Single-share Backup on Trezor

Single-share Backup is the default backup option you will see when setting up a Trezor Safe Family device. It's also possible to setup a single-share backup with a Trezor Model T.

It is a 20-word wallet backup (formerly called a recovery seed) which replaces the older 12-word backups used on early Trezor models.

Single-share Backup offers stronger security and the flexibility to upgrade in the future. That’s why it became the default wallet backup for all Trezor Safe Family devices and the Trezor Model T starting in June 2024.

At first glance, it might just look like we’ve changed the length of your default wallet backup, but if we dive a little deeper, we’ll see that Single-share Backup has many inherent advantages and ensures all Trezor users can easily upgrade to a Multi-share Backup scheme whenever they choose.

Background

Until now, most Trezor devices, and many other wallets, have used BIP39, a standard that turns a private key into a list of words.

This word list is your wallet backup, and it allows your wallet to recreate the cryptographic keys that protect your funds.

This tried-and-tested backup method has served the majority of Trezor users well and remains a safe option for anyone already using it. However, in the pursuit of enhanced security and resilience, new Trezor Safe Family devices offer the 20-word Single-share Backup by default, which is based on SatoshiLabs Improvement Proposal SLIP39.

Background on SLIP39

SLIP39 was devised in 2019 to improve the backup process by distributing custodianship among several parties. In practice, this means splitting the seed into multiple shares using Shamir’s Secret Sharing Scheme. A set number of these shares, known as the threshold, must be combined to recover the original seed.

For example, in a 3-of-5 scheme, any three shares can be used to recover a wallet. This is beneficial because even if one or two shares are compromised, the entire wallet backup is not exposed. This redundancy means you no longer have a single point of failure, as with the regular BIP39 backup standard.

Single-share backup in practice

Our new Single-share Backup scheme requires only one share, and can be thought of as a 1-of-1 Multi-share Backup (equivalent to a 1-of-1 Shamir backup).

Advantages of this new backup standard include:

Specific word list

The words comprising your 20-word wallet backup are from a list of 1024 words that meet specific criteria to improve the backup process.

• Each word has a unique 4-letter prefix to avoid confusion.
• The similarity between the pronunciation of any two words has been minimized.
• These carefully selected words are easily distinguishable, enhancing the user-friendliness of the backup and recovery process.

Easier to recover

The words comprising your wallet backup are optimized for entry on a T9 keyboard (the same as on Trezor and other touchscreen devices).

Stronger checksum

The final three words of your 20-word wallet backup (and each share if you upgrade to Multi-share Backup) form a stronger checksum, ensuring the integrity and validity of each wallet backup.

• If you make a mistake when writing down your wallet backup, the checksum won’t let you continue until you correct the mistake.

Easy to upgrade

You can seamlessly upgrade from a Single-share Backup to a Multi-share Backup in Trezor Suite while continuing to use the same accounts and addresses.

Not only does our enhanced 20-word Single-share Backup standard ensure a more robust and user-friendly process for backing up and recovering your wallet, but it also allows for an easy upgrade to an Advanced Multi-share Backup, offering superior security with no single point of failure.