Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSS #405

Closed
ncoelho opened this issue Mar 13, 2019 · 19 comments
Closed

SSS #405

ncoelho opened this issue Mar 13, 2019 · 19 comments
Labels
idea 🤔 roadmap

Comments

@ncoelho
Copy link
Member

ncoelho commented Mar 13, 2019

No description provided.

@snyk-bot snyk-bot mentioned this issue Mar 10, 2020
Merged
@Abstraktikus
Copy link
Contributor

BIP84 -Papiersicherung Bitcoin Konten 15.pdf

Inspiration: The template i use to secure blue wallets for my friends

@Abstraktikus
Copy link
Contributor

What about social securing through several wallets based on the model of Shamir's Secret? - Papers have lots of downsides.
Connect 5 friends --> secure. --> ask 3 for recovery --> reconstruct.

https://iancoleman.io/slip39/
https://iancoleman.io/shamir39/
https://iancoleman.io/shamir/

@Overtorment
Copy link
Member

@Abstraktikus wow thats awesome!

As for SSS, Im not a fan. Like, giving away parts of your secret is just bad opsec: "Look at me, I got something to hide, probably significant amounts of money!".

But should be pretty easy to implement, for export screen for example. Maybe we should add it to a roadmap.
Or how do you think it should work, @Abstraktikus ?

@Abstraktikus
Copy link
Contributor

Lol. Excellent response. I partially agree. Sorry. Long answer. Here’s the why:
Paper = an easy recovery for partners and survivors. Good for people with a safe (or brain). But to print a paper without WLAN, without word synchronization, without people putting their phrase into the clipboard or taking an additional photo for google drive... impossible. Hence, it always needs a companion app to check the offline status.
Shamir's Secret = The house can burn down, needs no password. People stop cutting the words and forget the sequence. Depending the distribution, no extortion is possible (unless you have children ;-) But most important: If someone manage to collect 2 of 3 parts, it will not help him to break the secret more easily. Here is why I partially agree. Thanks to Shamir’s secret you don’t give away a part of your secret. You only distribute trash. Therefore, I see not only a chance for SSS, but also to (encrypted) distribute an electronic backup to different devices or locations. Still bad opsec? Google Adi Shamir. He is the inventor of the RSA-Key. Google Shamir's Secret. If you are interested, I would try to come up with a flow. I hate to hear from gold bugs that bitcoin cannot be stored unconfiscatable ;-)
An export screen with x passphrases (https://iancoleman.io/slip39/) would be a great idea. But: Backup solutions from a single partner don't work for me (my biggest fear regarding your upcoming multi signature wallet. There must by a solution to reinstall the backup in bitcoin core or electrum.) Hence: A second SLIP39 implementation (in cooperation Iancoleman with your team) would be great as this would offer a unique selling point OS and platform agnostic web backup tool. On the other side, people procrastinate even to write down 24 words with no clue of the future price potential of bitcoin. To write down 5 x 24 words error free, you need to be a freak. Means this better needs a companion app, hence needs a barcode solution or OCR scanner, means, you must print it, means people start to use WLAN…. And this is exactly, why I love the potential that Shamir’s secret offers.
Please proof this security concept again, bevor you make a quick conclusion. It could offer a nice solution, not yet offered by any other wallet. Your Conclusion? In which manner should I keep thinking about a watch-only wallet import solution?
1.) SS Blue Wallet SSS-Solution
2.) SS Blue Wallet non SSS-Solution
3.) Companion app (all options).
4.) No thinking limits as long as easy and secure

@Abstraktikus
Copy link
Contributor

Geheimnis 1.txt
Geheimnis 2.txt
Geheimnis 3.txt
Geheimnis 4.txt
Geheimnis 5.txt

@Overtorment Overtorment changed the title Keep PrivKey/WIF on paper, scan only on TX signing, not keping on device (watch-only address) SSS Apr 1, 2020
@limpbrains
Copy link
Collaborator

I think Shamir secret share is awesome. We can start with simple case - create compatible solution with Trezor using https://github.com/ilap/slip39-js
Then, maybe, add ability to export any kind of wallet in this manner.

@Overtorment
Copy link
Member

Currently digging into SSS.
Reading through https://blog.keys.casa/shamirs-secret-sharing-security-shortcomings/

@ncoelho
Copy link
Member Author

ncoelho commented Jun 8, 2020 via email

@limpbrains
Copy link
Collaborator

I believe the drawback on sss compared to multisig is that sss is not verifiable

I'm not sure what you mean by verifiable, that by having one share you can't check the integrity of another? It is true

thus trust on the creator/software is necessary

Correct

But I'm not thinking of sss as a complete opposite thing to multisig. The usage is different.
Imagine you already have a wallet in BW with significant amount of money and you just need to backup it. You're already trusting BW. Now you can use 12 words, but it is much more secure to use 2 of 3 or 3 of 5 sss.

I agree that well-designed multisig workflow could be better than sss.

My initial plan to add sss to BW was to be able to reconstruct Entropy from sss trezor backup and create regular HD wallet. Unfortunately slip39 is not just about Entropy encoding. They also altered key derivation scheme. This means there is no way to convert bip39 wallet to slip39 :(

If we add ability to backup current BIP39 wallets using sss they will be not interoperable with Trezor sss and may lead to a lot of confusion.

I'm still thinking it will be a nice feature, I will try to do more research on it.

cc @prusnak

@prusnak
Copy link

prusnak commented Jun 9, 2020
edited
Loading

This means there is no way to convert bip39 wallet to slip39 :(

That is a feature by design - if you convert BIP39 to SLIP39 and your coins are stolen - how do you know whether the old backup (BIP39) or the new setup (SLIP39) was compromised?

@Overtorment
Copy link
Member

who else supports SLIP39 ? if we implement as-is, how much compatibility across the industry we will get?

@ncoelho
Copy link
Member Author

ncoelho commented Jun 9, 2020 via email

@limpbrains
Copy link
Collaborator

limpbrains commented Jun 10, 2020
edited
Loading

Electrum supports recovery apparently

This is only to control Trezor with Electrum. Electrum itself doesn't support creating/restoring SLIP39 backups
spesmilo/electrum#5419

who else supports SLIP39 ? if we implement as-is, how much compatibility across the industry we will get?

I can't find any besides Trezor

It would be nice to be able to import Trezor SLIP39 wallet, but I can't find any working tools to implement it.

Theoretically it is possible to convert BIP39 to 59 words length SLIP39, but again no working tools and I doubt it would be useful in practice.

A few links:

Looks like it is too early. Perhaps in future somebody will create standard to backup BIP39 to sss, but it is not here yet.

@prusnak
Copy link

prusnak commented Jun 10, 2020

Perhaps in future somebody will create standard to backup BIP39 to sss, but it is not here yet.

I would strongly advocate against that for reason I posted above.

@mariodian
Copy link

Electrum itself doesn't support creating/restoring SLIP39 backups

It does support restoring SLIP39 backups but you need to have Trezor T (the majority of the process happens on the device).

@prusnak
Copy link

prusnak commented Oct 21, 2020

It does support restoring SLIP39 backups but you need to have Trezor T (the majority of the process happens on the device).

This is going to change and there will be a pull request adding pure-software (with no device) SLIP39 recovery to Electrum soon.

@limpbrains
Copy link
Collaborator

Trezor team made a PR to Electrum with slip39 implementation

spesmilo/electrum#6917

Probably we can port it to JS and use in BW

@Overtorment
Copy link
Member

slip39 might have already been implemented under bitcoinjs, just look there.

slip39 recovery we can definitely do, no questions asked.

@prusnak
Copy link

prusnak commented May 3, 2021
edited
Loading

It seems that SLIP39 was implemented in 6.1.0 release, so we can close this?

https://github.com/BlueWallet/BlueWallet/releases/tag/v6.1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
idea 🤔 roadmap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@prusnak @limpbrains @ncoelho @Overtorment @mariodian @Abstraktikus