After the beta launch of Coinsafe, many people asked me how does Shamir secret sharing compare to a multi-sig based approach for securing one’s crypto assets. I aim to articulate the pros and cons of each approach in this post.
SSSS is a way where you can split some data into m of n parts called secrets where if you bring m or more parts, you can reconstruct the original data. If you have m-1 or lesser parts you get no information of the original data. 2/3 SSSS applied on ‘hello’ gives the following secrets:8013f2ee3bad0959eefdc5b0a8027d5c6a69093795c30ab6ac8034372e6d3b5a2672cb3edceClearly, knowing one part gives you no information about the original data i.e. ‘hello’.For crypto asset security, SSSS is applied on a user’s 12/24 word wallet mnemonic phrase. Eg: For a 2 of 3 SSSS, someone having access to one part, wouldn’t be able to deduce anything about your wallet phrase. This is how a sample wallet mnemonic phrase looks like:
witch collapse practice feed shame open despair creek road again ice least
Think of SSSS as a backup mechanism, you generate secrets of your wallet mnemonic phrase and distribute them among a set of trusted devices & friends. In case you lose your phone, your phone gets damaged etc., you gain access to a new phone and recover your mnemonic using the backed up secrets and hence gain access to your funds. Your crypto assets always stay on your main device and relevant transactions can be made from the device itself.
SSSS utilizes polynomial mathematics and there is no limitation on m & n in a m of n scheme. In the extreme case, one can use schemes like 26/51 with the 51 parts stored in places like bunkers, bank lockers, although I envision people not going over 6/11 scheme especially if they are using phones/hardware devices for storing the secrets. For a multi-sig based setup, there are limitation on m & n. Eg : For a P2SH multisig with uncompressed public keys, n can be upto 7, refer this.
SSSS can be applied on any data to create relevant secrets. If applied on a BIP39 mnemonic, the secrets can be used to generate back the mnemonic phrase which can then be used to regenerate the private keys of all the coins.This mnemonic serves as the “root” of the tree and it can be algorithmically converted into the all the relevant private keys. This is why all wallet providers only require you to right down your mnemonic phrase and not private keys of the individual coins. This means SSSS can be used for backing up all crypto assets like BTC, ETH, XMR, DOGE etc. as well as all your other altcoins.
One security issue with SSSS is that your crypto assets stay on one device itself, the other devices holding the relevant secrets just serve as a backup of the funds and are not required for doing any transaction. Although, if you are using a non-custodial mobile wallet like Coinsafe for storing your crypto assets & say your device gets stolen, the thief would require some time to brute force your phone PIN as well as your wallet PIN to gain access to your funds. During this time, you can move your funds to a new wallet.
Multisignature (multisig) refers to requiring more than one key to authorize a Bitcoin transaction. It is generally used to divide up responsibility for possession of bitcoins.
Standard transactions on the Bitcoin network could be called “single-signature transactions,” because transfers require only one signature — from the owner of the private key associated with the Bitcoin address. However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as M-of-N transactions. The idea is that Bitcoins become “encumbered” by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. These parties can be people, institutions or programmed scripts.Source : Bitcoin Wiki
Multi-sig is a transaction type requiring signatures from multiple private keys (stored on different devices) before funds can be transferred. Your funds don’t stay on one device, if one device gets lost or stolen your funds are still intact. Eg: For a 2 of 3 multisig setup, if one of your device gets lost or stolen, you can still use the other two to create transactions.This is not valid when n=m, your funds would be lost in that case, Eg: if one of your devices gets lost in a 2 of 2 setup, your funds are lost forever.
Multi-sig is a transaction type that is supported by the blockchain protocol itself, so there is no risk of a buggy implementation developed by a third party that can put your funds at risk.
Since many companies provide multi-sig wallets, you have an option to switch your wallet provider for a better one anytime.
For doing a multi-sig transaction you require signature from multiple devices. Security of a multi-sig based approach is achieved when all the devices holding the private keys are kept at different geographic locations as a thief would need to steal devices from multiple locations to steal your funds. Such a setup with devices kept at multiple geographies is highly secure but very inconvenient especially for doing multiple transactions in a day and for normal day to day usage.
Multi-sig transactions are not supported by all blockchains. Even Ethereum doesn’t support multi-sig transactions in the protocol, people use smart contract wallets that allow you to do a multi-sig transaction. Since they are not supported by the protocol itself, there are chances the smart contract implementation might contain bugs, this was observed with the Parity smart contract wallet hack that led to a loss of $300M worth of Ether at the time.In general, Bitcoin forks support multi-sig transactions but most of the other cryptocurrencies don’t support multi-sig transactions. Even Coinbase uses Shamir secret sharing instead of multi-sig for securing their crypto assets as SSSS allows one to secure multiple cryptocurrencies.