Use the utilities provided by this Ledger application to check a backed up seed or generate Shamir's Secret Sharing (SSS) for a seed.
Not all Ledger devices are equal. The older, less capable devices do not have the capacity to provide a full range of seed utilities. The following table lists the seed utilities provided by each devices type:
| Nano S | Nano S+ | Nano X | Stax | |
|---|---|---|---|---|
| Check BIP39 | ||||
| Check Shamir's secret shares | ||||
| Generate Shamir's secret sharing | ||||
| Generate BIP39 | ||||
| Generate BIP85 |
The application invites the user to type a BIP-39 mnemonic on their Ledger device. The BIP-39 mnemonic is compared to the onboarded seed and the application notifies the user whether both seeds match or not.
If the user provided seed is valid and matches the onboarded seed, the user can create Shamir's secret sharing (SSS) from their BIP-39 phrase. The application uses Sharded Secret Key Reconstruction (SSKR), an interoperable implementation of Shamir's Secret Sharing (SSS). This provides a way for you to divide or 'shard' the master seed underlying a Bitcoin HD wallet into 'shares', which you can then distribute to friends, family, or fiduciaries. If you lose your seed, you can reconstruct it by collecting a sufficient number of your shares (the 'threshold'). Knowledge of fewer than the required number of parts ensures that information about the master secret is not leaked.
- SSKR is round-trip compatible with BIP-39.
- SSKR is based on SLIP-39, developed by SatoshiLabs. It is an improvement on, but is incompatible with, SLIP-39.
- SSKR phrases use a dictionary of exactly 256 English words with a uniform word size of 4 letters.
- SSKR encodes a [CBOR] structure tagged with the data type [URTYPES], and is therefore self-describing.
- Phrases generated by SSKR can be up to 46 words in length i.e. 184 characters.
- Only two letters of each word (the first and last) are required to uniquely identify each byte value, making a minimal ByteWords encoding as efficient as hexadecimal (2 characters per byte) and yet less error prone.
- Additionally, words can be uniquely identified by their first three letters or last three letters.
- Minimizing the number of letters for each word simplifies transfer to permanent media such as stamped metal.
For more information about SSKR, see SSKR for Users.
Note
SSKR is non-deterministic. There is a random factor introduced when the shares are created, which means that every time you generate shares they will be different. This is an expected and correct result.
Tip
Generated Shamir's Secret Shares may be cheaply and safely backed up to a steel wallet using the methods described here or here. This will keep your backup safe in event of fire, flood or natural disaster.
The Ledger application also provides an option to confirm the onboarded seed against SSKR shares.
When the Shamir's secret shares have been validated the user can generate the BIP39 recovery phrase derived from those shares. This option takes advantage of SSKR's ability to perform a BIP39 <-> SSKR round trip. If a user has lost or damaged their original Ledger device they may need to generate the BIP39 recovery phrase on another secure device. A BIP39 recovery phrase may still be generated even if the SSKR phrases do not match the onboarded seed of a device but are still valid SSKR shares.
Generate BIP85
Coming soon!!!!
---
title: Seed Tool Nano App Flow
---
flowchart LR
1 --- 2 --- 3 --- 4
subgraph 1[BIP39]
direction TB
1.1[Check BIP39]
1.1 --> 1.2.1[Enter 12 Words] --> 1.3{Validate BIP39 Phrases}
1.1 --> 1.2.2[Enter 18 Words] --> 1.3
1.1 --> 1.2.3[Enter 24 Words] --> 1.3
1.3 --> |Matching BIP39| 1.4
1.3 --> |Invalid BIP39| 1.3.1[Quit]
subgraph 1.4[Generate SSKR Shares]
direction TB
1.4.1[Select number of shares] --> 1.4.2[Select threshold] --> 1.4.3[Generate SSKR Shares] --> 1.4.4[Display SSKR Shares] --> 1.4.5[Quit]
end
end
subgraph 2[SSKR]
direction TB
2.1[Check SSKR] --> 2.2[Enter SSKR Shares] --> 2.3{Validate SSKR Shares}
2.3 --> |Valid SSKR| 2.4
2.3 --> |Invalid SSKR| 2.3.1[Quit]
subgraph 2.4[Generate BIP39 Phrases]
direction TB
2.4.1[Generate BIP39 Phrases] --> 2.4.2[Display BIP39 Phrases] --> 2.4.3[Quit]
end
end
subgraph 3[Version]
direction TB
3.1[Version]
end
subgraph 4[Quit]
direction TB
4.1[Quit]
end
BIP85 allows you to do crazy stuff like this:
---
title: One Seed to rule them all - Multi wallet
---
flowchart TB
1.1 --> |Backup| 1.2
1 --> |BIP85 Child 0| 2.1.1
1 --> |BIP85 Child 1| 2.1.2
1 --> |BIP85 Child 2| 2.2.1
1 --> |BIP85 Child 3| 2.2.2
1 --> |BIP85 Child 4| 2.3.1
1 --> |BIP85 Child 5| 2.3.2
1 --> |BIP85 Child 6| 2.4.1
1 --> |BIP85 Child 7| 2.4.2
subgraph 1[Parent]
direction TB
1.1[Root Seed]
subgraph 1.2[2-of-3 Shamir's Secret Shares]
direction BT
1.2.1[Share 1]
1.2.2[Share 2]
1.2.3[Share 3]
end
end
subgraph 2[Children]
direction TB
subgraph 2.1[Cold Wallet]
direction LR
2.1.1[BIP39 #1]
2.1.2[Password #1]
end
subgraph 2.2[Hardware Wallet]
direction LR
2.2.1[BIP39 #2]
2.2.2[Password #2]
end
subgraph 2.3[Lightning Wallet]
direction LR
2.3.1[BIP39 #3]
2.3.2[Password #3]
end
subgraph 2.4[Phone Wallet]
direction LR
2.4.1[BIP39 #4]
2.4.2[Password #4]
end
end
---
title: One Seed to rule them all - MultiSig
---
flowchart TB
1.1 --> |Backup| 1.2
1 --> |BIP85 Child 0| 2.1.1
1 --> |BIP85 Child 1| 2.1.2
1 --> |BIP85 Child 2| 2.2.1
1 --> |BIP85 Child 3| 2.2.2
1 --> |BIP85 Child 4| 2.3.1
1 --> |BIP85 Child 5| 2.3.2
2.1 --> 3.1
2.2 --> 3.2
2.3 --> 3.3
subgraph 1[Parent]
direction TB
1.1[Root Seed]
subgraph 1.2[2-of-3 Shamir's Secret Shares]
direction BT
1.2.1[Share 1]
1.2.2[Share 2]
1.2.3[Share 3]
end
end
subgraph 2[Children]
direction TB
subgraph 2.1[Wallet #1]
direction LR
2.1.1[BIP39 #1]
2.1.2[Password #1]
end
subgraph 2.2[Wallet #2]
direction LR
2.2.1[BIP39 #2]
2.2.2[Password #2]
end
subgraph 2.3[Wallet #3]
direction LR
2.3.1[BIP39 #3]
2.3.2[Password #3]
end
end
subgraph 3[2-of-3 MultiSig Wallet]
direction LR
3.1[Signer 1]
3.2[Signer 2]
3.3[Signer 3]
end