"Complexity is the enemy of security."
With the Bitcoin Recovery Seed Phrase, anyone can gain access to the private keys and thus also to the Bitcoin, regardless of any hardware. Many Bitcoiners and also many Seedor users therefore take additional measures to prevent a loss of the Bitcoin even in case of a loss or theft of the Recovery Seed Phrase.
This much in advance: The more complex you design your security architecture, the greater the probability that something will go wrong when restoring the wallet and you will unintentionally lose access to your Bitcoin. Here, it is also important to take into account such scenarios in which a less technically savvy heir attempts the recovery. We will take a closer look at the "security measures" known to us below.
1. Seed Splitting ❌
After numerous conversations at Bitcoin events in Plochingen, Innsbruck & Amsterdam, we find that this method is very common. Many Bitcoiners split the seed into two or more parts hoping to increase the security level this way. However, the truth is that this approach rather increases the risks. If you lose a part of the seed, you automatically lose access to your Bitcoin. In this case, it might be possible to restore the seed by brute forcing. However, this also illustrates the dilemma: If brute forcing were possible, a thief who gained access to one part of the seed phrase accordingly would also have the same possibility. Andreas Antonopoulos also covered this topic vividly in this video. We agree with his recommendation and can only advise against seed splitting.
2. Back-up of bitcoin back-up ✅
Assuming the Bitcoin recovery seed back-up is in a secure location, making a copy of the back-up is the easiest way to increase the security level without increasing the risk of unintentional access loss by adding encryption. If a back-up fails or you lose access, you still have the identical copy at hand. It is advisable to store the copy in a hiding place that is as independent as possible from the location of the original. Depending on the desired security level, this hiding place could be in another house, town, country or even on another continent.
To incentivize additional Bitcoin back-ups for a higher security level, we offer an attractive discount on Seedor Safe Bundles (set of 2, 3 or 5). The bigger the bundle, the bigger the discount.
3. Use of a passphrase ✅
With software and hardware wallets (such as Bitbox02), there is the option to encrypt the seed phrase with an optional passphrase. However, using a passphrase results in a completely new wallet being created and the 12 or 24 words of the seed phrase without a passphrase possibly being assigned to another wallet.
Therefore, it is important to make sure that there is no typing error when entering the passphrase (ATTENTION: this is case sensitive) and that the passphrase is secured as well as the seed phrase itself. Here we also recommend a physical back-up in multiple copies, which should be stored in a different location than the recovery seed phrase.
If a thief only finds the Recovery Seed Back-Up with the 12 or 24 words, the recovery attempt will open an empty wallet, since the actual wallet is still secured behind the secret passphrase.
4. Shamir's Secret Sharing (SSS) ✅⚠
Shamir Secret Sharing, or SSS for short, is a cryptographic algorithm published in 1979 by cryptographer Adi Shamir (He is the S in RSA, by the way). The SSS algorithm allows private information such as Bitcoin recovery seed phrases to be distributed among several instances (so-called shares), of which only a predefined minimum number (threshold) is then required to recover the original information.
For example, with a Shamir 3-of-5, a Bitcoin recovery seed phrase with 24 words can be converted into 5 instances (which then each consist of 27 words). Only 3 arbitrary instances are then needed to recover the original seed phrase. The main difference between this and seed splitting is that no information about the secret can be derived until the minimum number of shares is reached.
Specifically, Shamir Secret Sharing allows for secure encryption of the Bitcoin recovery seed phrase. The individual word sequences can be stored in different locations or with trusted people, and only when a fixed number of instances are put together can the seed phrase be recovered. The SSS algorithm allows you to distribute your seed in up to 16 instances, e.g. Shamir 5 of 16. It is also possible to back up the same seed with more resilient SSS instances, e.g. if the value of your bitcoin increases, you can switch from a 1 of 2 Shamir backup to a 3 of 5 without the need for an on-chain transaction.
The challenge with using Shamir is converting the recovery seed phrase. Currently, Trezor and Keystone hardware wallet vendors offer a built-in Shamir Secret Sharing feature where the SLIP39 words are generated directly on the hardware wallet. For all other use cases, there is a tool by Ian Coleman to generate the Shamir shares.
But ATTENTION: Please never enter your seed phrase online in the browser. If you use this tool, you can download it and run it on an air gapped offline system (e.g. via Tails or Kali Linux). Moreover, Ian Coleman himself warns against using his tool. The background is that you have to rely on the tool to recover your seed phrase. So if you want to use it, be sure to make backup copies.
5. Multi-signature wallet ✅
A vulnerability of the SSS algorithm is that both instance creation and recovery are done on a single device. If this device is compromised, the entire mnemonic is exposed.
In this one aspect, multi-signature based backups are better. Almost all software and hardware wallets allow the creation of multi-sig wallets. Here, similar to SSS, you define a set of instances and a threshold needed to sign transactions or restore the wallet.
The advantage here is that signing can be done separately in time and space on different devices and no single device has access to all parts at any time.
However, with this approach, the user needs the same number of signers even to send a simple transaction as to recover it.
A MultiSig-based backup has the same redundancy properties as SSS, but these rules are enforced with an on-chain script. This means that when a user switches to a different backup scheme (such as from Multi-Sig 2 of 3 to 3 of 5), they must send the bitcoin to the new wallet, which mixes the UTXOs, which has privacy implications.
Conclusion
"Double is better" and "less is more". In our opinion, trying to increase the level of security usually leads to an actual increase in the risk of loss. If you already keep your Bitcoin offline in your own cold storage, have your recovery seed backed up in stainless steel, and have the back-up stashed in a safe place, you already achieve a very high level of security.
The easiest way to increase the level of security even more is to create a second back-up, which is stored in a different location. Using a passphrase or creating a multi-signature wallet is also recommended.
We would advise against seed splitting, and we would also only recommend using Shamir Secret Sharing for experienced users. Ultimately, everyone has to find their own way that they feel most comfortable with.
