added layer of protection make Multi-share Backup an excellent choice for those seeking robust security for their digital assets.

Multishare1.png

Example: In a 3-of-5 Multi-share Backup scheme, there are 5 total shares**, and the threshold is 3. This means any three of these shares can be used to recover your wallet. If one or two shares are lost or compromised, your wallet remains safe. Unlike BIP39, which relies on a single backup, Multi-share Backup removes the single point of failure.

Upgrading from a Single-share to Multi-share Backup

Since June 2024, Trezor users have had the opportunity to create wallets which can start as a Single-share Backup and upgrade to a Multi-share Backup.

For more information about upgrading from a Single-share to a Multi-share Backup, you can read our full article here.

Did you upgrade your Single-share Backup to a Multi-share Backup? Then your Single-share Backup is still valid!

This is important to understand because even if you distribute your new Multi-share Backup geographically, if your Single-share Backup gets compromised, your funds will also be at risk regardless of the Multi-share Backup. If you choose to destroy your Single-share Backup, always make sure that your new Multi-share Backup is valid by checking your backup.

Recovery shares

Each Recovery Share is a 20-word list where:

  • The first two words are random, but the same for all shares in one backup
  • The third and fourth words contain information about share groups and the group threshold
  • The following 13 words (i.e., word 5 to 17) represent the actual seed
  • The final three words (i.e., word 18 to 20) form the SLIP39 checksum

Having the SLIP39 standard as the default backup type for your Trezor offers several advantages over BIP39, including:

  • Distinct words and pronunciation: SLIP39 uses words taken from a list of 1024 words that fit specific criteria set out to improve the backup process. The words are easy to distinguish from one another in terms of spelling and pronunciation making backup and recovery easier (unlike BIP39, where similar words like "all," "wall," "fall," "call," and "ball" exist).
  • Unique 4-letter prefix: Each word is at least 4 letters long, and the first 4 letters are unique, making it much easier for users to write them down and recover them correctly. This is in contrast to BIP39, where similar words like "car" and "care," or “dog” and “clog,” can cause confusion.
  • Stronger checksum: In SLIP39, the last three words act as a checksum (1-in-a-billion chance of making a mistake), whereas for BIP39 only (part of) the final word serves as a checksum (1-in-16 chance of making a mistake). This stronger checksum offers better protection against errors, making the backup process more robust.
  • Faster typing: SLIP39 words are selected to be faster to type on a T9 keyboard (such as those used on Trezor touchscreen devices). The words require fewer keystrokes and have simpler patterns, allowing them to be entered more quickly than BIP39 backups.
  • Backup redundancy: The different shares can be distributed across multiple locations or between trusted individuals. This minimizes the risk of total backup loss. This is preferable to distributing the same BIP39 backup across multiple locations, as each copy of the BIP39 backup remains a single point of failure.
  • Adaptable security: With the ability to customize threshold and share allocation, users can adapt their setup to their unique security needs and preferences.

Why choose Multi-share Backup?

If you’re looking to safeguard your Bitcoin from potential loss or theft, Multi-share Backup offers an enhanced backup solution that can adapt and evolve to your personal security needs. If you’ve already got a Trezor up and running, and you’re interested in upgrading to a Multi-share scheme for long-term security, check out our Upgrading to Multi-share Backup article.

;