Master secret backup

Shamir's Secret Sharing System & SAFU Ninja over BTC and XMR

Created: | 1196 words | 6 minutes

TABLE OF CONTENTS

Introduction

So I’ve decided to future-proof my master key with a highly resilient multi-share backup that is expected to last a lifetime.

The goal is to have a deterministic BTC and XMR wallets that are scattered around the world so that I don’t have easy access to them. That way I mitigate a point of failure when an attacker with a gun pointing at me can get the location of my secret key1 and potentially steal my assets or deanonymise my balances.

The idea is to:

  1. generate an entropy2
  2. use it for initial cryptocurrency wallets generation
  3. then split it into multiple shares with SSSS formula3 and stamp them into a set of “316 stainless-steel” washers4 (SAFU Ninja method)
  4. distribute the shares to trusted parties - to lose full ownership over my master key (it is formally not longer “mine” from now on).

Preparation

overview
overview

List of tools

  • Stamping kit & Hammer
  • Washers, Wrench, Nuts & Bolts - to assemble the storage itself
  • 3D-printed “blockmit” support piece5
  • Coin - as an ultimate entropy source
  • PC, tablet or smartphone with 100% trusted software

Software prep

The way I did it was by loading the .html wallet generator files on a freshly-installed Archlinux OS, double-checking their integrity via gpg tool, cutting off all the networking modules and fully charging the battery (ensuring a stable power supply during the whole process).

A hard thing was to come up with the optimal number of shares and a threshold that would be processed by the SSSS tool. I obviously can’t disclose my personal shares and threshold values due to privacy reasons, though I find 3/6 or 4/8 a good equilibrium.

Key generation process

Step 1: Generating an entropy6 while keeping an eye on its exposure: no one should view, hear or sniff it.

Step 2: using the entropy to get seed phrases7 and generate crypto wallets.

Step 3: entering the entropy into SSSS tool, getting secret “shares”.

Step 3: Stamping the shares into the washers while numerating every washer of each stack to avoid mixing them by accident.

Step 4: Getting rid of all copies of the key except for the newly created SSSS shares.

Result

Now that I have a certain number of shares that can be combined into the master key once the threshold is met, I can distribute them all over the world making sure that I’m still able to access and connect them at a reasonable time.

result
result

If you are handing over your shares - consider sharing it with ones you trust, so they keep a dedicated piece safe and sound. Be careful with the threshold - it shouldn’t be too little or too many. Another thing to consider is an ability to recover the key if you disappear - think of distributing a sufficient number of shares among your closest circle, so they can cooperate and get the funds if something happens to you. But also consider the risk of opportunistic behavior - share the key with someone you 100% trust and/or want to see as your heir8.

please contact me if you find any broken links or mistakes you consider significant

Footnotes

  1. However, attacker could point a gun at every shareholder I have, though it’s much more complicated thing to implement. Besides, no one is 100% insured against that risk even with today’s level of civil security & surveillance. After all, there is no “perfect security” - there is a spectrum. This method is the most paranoid implementation that I could possibly think of. If you feel confident using online mnemonic generators and do not mind holding decent amounts of money on a so-called hot wallet - be my guest. My philosophy while generating my key was to reduce the number of its potential witnesses as much as I possibly could. Now and only now I am sure that my key haven’t been touched by anyone but my brain (that is kind of dumb and forgetful). ↩︎

  2. Entropy - a large random number that defines a unique crypto wallet. The whole point of generating randomness is to ensure unlikelihood of anyone getting the same number by accident and impossibility of brute-forcing it. If anyone touches the entropy - they can restore corresponding wallet and access all of the funds inside, so the safer generation and distribution process is - the more secure the funds are. ↩︎

  3. SSSS (Shamir’s Secret Sharing System) - a very based method of splitting a secret into any number of shares such that when a predefined threshold is met, these shares can be combined back into the secret. Amazingly, if any number of shares below the threshold is compromised - attacker still doesn’t know shit about the key itself. In other words, until you own no less than a threshold amount of shares, it’s not even a bit easier for you to guess an entropy in any way (in comparison with the most-popular xx0 0xx x0x word split when one share reveals 2/3 of the secret and makes it 2^(256*2/3) times easier for the attacker to brute-force the entropy) ↩︎

  4. I used AISI-316 stainless that is the next most common grade after AISI-304. The former is a bit more expensive but resistant to corrosion which is important to my use case. ↩︎

  5. The piece had been slightly modified from the original version to cover all 360° of the washer. That way a total of 14 characters can be put on a single side instead of original 10. Here is a source archieve in case you want to reproduce my version. ↩︎

  6. I would recommend doing it by non-digital means e.g. flipping a coin, rolling a die or shuffling a card deck. This way you are avoiding a risk of getting “pseudorandom number” which is obviously worse than pure randomness. ↩︎

  7. Seed phrase - a sequence of words that encodes the secret in a simpler, more human-readable format aka mnemonic. Each word represents 11 bits of entropy. Mnemonic is usually 12 or 24 words long which is 128 and 256 bits of entropy correspondingly. Leaking a seed phrase is equivalent to leaking the entropy. The concept was introduced in BIP-39↩︎

  8. Example: Chad creates 5 shares and makes the threshold equal to 3 meaning that any 3 of 5 shares are sufficient to recreate the master key. He decides to keep 2 of the shares with him and distributes another 3 among his friends and family. Now if anything happens to Chad, his relatives can combine their parts to get access to his funds. If more than 2 parts are lost - the key cannot be recovered and the funds are locked forever. You may argue that the system has a crucial vulnerability of Chad’s friends & relatives cooperating and spending the money without his consent. However, the pros of using this type of sharing may overvalue the cons of it. In the method above none of the 3rd parties like governments or local courts are being relied on, so the system is totally self-sufficient. The funds belong to the key owner regardless of what the local authorities may think. They cannot be frozen/stolen/expropriated/compromised as long as the secret is safe. And now it is pretty damn safe. ↩︎