0 sats \ 1 reply \ @03352b4271 OP 7 Nov 2023 \ parent \ on: Self custody - split a 24 word seed phrase into 3 parts, as a mock multisig? bitcoin
Aren't we still talking 80 bits of entropy, if an attacker found any one of the three parts?
I'm no expert, which is why I'm asking.
All the solutions I've seen have issues and trade-offs. This seems almost as good as multi-sig, and more importantly, something you can actually do without a huge amount of study and complexity.
Actually this is not Shamir's secret sharing.
Here's another quote from one of the referenced posts (https://bitcoin.stackexchange.com/questions/107380/why-is-it-bad-to-split-up-a-wallet-seed-redundantly):
"I create a wallet with a 24 word seed. I don't use Shamir's secret sharing algorithm, because I see this is widely advised against (see for example this article) and is a potential source of risk from cryptography I don't fully understand. Instead, I use a naive scheme I can perform entirely by hand where for each group of three words in the seed, I split them up like this:
Location A Location B Location C word 1 word 1 word 2 word 2 word 3 word 3
So each of the three locations has 2/3 of the words, i.e. 16 words. It's easy to confirm (by experiment, if necessary) that I can reconstruct the full seed from any two of the three locations.
With 2 pieces, of course, the seed phrase is completely exposed. That's the point, it's like a 2 of 3 multi-sig.
The first piece has the 1st and 2nd chunk of words. The second piece has the first and third chunk of words. The third piece has the second and third chunk of words.
Like this:
Location A Location B Location C word 1 word 1 word 2 word 2 word 3 word 3
But if attackers find only 1 of the parts, you still have 80 bits of entropy. Here's a quote from one of the referenced articles:
My understanding is that 80 bits is not considered incredibly secure, but it is not trivial to break either. If I consider my storage locations reasonably secure and don't expect targetted theft ("we know he has a lot of bitcoins, we are going to break in to steal the words from one location, we have a cluster of machines on standby to brute-force the missing words") but am just trying to protect myself against opportunistic theft ("we broke in to steal the household electronics and any cash lying around, but we also found these bitcoin seed words!"), is it ridiculous to consider this acceptable?
GENESIS