Author

Topic: Splitting seed. 2 of 4 requierd to construct back (Read 552 times)

newbie
Activity: 8
Merit: 0
The only thing i enter my private key into is a ledger/trezor. When I sign something, the private key never leaves those devices.

What Trezor device do you have? Trezor T natively supports Shamir Backup. It generates up to 16 shares with 20 or 33 words each. You can also set the number of shares needed to recover your wallet (the minimum is 2).

Currently I only have a ledgers, but I have been thinking of buying trezor too. Thanks, i will check it out.
legendary
Activity: 1876
Merit: 3132
The only thing i enter my private key into is a ledger/trezor. When I sign something, the private key never leaves those devices.

What Trezor device do you have? Trezor T natively supports Shamir Backup. It generates up to 16 shares with 20 or 33 words each. You can also set the number of shares needed to recover your wallet (the minimum is 2).
newbie
Activity: 8
Merit: 0
I want to do it on pen and paper, so that I never have to type my hole private key into a computer. I do not have any good hardware that i do know for sure that no one has hacked or spyed on in some kind of way.

Unless you are going to try to sign transactions using a pen and paper, at some point you will need to enter your private key into a computer.
Same applies to the generation of the private-/public keypair.

You won't be able to do everything without a computer. Do you already have a solution for the generation and transaction signing ?

The only thing i enter my private key into is a ledger/trezor. When I sign something, the private key never leaves those devices.
legendary
Activity: 1624
Merit: 2481
I want to do it on pen and paper, so that I never have to type my hole private key into a computer. I do not have any good hardware that i do know for sure that no one has hacked or spyed on in some kind of way.

Unless you are going to try to sign transactions using a pen and paper, at some point you will need to enter your private key into a computer.
Same applies to the generation of the private-/public keypair.

You won't be able to do everything without a computer. Do you already have a solution for the generation and transaction signing ?
newbie
Activity: 8
Merit: 0
Do you have a link to scheme that is made and approved by cryptographer, that i am able to do with pen and paper and would require 2 of 4 parts? I would be more than happy to use that, but I have not been able to find it.

Secret sharing schemes usually involve mathematics (and not just simple calculations).
You can do every scheme with pen and paper, altough it is not that easy.

Sharing schemes based on the chinese remainder theorem aren't that hard to calculate with pen and paper (and a calculator maybe).
Take a look at Mignotte's and Asmuth-Bloom's sharing schemes. There is even an example on wikipedia on how to split and retrieve the secret.

You can definitely do them without a computer. However using a small (even self-written) script which implements that scheme should be fine too from a security-related point of view. But then, i don't know what your thread model is and why you want to do it with pen/paper only.

Thanks, i will look it up. I want to do it on pen and paper, so that I never have to type my hole private key into a computer. I do not have any good hardware that i do know for sure that no one has hacked or spyed on in some kind of way.

The model is simply lots of one timpads combined in a way that i only need two parts to construct the original. I have found serval posts on rediit, bitcointalk etc that describe this method with 2 of 3, I have simply added more onetime pads and combined them to fit with 2 of 4
legendary
Activity: 1624
Merit: 2481
Do you have a link to scheme that is made and approved by cryptographer, that i am able to do with pen and paper and would require 2 of 4 parts? I would be more than happy to use that, but I have not been able to find it.

Secret sharing schemes usually involve mathematics (and not just simple calculations).
You can do every scheme with pen and paper, altough it is not that easy.

Sharing schemes based on the chinese remainder theorem aren't that hard to calculate with pen and paper (and a calculator maybe).
Take a look at Mignotte's and Asmuth-Bloom's sharing schemes. There is even an example on wikipedia on how to split and retrieve the secret.

You can definitely do them without a computer. However using a small (even self-written) script which implements that scheme should be fine too from a security-related point of view. But then, i don't know what your thread model is and why you want to do it with pen/paper only.
newbie
Activity: 8
Merit: 0
Just stop creating your own techniques.
Use a very well known, common and functional secret sharing scheme, such as Shamir's (SSS).

Doing your own crypto always fails. Whether encryption or something else doesn't matter.
Professionals in the field of crypto already created several good secret sharing schemes.

You don't have to use Shamir'r secret sharing scheme which is based on polynomial interpolation.
There are other gemoetric schemes or schemes based on the chinese remainder theorem available.

Just use a scheme made and approved by cryptographer.

Don't do your own crypto!

Do you have a link to scheme that is made and approved by cryptographer, that i am able to do with pen and paper and would require 2 of 4 parts? I would be more than happy to use that, but I have not been able to find it.
legendary
Activity: 1624
Merit: 2481
Just stop creating your own techniques.
Use a very well known, common and functional secret sharing scheme, such as Shamir's (SSS).

Doing your own crypto always fails. Whether encryption or something else doesn't matter.
Professionals in the field of crypto already created several good secret sharing schemes.

You don't have to use Shamir'r secret sharing scheme which is based on polynomial interpolation.
There are other gemoetric schemes or schemes based on the chinese remainder theorem available.

Just use a scheme made and approved by cryptographer.

Don't do your own crypto!
newbie
Activity: 8
Merit: 0
secret sharing (splitting a secret) =/= encryption

if you are looking for security for your secrets (including mnemonic words) then try finding an actual encryption method (such as AES) to actually encrypt them instead of trying to re-invent the wheel. specifically speaking unless you are a cryptography expert you should not attempt at coming up with your own methods, because there is a good chance that you'll end up with a lot of flaws even if they aren't apparent in the beginning.

It appers to me that onetimepad is fairly commin way to encrypt. It will give no information about the seed, as long as it is truly random and the length of it is equal or larger than the orginal seed.
http://users.telenet.be/d.rijmenants/en/onetimepad.htm
newbie
Activity: 8
Merit: 0
Let me ask you a completely different question... what do you want to achieve by splitting the sheets? You are faced with the same problem as if you split the sheet into two parts: keeping them safe so that no third party can access them.
Splitting the sheets even more only bears the risk of making a mistake during the transformation or recovery. In my opinion, the added value of frequent splitting is - compared to the effort and the error-proneness - quite low.

If you are doing this for another reason (trying out different methods of how to split the sheets, ...) then this is of course a different issue, but I don't think so because of your question.


I want to be able to construct the orginal back from only two parts, so if i am able to lose one or even to parts, i can construct it back anyway. I also want the extra security that if someone only find one they cant use it. If the hiding spot i was thinking of was a lot worse than i thougt and some people find it, i dont want them to be able to get any information from that and get acess to my fund. I know I need to construct them back one time, but i can do that mannualy, so the only thing I need to trust with my hole private key is ledger. But I think that is safe enough for me
legendary
Activity: 2296
Merit: 2721
Enjoy 500% bonus + 70 FS
Let me ask you a completely different question... what do you want to achieve by splitting the sheets? You are faced with the same problem as if you split the sheet into two parts: keeping them safe so that no third party can access them.
Splitting the sheets even more only bears the risk of making a mistake during the transformation or recovery. In my opinion, the added value of frequent splitting is - compared to the effort and the error-proneness - quite low.

If you are doing this for another reason (trying out different methods of how to split the sheets, ...) then this is of course a different issue, but I don't think so because of your question.
legendary
Activity: 3472
Merit: 10611
secret sharing (splitting a secret) =/= encryption

if you are looking for security for your secrets (including mnemonic words) then try finding an actual encryption method (such as AES) to actually encrypt them instead of trying to re-invent the wheel. specifically speaking unless you are a cryptography expert you should not attempt at coming up with your own methods, because there is a good chance that you'll end up with a lot of flaws even if they aren't apparent in the beginning.
HCP
legendary
Activity: 2086
Merit: 4361
It appears that you've already read the other "seed splitting" thread, so you should already be aware of the pitfalls of the method you are proposing to use...

As has already been mentioned, it will no doubt "break" the BIP39 checksum of the "x2" mnemonics that you end up generating... but then, they're not meant to be used as mnemonics, they simply an encoding of a value that you need to be able to recreate your original seed mnemonic.

At the end of the day, as long as you're aware of the risks and drawbacks involved, and take steps to mitigate those, then you should be fine. The method you're proposing to use, should not compromise the security of the seed in any way... (assuming you follow nullius' advice of NEVER reusing the One Time Pad)

I'd just advise that you make sure you are well practised with the split and reassembly process before you do it on your "real" seed mnemonic. So, you don't have any issues down the line when you need to recover your seed mnemonic Wink
newbie
Activity: 8
Merit: 0
Hi, I want to split my private key/seed into 4 parts, and only need 2 to construct it back to original  I am thinking of using onetimepad for the encryption. My plan is to generate serval random 24 word seeds with bip 39.

A1, B1 ... is random  generatet, and A2,B2 is constructet so the equations are equal to S

I will add them word by word and use modulo 2048 if the number gets over 2048. I want to do this, so it is easy to do by hand, and so I dont need to trust on some software to do it correct. I will make serval equations and split them in different locations nr1, nr2 ... , as listet below


S=A1+A2
S=B1+B2
S=C1+C2
S=D1+D2
S=E1+E2
S=F1+F2

Nr1:A1B1C1
Nr2:A2D1E1
Nr3:B2D2F1
Nr4:C2E2F2

My questions is. Do you see some major problems with this kind of splitting? I will only add them together mannualy an enter them in to an ledger, so ofcourse I need to trust the ledger, but no other software or hardware.

Antoher question. I have read some places that is it hard to construct x1 and x2 so the checksums of those  seeds are correct, butdoes  that really matter. Will it be sigificant easier to bruteforce in a way, or make some other problems for me.

Thanks for your advises.

Jump to: