· 6 min read

Shamir's Secret Sharing Explained (For Normal People)

TL;DR: Shamir's Secret Sharing splits your seed phrase into multiple parts. You need a minimum number of parts to recover the original. One part alone reveals nothing.

Example: Split into 3 parts. Any 2 can recover the seed. But 1 part is useless.

The Problem Shamir Solves

You have a Bitcoin seed phrase:

witch collapse practice feed shame open despair creek road again ice least

If you store it in one place: - Lose it = lose your Bitcoin - Someone steals it = they steal your Bitcoin - You die = your family can't access it

If you split it in half (6 words each): - Someone with half can brute-force the other half - Not secure

Shamir's Secret Sharing solves this.

How It Works (Simple Version)

Step 1: Choose Your Threshold

You decide: - How many parts (shards) to split it into - How many parts are needed to recover

Example: 3 shards, 2 needed (called "2-of-3")

Step 2: Split the Secret

Your seed phrase gets split into 3 shards: - Shard A: a7f3e9d2c1b8... - Shard B: 3c8f1a6e4d9b... - Shard C: 9e2b7f4c3a1d...

Step 3: Distribute the Shards

  • Shard A → Your password manager
  • Shard B → Your heir
  • Shard C → Encrypted on a server

Step 4: Recover When Needed

Any 2 shards can reconstruct your original seed phrase: - Shard A + Shard B = Original seed ✓ - Shard A + Shard C = Original seed ✓ - Shard B + Shard C = Original seed ✓

But 1 shard alone is completely useless: - Shard A alone = Nothing ✗ - Shard B alone = Nothing ✗ - Shard C alone = Nothing ✗

The Math (Optional, Skip If You Want)

Shamir's Secret Sharing uses polynomial interpolation.

The Concept

Imagine you have a secret number: 42

You create a polynomial (fancy math equation):

f(x) = 42 + 3x + 2x²

You generate 3 points on this curve: - Point 1: f(1) = 47 - Point 2: f(2) = 58 - Point 3: f(3) = 75

Any 2 points can reconstruct the curve and find the secret (42).

But 1 point alone? Infinite possible curves. Useless.

Why This Matters

Traditional encryption: If someone gets 99% of your encrypted data, they have 0% of your secret.

Shamir's Secret Sharing: If someone gets 1 of 3 shards (33%), they still have 0% of your secret.

You need the threshold (2 shards) or you have nothing.

Real-World Example: Your Crypto Seed Phrase

Let's say your seed phrase is:

abandon ability able about above absent absorb abstract absurd abuse access accident

Step 1: Convert to Numbers

Each word maps to a number (BIP39 standard):

abandon = 0
ability = 1
able = 2
...

Step 2: Apply Shamir's Algorithm

Your seed phrase becomes a polynomial. The algorithm generates 3 shards:

Shard A:

801a3f7e9c2d4b6f8e1a3c5d7f9b2e4a6c8e1f3a5c7e9b2d4f6a8c1e3f5a7c9e

Shard B:

3c5e7a9d2f4b6e8a1c3f5d7b9e2a4c6f8e1d3b5a7c9f2e4a6d8c1f3e5b7a9d2f

Shard C:

9f2e4a6c8d1f3b5a7e9c2d4f6b8e1a3c5f7d9b2e4a6f8c1d3e5a7f9c2e4b6d8a

Step 3: Recover Your Seed

You combine any 2 shards:

Shard A + Shard B → Original seed phrase

The algorithm reverses the process and gives you:

abandon ability able about above absent absorb abstract absurd abuse access accident

Perfect recovery. No data loss.

Why This Is Better Than Alternatives

vs. Splitting Your Seed in Half

Bad idea:

First 6 words: abandon ability able about above absent
Last 6 words: absorb abstract absurd abuse access accident

Problem: Someone with half can brute-force the other half. Only 2048^6 possibilities (doable with modern computers).

Shamir's Secret Sharing: One shard reveals NOTHING. No brute-forcing possible.

vs. Encrypting Your Seed

Encryption: - You encrypt your seed with a password - You need to remember the password - If you forget the password, you're screwed - If you die, your family needs the password

Shamir's Secret Sharing: - No password needed - Just combine 2 shards - If you die, your family gets Shard C automatically (dead man's switch)

vs. Multisig Wallets

Multisig (like 2-of-3 Bitcoin multisig): - Requires multiple signatures to spend - Great for security - But: Each person has a full private key - If one person's key is compromised, that's bad

Shamir's Secret Sharing: - Each person has a shard (not a full key) - One shard is useless - More secure distribution

Common Questions

Q: Can I do 3-of-5? 4-of-7?

Yes. You can do any threshold: - 2-of-3 (most common) - 3-of-5 (more secure, more complex) - 5-of-7 (very secure, very complex)

Trade-off: More shards = more secure, but harder to manage.

Q: What if I lose 2 shards?

You're screwed. If you have a 2-of-3 setup and lose 2 shards, you can't recover.

Solution: Use 3-of-5 instead. You can lose 2 shards and still recover.

Q: Can I change the threshold later?

No. Once you split your seed, the threshold is fixed.

Solution: Generate new shards with a new threshold. Transfer your crypto to a new wallet.

Q: Is this quantum-resistant?

No. Shamir's Secret Sharing is not encryption. It's secret sharing.

But: Your seed phrase itself is quantum-vulnerable (if you're using Bitcoin, Ethereum, etc.). Shamir doesn't make it worse.

Q: Can I do this manually?

Technically yes, but don't.

The math is complex. One mistake = permanent loss.

Use software: Shardium, Ian Coleman's tool, or other audited implementations.

How to Use Shamir's Secret Sharing

Option 1: Shardium (Easiest)

  1. Go to shardium.xyz
  2. Enter your seed phrase
  3. It splits into 3 shards automatically (2-of-3)
  4. Save Shard A, give Shard B to your heir, Shard C stays encrypted
  5. Done

Cost: $49/year or $129 lifetime

Option 2: Ian Coleman's Tool (Free, Manual)

  1. Go to iancoleman.io/shamir
  2. Enter your seed phrase
  3. Choose threshold (e.g., 2-of-3)
  4. Generate shards
  5. Save them manually

Cost: Free, but no dead man's switch

Option 3: Self-Host Shardium (Free, Technical)

  1. Clone: github.com/pyoneerc/shardium
  2. Run on your own server
  3. Full control, open source

The Bottom Line

Shamir's Secret Sharing is the best way to backup your seed phrase.

Why? - No single point of failure - One shard reveals nothing - Lose one shard? No problem - Die? Your family inherits automatically (with Shardium)

How? - Splits your seed into multiple shards - Any threshold number of shards can recover - Mathematically secure (polynomial interpolation)

Try it now →

Further Reading

Max Comperatore is the founder of Shardium. He's been obsessed with cryptographic security since 2017.

Max Comperatore
Max Comperatore
Founder of Shardium. Building trustless crypto inheritance.

Ready to Protect Your Crypto?

Set up your vault in under 5 minutes. Client-side encryption. Open source.

Create Your Vault

Related Articles

How to Backup Your Seed Phrase Securely (Without a Ledger)
Paper backups fail. Single copies are risky. Here's how to backup your...
What Happens to Your Crypto When You Die?
Without a plan, your Bitcoin, Ethereum, and other crypto assets are lost...