Each part would have 16 of the 24 words. With any two of them, you could rebuild the full seed. Then you'd store the 3 parts in 3 different locations.
Is there anything seriously wrong with this? It seems like a better idea - simple, easy to understand - than doing an actual 2 of 3 multi-sig.
Here's a few sources that discuss it. I'd love to hear some more opinions.
https://yewtu.be/watch?v=p5nSibpfHYE Andreas Antonopoulos is not a fan of this idea. But lots of comments say he's wrong.
https://medium.com/@HodlSafe/seed-splitting-standards-82624f2d4dc He posts a detailed critique of Andreas Antonopoulos' video above
Just store the full seed, in order, and keep a separately backed up passphrase somewhere else.
reply
Please please please looking into Shamir secret sharing. Rather than hacking this together partial shares, you can use specific tool for that.
reply
My understanding is that this is far less secure than an actual multisig. With just 2 or even 1 of the seed phrases "shards" the level of entropy in the seed significantly reduced.
I guess if you need the audibility and security of actual multisig then you will likely know, if not a 25th word will likely be enough.
reply
With 2 pieces, of course, the seed phrase is completely exposed. That's the point, it's like a 2 of 3 multi-sig.
The first piece has the 1st and 2nd chunk of words. The second piece has the first and third chunk of words. The third piece has the second and third chunk of words.
Like this:
Location A Location B Location C word 1 word 1 word 2 word 2 word 3 word 3
But if attackers find only 1 of the parts, you still have 80 bits of entropy. Here's a quote from one of the referenced articles:
My understanding is that 80 bits is not considered incredibly secure, but it is not trivial to break either. If I consider my storage locations reasonably secure and don't expect targetted theft ("we know he has a lot of bitcoins, we are going to break in to steal the words from one location, we have a cluster of machines on standby to brute-force the missing words") but am just trying to protect myself against opportunistic theft ("we broke in to steal the household electronics and any cash lying around, but we also found these bitcoin seed words!"), is it ridiculous to consider this acceptable?
reply
111 sats \ 1 reply \ @Gar 6 Nov 2023
A few things to think about:
  1. One should not have unilateral control over their main savings. There should be a social, spatial and temporal impediment to moving main funds.
  2. Create your own 12 or 24 word seed phrase using your own physical entropy. See "retirement" attack and past RNG exploits.
  3. Hardware wallets and word lists are conspicuous. Avoid traveling with them.
  4. 25th words are ok for security and good as accounts, but not as "Duress Passwords'. We need to stop promoting duress passwords. Attackers know of this strategy and they incentivize violent coercion.
reply
So you are saying only way is to remember the 12-24 words when traveling instead of hardware wallets?, mine looks like a usb key and is only the cash wallet not the long term savings one, would work as a decoy also, there is some pocket money there. If even police is trained to look for metal plates, what are the other options? BitBar? I donโ€™t trust my brain enough, anyway I zapped you, all good and valid points. ๐Ÿ™๐Ÿผ
reply
DO NOT DO THIS
reply
What are the risks?
reply
Your reducing the entropy needed to brute force your private key. Doing this is not a 2-of-3, it is a 1-of-3 plus some brute forcing.
You are not more clever than the cryptographers who made these tools. Seed words are designed to be used in whole, not to be split up. Doing so compromises the security
reply
Aren't we still talking 80 bits of entropy, if an attacker found any one of the three parts?
I'm no expert, which is why I'm asking.
All the solutions I've seen have issues and trade-offs. This seems almost as good as multi-sig, and more importantly, something you can actually do without a huge amount of study and complexity.
reply
You will lose your bitcoin if someone finds one of the sets of words
reply
An effective saving approach
reply
you are describing a Shamir backup
reply
Actually this is not Shamir's secret sharing.
"I create a wallet with a 24 word seed. I don't use Shamir's secret sharing algorithm, because I see this is widely advised against (see for example this article) and is a potential source of risk from cryptography I don't fully understand. Instead, I use a naive scheme I can perform entirely by hand where for each group of three words in the seed, I split them up like this:
Location A Location B Location C word 1 word 1 word 2 word 2 word 3 word 3
So each of the three locations has 2/3 of the words, i.e. 16 words. It's easy to confirm (by experiment, if necessary) that I can reconstruct the full seed from any two of the three locations.
reply