Single-share Backup on Trezor

To help take your personal security standards up a notch, we're introducing the new Single-share Backup solution. In its simplest form, Single-share Backup is a new 20-word wallet backup (recovery seed) in place of the 12-word backups implemented on early Trezor models (Trezor Model T and Trezor Safe 3).

At first glance, it might just look like we’ve changed the length of your default wallet backup. But if we dive a little deeper, we’ll see that Single-share Backup has many inherent advantages and ensures all Trezor users can easily upgrade to a Multi-share Backup scheme whenever they choose.

Some technical background

So far, the general backup standard for Trezor hardware wallets (and many others in the industry) has been based on Bitcoin Improvement Proposal BIP39. This BIP outlines a standard for generating a “mnemonic phrase,” which is the list of easy-to-remember words that you write down for your wallet backup when initializing your Trezor device. This word list serves as a seed for generating cryptographic keys, all of which are conveniently handled by your Trezor.

Learn more about Bitcoin Improvement Proposals (BIPs) and SatoshiLabs Improvement Proposals (SLIPs) in our What are BIPs and SLIPs? article. If you're really curious, you might also be interested in checking out the BIP39 project on GitHub.

This tried-and-tested backup method has served the majority of Trezor users well and remains a safe option for anyone already using it. However, in the pursuit of enhanced security and resilience, new Trezor devices will offer the 20-word Single-share Backup by default, which is based on SatoshiLabs Improvement Proposal SLIP39.

SLIP39 was devised in 2019 to improve the backup process by distributing custodianship among several parties. In practice, this means splitting the seed into multiple shares using Shamir’s Secret Sharing Scheme. A set number of these shares, known as the threshold, must be combined to recover the original seed.

For example, in a 3-of-5 scheme, any three shares can be used to recover a wallet. This is beneficial because even if one or two shares are compromised, the entire wallet backup is not exposed. This redundancy means you no longer have a single point of failure, as with the regular BIP39 backup standard.

Single-share backup in practice

Our new Single-share Backup scheme requires only one share, and can be thought of as a 1-of-1 Multi-share Backup (equivalent to a 1-of-1 Shamir backup).

Advantages of this new backup standard include:

The words comprising your 20-word wallet backup are from a list of 1024 words that meet specific criteria to improve the backup process.

• Each word has a unique 4-letter prefix to avoid confusion.
• The similarity between the pronunciation of any two words has been minimized.
• These carefully selected words are easily distinguishable, enhancing the user-friendliness of the backup and recovery process.

The words comprising your wallet backup are optimized for entry on a T9 keyboard (the same as on Trezor and other touchscreen devices).

The final three words of your 20-word wallet backup (and each share if you upgrade to Multi-share Backup) form a stronger checksum, ensuring the integrity and validity of each wallet backup.

• If you make a mistake when writing down your wallet backup, the checksum won’t let you continue until you correct the mistake.

You can seamlessly upgrade from a Single-share Backup to a Multi-share Backup in Trezor Suite while continuing to use the same accounts and addresses.

Not only does our enhanced 20-word Single-share Backup standard ensure a more robust and user-friendly process for backing up and recovering your wallet, but it also allows for an easy upgrade to an Advanced Multi-share Backup, offering superior security with no single point of failure.