[req] Shamir plugin

[AltcoinBuilder]

Would be nice if someone try to build a shamir  plugin.
Python source code is on the internet: https://pypi.org/project/shamir/ and only need someone familiar with electrum plugin development to do it.
 
  

[o_e_l_e_o]

I'm not sure that's a great idea. As the majority of people who are using Electrum are doing so on a non-airgapped machine, doing this might encourage people to input or otherwise access their seeds on an internet connected computer, which is a big security risk. Similarly, the secrets they generate would then be on an internet connected machine. This is the same risk as generating a paper wallet on a non-airgapped machine.

You can obviously never stop doing people doing this, but we shouldn't be encouraging it. Better to download and run a generator offline, such as https://iancoleman.io/shamir/.

[Abdussamad]

a non-airgapped computer is a networked computer and how can using the features of electrum result in seed compromise? what you said  doesn't make sense.

[o_e_l_e_o]

a non-airgapped computer is a networked computer and how can using the features of electrum result in seed compromise? what you said  doesn't make sense.

If there is a plugin which either asks for you to type in your seed or takes your seed from your Electrum wallet, and splits it in to 3 or 5 or whatever parts, and then displays those parts as text or creates a number of files, all while being non-airgapped (i.e. connected to the internet), then you are at risk of losing your seed to malware which could copy or transmit your "secrets" via the internet. This is the exact same reason why we tell people never to generate a paper wallet on an internet enabled device.

My point was that generating your secrets on an internet-connected device is not a smart idea, and I feel an Electrum plugin would encourage that.

[Abdussamad]

a non-airgapped computer is a networked computer and how can using the features of electrum result in seed compromise? what you said  doesn't make sense.

If there is a plugin which either asks for you to type in your seed or takes your seed from your Electrum wallet, and splits it in to 3 or 5 or whatever parts, and then displays those parts as text or creates a number of files, all while being non-airgapped (i.e. connected to the internet), then you are at risk of losing your seed to malware which could copy or transmit your "secrets" via the internet. This is the exact same reason why we tell people never to generate a paper wallet on an internet enabled device.

My point was that generating your secrets on an internet-connected device is not a smart idea, and I feel an Electrum plugin would encourage that.

Electrum itself generates your seed and electrum plugins have access to everything electrum does. Plugins are included with electrum and they are coded by the same developers that make electrum. You don't download them from third parties. So IDK see what the problem is.

@OP you could make a feature request on github. there are some similar requests there: https://github.com/spesmilo/electrum/issues/5419 & https://github.com/spesmilo/electrum/issues/5418

[o_e_l_e_o]

Because at some point after splitting your seed in to a number of secrets, those secrets either have to be displayed on screen for you to copy by hand or saved in a file(s) for you to distribute/print, both of which could be accessed by malware and transmitted to a third party if the computer has an internet connection. When generating a paper wallet, it should be done on an airgapped computer in case malware accesses your seed. When generating a secret, it should be done on an airgapped computer in case malware access your seed or secret.

My issue isn't with Electrum, it's with what happens after Electrum has produced your secret. This should be done in an offline environment, and having a simple button to press that says "Generate a 3-of-5 secret for my seed" or similar will encourage people to do so on an internet enabled computer.

[HCP]

Because at some point after splitting your seed in to a number of secrets, those secrets either have to be displayed on screen for you to copy by hand or saved in a file(s) for you to distribute/print, both of which could be accessed by malware and transmitted to a third party if the computer has an internet connection. When generating a paper wallet, it should be done on an airgapped computer in case malware accesses your seed. When generating a secret, it should be done on an airgapped computer in case malware access your seed or secret.

I think the point that Abdussamad is making is that when initially creating your Electrum wallet... the Electrum seed is displayed on the screen... AND you have to then type it back into the computer to complete the process.

My issue isn't with Electrum, it's with what happens after Electrum has produced your secret. This should be done in an offline environment, and having a simple button to press that says "Generate a 3-of-5 secret for my seed" or similar will encourage people to do so on an internet enabled computer.

So, in effect... your issue IS with Electrum... as it is already doing what you're saying a plugin should not. And I would suspect that most Electrum users are NOT using it in an offline air-gapped way to generate their seeds.

Having a plugin to generate Shamir shares isn't likely to change that... and would not be doing anything or encouraging any behaviour that Electrum doesn't already.


NOTE: Don't get me wrong... I agree, people should be creating their Electrum seeds/wallets offline to mitigate risk... but I suspect the majority don't.

[pooya87]

Having a plugin to generate Shamir shares isn't likely to change that... and would not be doing anything or encouraging any behaviour that Electrum doesn't already.

it could give users a false sense of security that if they use Shamir's "secret" sharing algorithm and split their hot wallet's secrets their security is increased whereas it really isn't.
of course if it is added as a plugin which is more like opt-in features that you have to explicitly enable and use, then it could mitigate that to some extent.

[HCP]

One could probably argue that the security of the backup is increased... as without the minimum number of pieces, you can't access the seed mnemonic and restore the wallet. (assuming the pieces are stored separately in safe and secure locations etc)

However, I would agree that the overall security of the wallet is essentially the same if it was all done (wallet creation + shamir split) on an online machine.

[pooya87]

One could probably argue that the security of the backup is increased... as without the minimum number of pieces, you can't access the seed mnemonic and restore the wallet. (assuming the pieces are stored separately in safe and secure locations etc)

if increasing the "security of the backup" is the goal then a better solution is to use an encryption technique* that is also already available in Electrum's code so there is no need for any new code being added. meaning they should just expose a GUI option for user to get the seed that is encrypted using AES256 that Electrum uses for seeds and wallet files already.

* Shamir algorithm is mainly for "sharing" secrets whereas encryption is for increasing security of what you store which is what most users would be looking for.

[Abdussamad]

There's already a way to split the backups between multiple locations, people and/or devices. It's called a multisig wallet and electrum has supported it for years but few users take advantage of it. In some ways it's safer than using SSS because you don't have to reconstitute all the keys on the same device at any point in time. They can remain on different devices and you simply pass around partially signed transactions for signing.

The downside of multisig over SSS is that it costs more in transaction fees than SSS since multisig transactions tend to be larger than single sig ones.

[pooya87]

The downside of multisig over SSS is that it costs more in transaction fees than SSS since multisig transactions tend to be larger than single sig ones.

not for long though!
as soon as we get Schnorr signatures and the accompanying MuSig which is basically taking advantage of the signature aggregation feature of Schnorr algorithm, the cost of transactions that require multiple signatures will reduce (ie. become smaller than a tx with single signature)!
how? by being a SegWit transaction (probably version 2 address) and also getting rid of the stupid DER encoding for signatures that makes them smaller and obviously only having 1 aggregated sig!

[hugeblack]

@OP you could make a feature request on github. there are some similar requests there: https://github.com/spesmilo/electrum/issues/5419 & https://github.com/spesmilo/electrum/issues/5418

The biggest winner of this plugin is altcoins so Electrum is not the best place to suggest it (feature request.) Multi-sigs win when we compare them to Shamir’s Secret Sharing (SSS,) but multi-party computation (MPC) can make a difference (does not require the parts to be reassembled on a single device.)
You still need to make a signature using multiple signatures, so MPC can be used to enhance the security of multiple signatures keys.