A tool for splitting BIP-39 recovery phrases into multiple shards using Shamir's Secret Sharing for additional security. This allows you to distribute your cryptocurrency recovery phrase across multiple locations, requiring a minimum threshold of shards to reconstruct the original phrase.
- Split a BIP-39 mnemonic into multiple shares (n) with a configurable threshold (k)
- Recover the original mnemonic using k-out-of-n shares
- Verify that shares can correctly reconstruct the original mnemonic
- Store shares in files or display them for manual recording
git clone https://github.com/victorges/recovery-shards.git
cd recovery-shards
make buildThis will create a binary named shards in the project directory.
./shards split -n 5 -k 3 -out shares/This creates 5 shares where any 3 can reconstruct the original mnemonic. The shares will be saved to the shares/ directory.
Options:
-n: Total number of shares to create (default: 3)-k: Minimum number of shares needed to recover the phrase (default: 2)-in: File containing the recovery phrase (if not provided, will prompt for input)-out: Directory to save the generated shares (if not provided, shares will be displayed in the terminal)
Example with input file:
./shards split -n 5 -k 3 -in data/in.txt -out shares/Example with manual input:
./shards split -n 5 -k 3
# You will be prompted to enter your mnemonic phrase./shards recover -in shares/This will reconstruct the original mnemonic from the shares in the shares/ directory.
Options:
-in: Path to a directory containing share files-shares: Number of shares to input manually (if not using files)
Example with manual input:
./shards recover -shares 3
# You will be prompted to enter 3 sharesEach share is stored as a BIP-39 mnemonic with an identifier prefix. The format is:
XXXX: word1 word2 word3 ... word24
Where XXXX is a hexadecimal identifier for the share.
Example:
bd13: memory flee chat rigid alpha put morning regular junk into include romance inner island security vivid little clump sport summer jump upgrade once notable
- Store each share in a different secure location
- The threshold (k) should be high enough that an attacker cannot easily gather enough shares
- The total number of shares (n) should be high enough to provide redundancy if some shares are lost
- Consider using physical media (paper, metal) for long-term storage of shares
- Test the recovery process before relying on it for critical assets
-
Split your existing mnemonic into 5 shares, requiring at least 3 to recover:
./shards split -n 5 -k 3 -out shares/
-
Store each share in a secure location. Make sure to save both the mnemonic but also the identifier of each share.
-
Distribute the shares to different secure locations.
-
When needed, recover the original mnemonic using at least 3 shares:
./shards recover -in shares/
This tool implements Shamir's Secret Sharing, a cryptographic algorithm that divides a secret into multiple parts. The original secret can only be reconstructed when a sufficient number of shares (the threshold) are combined.
- The BIP-39 mnemonic is converted to its entropy representation
- The entropy is split into n shares using Shamir's Secret Sharing
- Each share is converted back to a BIP-39 mnemonic format for easier storage
- To recover, the shares are converted back to entropy, combined, and then converted to the original mnemonic
Each share includes a check byte for validation, calculated as follows:
- The share identifier and entropy data are XORed together byte by byte
- The resulting check byte is appended to the share identifier
- When recovering shares, the check byte is validated by recalculating it and comparing
- This helps detect transcription errors or corrupted shares before attempting reconstruction
For example, if a share has identifier 01 and data 02 03, the check byte would be:
01 XOR 02 XOR 03 = 00
MIT