At Trezor, we're always looking for ways to improve bitcoin and crypto security, all while maintaining our customary user-friendliness. For scenarios where you need enhanced security and resilience, we've got just what you need: Multi-share Backup.
Multi-share Backup makes it much easier for users to split their Wallet Backup (recovery seed) into multiple shares–a process which has been made easier than ever when upgrading from a Single-share Backup. The number of shares can range from 1 to a maximum of 16. A set number (referred to as the threshold) of these shares must be combined in order to recover the associated wallets and accounts.
By splitting your backup into multiple shares, you no longer have to worry about losing a single Wallet Backup and access to your funds. As long as you have the threshold number of the shares to hand, you can safely recover your wallet.
Multi-share Backup can be used with Trezor Model T and Trezor Safe models.
Multi-share Backup in practice
The foundation of Multi-share Backup is SatoshiLabs Improvement Proposal SLIP39, which our experienced users may already know as Shamir’s Secret-Sharing for Mnemonic Codes. SLIP39 can be thought of as a multi-party alternative to Bitcoin Improvement Proposal BIP39, which so far has underpinned the hardware wallet industry.
Using Multi-share Backup on your Trezor offers enhanced security and flexibility for safeguarding your bitcoin and cryptocurrency assets. This advanced backup method splits your Wallet Backup (recovery seed) into multiple parts, called shares, and requires a minimum number of these, the threshold, to restore the wallet.
By distributing these shares between different locations and/or trusted individuals, you significantly reduce the risk of total loss or theft. Even if some shares are lost, your wallet remains secure as long as the threshold number of shares is intact. Moreover, if some shares fall into the wrong hands, your wallet is still secure as long as less than the threshold number of shares are compromised.
This redundancy and added layer of protection make Multi-share Backup an excellent choice for Trezor users seeking robust security measures for their digital assets.
For example, in a 3-of-5 Multi-share Backup scheme, the total number of shares is equal to 5, and the threshold is 3. This means any three of these shares can be used to recover your wallet. This is beneficial as even if one or two of your shares are somehow compromised, the entire Wallet Backup (recovery seed) is not exposed. This redundancy means you no longer have a single point of failure, as with the regular BIP39 backup standard (i.e., the 12-word recovery seeds used by default on most hardware wallets).
Upgrading from a Single-share to Multi-share Backup
Since June 2024, Trezor users have had the opportunity to create wallets which can start as a Single-share backup and upgrade to a Multi-share Backup.
For more information about upgrading from a Single-share to a Multi-share Backup, you can read our full article
here.
Important: Did you upgrade your Single-share Backup to a Multi-share Backup? Then your Single-share Backup is still valid!
This is important to understand because even if you distribute your new Multi-share Backup geographically, if your Single-share Backup gets compromised, your funds will also be at risk regardless of the Multi-share Backup. Consider what you want to do with your Single-share Backup if you started with one and upgraded to a Multi-share Backup.
If you choose to destroy your Single-share Backup, always make sure that your new Multi-share Backup is valid by checking your backup.
Check Backup on Trezor Safe 5
Check Backup on Trezor Safe 3
Check Backup on Trezor Model T
Recovery Shares
Each Recovery Share is a 20-word list where:
- The first two words are random, but the same for all shares in one backup
- The third and fourth words contain information about share groups and the group threshold
- The following 13 words (i.e., word 5 to 17) represent the actual seed
- The final three words (i.e., word 18 to 20) form the SLIP39 checksum
Having the SLIP39 standard as the default backup type for your Trezor offers several advantages over BIP39, including:
- Distinct words and pronunciation: SLIP39 uses words taken from a list of 1024 words that fit specific criteria set out to improve the backup process. The words are easy to distinguish from one another in terms of spelling and pronunciation making backup and recovery easier (unlike BIP39, where similar words like "all," "wall," "fall," "call," and "ball" exist).
- Unique 4-letter prefix: Each word is at least 4 letters long, and the first 4 letters are unique, making it much easier for users to write them down and recover them correctly. This is in contrast to BIP39, where similar words like "car" and "care", or “dog” and “clog”, can cause confusion.
- Stronger checksum: In SLIP39, the last three words act as a checksum (equates to a 1-in-a-billion chance of making a mistake), whereas for BIP39 only (part of) the final word serves as a checksum (equates to a 1-in-16 chance of making a mistake). This stronger checksum offers better protection against errors, rendering the entire backup process more robust.
- Faster typing: The SLIP39 words are selected to be faster to type on a T9 keyboard (the kind used on the Trezor and other touchscreen devices) due to their letter combinations. The words require fewer keystrokes and have simpler patterns, allowing them to be entered more quickly than the words comprising a BIP39 Wallet Backup.
- Backup redundancy: The different shares can be distributed across multiple locations or between trusted individuals. This minimizes the risk of total loss of the backup. This is preferable to distributing the same BIP39 backup across multiple locations, as each copy of the backup still constitutes a single point of failure.
- Adaptable Security: With the ability to customize threshold and share allocation, users can adapt their setup to their unique security needs and preferences, ensuring a personalized and adaptable security solution.
If you’re looking to safeguard your precious bitcoin from any future mishaps, Multi-share Backup offers an enhanced backup solution that can adapt and evolve to your personal security needs. If you’ve already got a Trezor up and running, and you’re interested in upgrading to a Multi-share scheme for the long-term security of your funds, we’ve got you covered with our upgrading to Multi-share Backup article.