Shamir backup, also known as SLIP39, is a cutting-edge security standard designed to safeguard your cryptocurrency wallet by mitigating two critical risks: theft and loss of your recovery data. Unlike traditional single-seed backup methods, Shamir backup introduces redundancy and distributed control, ensuring that your digital assets remain secure and accessible even in adverse scenarios.
First implemented in the Trezor Model T—the world’s first hardware wallet to support full SLIP39 functionality—Shamir backup has since become the default backup method for Trezor Safe Family devices as of June 2024. It remains fully compatible with the Trezor Model T for both creation and recovery processes.
This article uses established technical terminology such as Shamir backup, recovery seed, and seed phrase to maintain clarity for technically inclined readers.
How Shamir Backup Works
Your wallet backup is essentially the master key to all your crypto holdings. Lose it, and you risk permanent loss of access. Shamir backup solves this vulnerability by splitting your recovery data into multiple recovery shares, each holding a fragment of the cryptographic secret. You define a threshold—the minimum number of shares required to reconstruct your wallet.
👉 Discover how decentralized backup systems are revolutionizing crypto security.
Key Steps in Using Shamir Backup
- Generate: Choose how many shares to create (up to 16) and set the recovery threshold (e.g., 2-of-3).
- Distribute: Store shares across secure locations or trusted individuals.
- Recover: Reconstruct your wallet using any combination of shares that meets or exceeds the threshold.
This system is built on Shamir’s Secret Sharing (SSS), a cryptographic algorithm developed by Adi Shamir, which ensures that no useful information can be derived from fewer shares than the threshold.
Understanding Recovery Shares
Each recovery share resembles a BIP39 seed phrase but follows the SLIP39 standard. A share consists of either 20 or 33 English words, each representing part of an encrypted secret. Only when combined with enough other shares (meeting the threshold) can the original master seed be reconstructed.
Trezor Suite defaults to generating 20-word shares (equivalent to 128-bit security strength). However, advanced users can opt for 33-word shares via command-line tools like trezorctl or through integration with Electrum wallet.
You can generate between 1 and 16 unique shares, depending on your security and redundancy needs.
Example of a 2-of-3 Shamir Backup
Share 1: gesture necklace academic acid deadline width armed render filter bundle failure priest injury endorse volume terminal lunch drift diploma rainbow
Share 2: gesture necklace academic agency alpha ecology visitor raisin yelp says findings bulge rapids paper branch spelling cubic tactics formal disease
Share 3: gesture necklace academic always disaster move yoga airline lunar provide desire safari very modern educate decision loyalty silver prune physicsNotice the first three words—gesture necklace academic—are identical across all shares:
- The first two words act as identifiers, confirming these shares belong to the same backup set.
- The third word encodes the group index, useful in more complex "Super Shamir" configurations involving multiple groups.
⚠️ Critical Security Note: Never store recovery shares digitally. Avoid screenshots, cloud uploads, or any online transmission. Always keep them offline and physically protected.
The Role of Threshold in Shamir Backup
The threshold defines how many shares are needed to recover your wallet. For instance:
- In a 2-of-3 scheme, any two out of three shares can restore access.
- In a 5-of-7 setup, you need at least five shares—losing two is acceptable, but losing three makes recovery impossible.
When setting up your wallet, you choose both the total number of shares and the threshold. While you can set high thresholds (e.g., 5-of-5), you cannot use a 1-of-N configuration—meaning at least two shares must always be required for recovery.
This design prevents single-point failures while also eliminating the risk of a single compromised share leading to theft.
Shamir Backup vs. Single Seed Backup (BIP39)
| Feature | Single Seed (BIP39) | Shamir Backup (SLIP39) |
|---|---|---|
| Word Length | 12, 18, or 24 words | 20 or 33 words |
| Number of Shares | One (single point of failure) | Up to 16 |
| Word List | BIP-39 standard | SLIP39-specific list |
| Recovery Requirement | All words required (1/1) | User-defined threshold (e.g., 2/3) |
| Distribution Flexibility | None – one copy only | Can distribute across people/locations |
| Redundancy | No fault tolerance | Configurable (e.g., lose one in 2-of-3) |
| Risk Exposure | High – loss or theft = total compromise | Reduced – secure unless threshold breached |
👉 See why forward-thinking investors trust advanced crypto protection methods.
Frequently Asked Questions
How is Shamir backup different from a single recovery seed?
Shamir backup generates up to 16 recovery shares, each made of 20 or 33 words. In contrast, a BIP39 single seed uses 12, 18, or 24 words. Additionally, SLIP39 uses a distinct word list—some words appear only in Shamir shares, others only in BIP39 seeds—ensuring format separation and reducing confusion.
What happens if some recovery shares are lost or stolen?
Individual shares reveal no information about the full secret unless the attacker obtains at least the threshold number. For example, in a 7-of-10 setup, even if five shares are compromised, the attacker cannot reconstruct the wallet. This makes Shamir backup highly resistant to partial breaches.
Can I still recover my wallet if I lose too many shares?
No. If you fall below the threshold—such as losing two out of four in a 3-of-4 scheme—your wallet becomes unrecoverable. Always ensure you store backups securely and account for potential losses when choosing your threshold.
Is it possible to add a passphrase to a Shamir-backed wallet?
Yes, you can use a passphrase with a Shamir backup-enabled wallet. However, just like with BIP39, the passphrase acts as an additional layer of protection and must be backed up separately and offline. Losing it means losing access—even with all recovery shares present.
Does Shamir backup work with all wallets?
Currently, widespread support is limited. The primary implementation is within Trezor hardware wallets, especially the Model T and newer Safe Family models. Other wallets may adopt SLIP39 in the future, but interoperability remains constrained compared to BIP39.
Why not use just one share?
SLIP39 intentionally prohibits single-share recovery (1-of-N). This forces users into a multi-factor mindset, enhancing security by requiring collaboration or multiple access points—aligning with best practices in key management.
Final Thoughts
Shamir backup represents a significant leap forward in personal crypto security. By replacing the fragile single-point backup model with a distributed, threshold-based system, it empowers users to protect their assets against both physical loss and targeted attacks.
Whether you're securing a large portfolio or simply want peace of mind, adopting Shamir backup means embracing resilience through cryptography.
👉 Start protecting your crypto with next-generation backup solutions today.