Home »
Shamir’s Secret Sharing VS Multisig
Shamir’s Secret Sharing VS Multisig – The 5 Biggest Differences
Do you want to safely store your Bitcoin, but you don’t know if you should use Shamir’s Secret Sharing or Multisig? Are you wondering what the difference is between Shamir’s Secret Sharing and Multisig? This article will clear it up for you.
Shamir’s Secret Sharing is often seen as a substitute for multisignature. Many people believe they are almost the same, but that is not the case. Both protect your Bitcoin stack by eliminating the single point of failure of your backup. However, they work fundamentally in a different way and can even be combined in one single setup.
If you want a clear understanding about what the differences exactly are, please keep on reading!
What is the difference between Shamir’s Secret Sharing and Multisig?
Multisignature and Shamir’s Secret Sharing are fundamentally different in their architecture, so they have different features. To understand where these differences come from, you first have to understand the basics.
Shamir’s Secret Sharing
Shamir’s Secret Sharing is a cryptographic scheme to divide one backup seed in different shares. Because each share contains also limited information about other shares, not all shares are needed to remake the original seed. The seed is a complete Bitcoin wallet, including the master public (?) -and private key (?).
Like with multisig, you can set a quorum (?). As long as you have enough shares to meet your threshold (?), you can access your bitcoins, even if one or more shares are lost or stolen. A quorum could be 2-of-3, where two of the three shares are needed to recover the original seed. This means that with SSS only one seed and thus one Bitcoin wallet is involved. The secret that gives access to the wallet is divided in shares through cryptography.
Multisignature
Multisignature is a Bitcoin-native feature to combine multiple seeds into one multisig address. This means that every ‘share’ is a seed on its own, and thus a Bitcoin wallet including public -and private key pair. Here again, a quorum can be set including a threshold, which decides how many private keys out of the total amount of keys have to sign to send a transaction.
This means that multisignature is build from multiple wallets. To make it more understandable lets assume that hardware wallets are used: For SSS you will use one hardware wallet that creates multiple backup shares that can be combined to get the seed. For multisig you will use multiple hardware wallets where you create every seed separately on the device and then combine them into a multisig wallet.
The 5 biggest differences
Now that you understand the fundamental differences between Shamir’s Secret Sharing and multisig, it is time to learn about the different features. Read on below for the 5 biggest differences.
1 – Multisig protects agains device failure
Like multisig, Shamir’s Secret Sharing does protect you if a share get lost or stolen. The remaining shares can be used to recover the seed. However, if something goes wrong with the seed itself, like a bug in the device or a supply chain attack (?). SSS won’t protect you, because all the shares come from the same seed. Because multisig uses different seeds: Multisig does protect you in this situation.
2 – Multisig enables multiple parties to sign trustlessly
If multiple entities collaborate and make regular transactions, multisig is a much better solution. A PSBT (?) can be signed by all the required parties with the key they hold and broadcast to the network. In this process, everyone keeps his own secret and no critical information will be leaked. It can be done many times as long as there are sufficient funds in the address.
To make a transaction with Shamir’s Secret Sharing: One device must be initiated, it must contain the private key. If this is not the case, all required parties have to combine their shares before they will be able to sign. In both cases, at least one party will have access to the seed and thus control all the coins in the address. To make a transaction with SSS with multiple parties involved, there will always be trust required.
3 – For multisig a wallet configuration file is needed
Shamir’s Secret Sharing is just singlesig, so no wallet configuration file (?) is required to recover your wallet. This means that you can just import the required amount of shares in a SSS supporting device, and your Bitcoin wallet will show up.
For multisig, a wallet configuration file is required to know which addresses are combined to create the multisig address. Without the wallet file you can’t recover your multisig address if one or more seeds are lost, which means that you can’t access your coins. Before setting up multisig, always learn about the wallet configuration file first!
4 – Multisig is more customisable
Because all ‘shares’ of a multisig are stand alone private keys, every signer can be customised with advanced Miniscript (?) features. This means that multisig is much more customisable. Not only extra security features can be added, but also features that make collaborative custody or inheritance easier. You can think of the following features:
- Decaying keys
- Timelocks
- Spending conditions
- Key hierarchy
5 – For multisig you need multiple devices, for SSS only one
When you setup multisig you will need multiple devices to create the different seeds. You have to create every seed one by one. It is best to do this on an offline device that has never been online. Hardware wallets are by far the best devices for this. They are easy to use and extremely secure.
For Shamir’s Secret Sharing you need only one device. The device or the software of the device has to be compatible with SSS in order to create multiple shares out of the seed. HERE you can find hardware devices that support Shamir’s Secret Sharing.
You can combine multisig and Shamir’s Secret Sharing
Shamir’s Secret Sharing can be used for one or multiple seeds in a multisig setup to add more security and customisability. It can help to further eliminate single points of failure of individual signers or make inheritance easier.
As an example: One seed of the multisig can be divided in 5 shares with the configuration that 3 shares are needed to remake the seed. These shares can be distributed among family members who are planned to inherent the coins. If another seed is secured by a lawyer, this can make for a robust setup including inheritance plan.
Conclusion
Shamir’s Secret Sharing and multisig are certainly not the same. Multisig means combining different seeds into one address, while SSS means making multiple shares out of one seed. The security of multisig is more robust, it is more customisable and much better for collaboration between different entities. The advantage of Shamir’s Secret Sharing over multisig is that it is more simple and you need only one signing device.
What do you prefer to securely store your Bitcoin? Simplicity or robustness or combining them like a pro? Let us know in the comments below! If you want to learn more about multisig, please read our guide.