At the height of the 2017 bull run, I came across a sobering post. It went something like this: there was a young man who acquired about 20 bitcoin early on. As the price went from $1,000 to almost $20,000 over the course of 2017, he felt rich beyond his wildest dreams and decided to travel a bit. At one point he was in Mexico in a nice hotel and partied by a rooftop pool. Things got out of hand, then he fell down to the street below and died. The author of this particular post was a friend of the man’s family and wanted to find out if there was any way to access the bitcoin. However, the young man used a passphrase-protected Trezor and hadn’t written the passphrase down anywhere. The bitcoin was thus lost along with the man’s life.
Bitcoin is a bearer instrument, meaning that it’s not sufficient for your survivors to be aware of your stack – they have to be able to access the keys. On the other hand, you don’t necessarily want your family having access to your bitcoin while you’re still alive. So there needs to be some sort of backup plan allowing for access management. Shamir backup allows precisely for this use case.
But before we get to the details of how Shamir backup works, let’s have a brief recap of what seed backups are.
In the humble beginnings of Bitcoin, it was a challenge to do backups properly. Before the invention of deterministic wallets, all the individual private keys had to be backed up, which could be hundreds of keys. Unsurprisingly, many bitcoin were lost due to this clunky backup process. In 2012, Pieter Wuille came up with the clever invention of Hierarchical Deterministic Wallets (HD wallets, standardized by BIP32) that made backups much easier – users now had to secure only one master seed, from which the individual private keys were then generated. A year later, BIP39 standardized the mnemonic seed – a group of words in particular order that fulfill the role of HD wallet backup. With mnemonic seed, backups became…