What You’re Still Doing Wrong

99% of the bitcoiners I talk to are not using Shamir’s Secret Sharing Scheme. The original paper was published in 1979 and at less than two pages long is an enjoyable read.

If your private key material is encrypted (see “What You Should Never Do” above), you need a way for your heirs to access the password if you get hit by a bus. Of course you could give them the password, but then you’ve significantly weakened your security. A better solution is to split the password multiple ways. For example, I use 6-of-11. This means that any 6-of-11 trusted people I previously designated can combine their Shamir shares to get just the password (only) to decrypt my USB drive. Of course that doesn’t give them physical access to the USB drive, which has to be handled separately (I recommend safe deposit boxes at banks).

The most popular library to use is ssss because it has been in most common linux distributions for a really long time. I wish the code were more readable. PassGuardian has a simple UI that anyone can use (offline!), and Ryan Shea’s python implementation appears very well written.

Note: you might instead be doing p2sh (multisig), which can work but has two problems:

The protocol is inflexible and doesn’t scale. It works great for 2-of-3, but if something is important you need to be able to lose more than 2 keys and still recover your funds. After all, imagine 2 of the keys are with 2 loved ones who are in the same car crash. That’s why I like 6-of-11, you can even have great geographic diversity and spread across many families.

It’s complicated. Don’t do this unless you’re an expert, you’re more likely to screw up.

One nice thing about p2sh is that you never recombine all the keys on a single machine.