SatoshiLabs has introduced a new feature to boost security on its hardware wallet Trezor Model T.
Hardware wallets are electronic devices used for storing cryptocurrency user’s private keys securely. They have to be connected to a computer or mobile phone to carry out any transactions in cryptocurrency. Being isolated devices, Hardware wallets cannot be accessed through the internet or hacked and are very secure devices for cryptocurrency users
Users access their private keys using a single seed recovery system. Almost all hardware wallet makers were using this system for the recovery of private keys. As Hardware wallets are isolated devices, chances of anybody other than the user accessing the single seed are remote which explains why there has been no innovation in further increasing the security of recovery seeds in hardware wallets. But as the usage of cryptocurrency increases across the world, the need for additional security features for devices used for cryptocurrency transactions also increases.
Users also create a recovery or backup seed which is a list of words which generate the private keys, to secure against hardware wallet breaking or getting lost. This backup list has to store outside of the hardware wallet. But, storing its outside increases the risk of somebody accessing it and thereby accessing the user’s private keys. The risk increases if the backup recovery seed is a single list of words.
SatoshiLabs, a Prague based manufacturer of hardware wallets has introduced a new fully functional SLIP-0039 feature called Shamir Backups in its hardware wallet Trezor Model T. The firm has named this feature after Adi Shamir who created the cryptographic algorithm on which this featured based. Shamir Backups allows users to split backup recovery seed into several word lists or shares, each a sequence of 20 words. Access to hardware wallets private keys is conditional on correctly listing some shares out of the total number of shares created by the user. Currently, Trezor Model T allows 16 shares of backup seed.
The user fixes the total number of shares and the number of shares which need to be correct. The users can share each of these shares with persons whom he trusts so that no one except him knows enough shares to access his private keys.
Thus, if a user decides 7 out of 8 shares need to be correct than without listing correctly seven shares of the backup seed, private keys of that user cannot be accessed. Even if someone accesses 6 shares, he cannot access the private keys. That is certainly more secure than a conventional recovery seed where a single sequence of words is used to access private keys of a cryptocurrency users hardware wallet.