[Feature request] SLIP-39 Shamir Backup support?

BitBoxSwiss / bitbox02-firmware

Firmware code of the BitBox02 hardware wallet

https://bitbox.swiss/bitbox02

Apache License 2.0

217 stars 81 forks source link

[Feature request] SLIP-39 Shamir Backup support? #113

Open jonathancross opened 4 years ago

jonathancross commented 4 years ago

Trezor now ships with support for SLIP-0039 : Shamir's Secret-Sharing for Mnemonic Codes. It would be great if the BitBox02 would also add support for this emerging standard to prevent vendor lock-in and give users an easy way to restore their wallet on either device.

benma commented 4 years ago

Sorry for the late reply.

It's a very interesting feature for sure! Currently we have our hands / roadmap full, so we are not looking into adding this in the near future.

It's definitely on our radar though.

Thanks!

nioncode commented 3 years ago

@benma would you mind re-opening this issue so that we can subscribe to it and be notified of the feature being implemented (hopefully) in the future?

SLIP-39 seems to be a nice way to backup the device as part of a 2-of-3 scheme to not expose full access to the funds when someone gets hold of only one of the seed backups (which is the case right now, since there is only a backup of the whole seed in plain sight).

benma commented 3 years ago

Ok, done ;)

To manage expectations: this feature is still not on our roadmap, and it is not likely it will be be on the roadmap in the short/mid term.

Other solutions that can protect your backups in the meantime, for expert users only:

Optional passphrase
Multisig

My1 commented 3 years ago

while I am not a particular fan of the SLIP39 implementation of shamir (mainly due to lack in compatibility to BIP39) I think shamir is a pretty helpful way of having secure but redundant backups, especially since Multisig needs multiple devices and stuff it's in my opinion more suited when multiple parties are supposed to have control over any given set of funds, like for example when you have a company like a financial board in a company with 5 people of which 3 are needed to authorize stuff.

like with Passphrase you basically have a 2-of-2 scheme which is surely nice for security but no redundancy except by storing your seed and passphrase multiple times.

ThomasSRL commented 2 years ago

I would love to see thus implemented, since it would allow a more redundant backup for my single hot wallet.

Cold wallet should be multisig anyway IMO.

benma commented 2 years ago

I think the effort is better spent in improving the multisig experience, as multisig not only provides a distributed backup, but also distributed signing.

benma commented 2 years ago

Copying here for the record

Multisig in altcoins is non existent or relies on smart contracts. Also, some institutions use a combination of multisig and Shamir shares for added redundancy. Shamir would be great to have in addition to multisig when developer resources allow.