Best way to use Shamir's Secret Sharing Scheme

[madmat]

I want to use Shamir's Secret Sharing algorhythm to make a paper wallet in a way some risks are lowered : paper wallet lost, burnt or stolen.

My first idea was to use https://encryptedbitcoinwallet.com/ with 5 shares and 3 required and then to set in 5 envelopes one share with the secret and one bip38 paper wallet.

But i do not see clearly the benefit of sharing a passphrase versus directly sharing the bitcoin private key.

If someone could clear my mind on the subject.

[1714711073]

1714711073

[1714711073]

1714711073

[madmat]

Maybe... What is the right section ? 

[RepublicSpace]

Great idea. So like a m/n armory seed backup just for a single key. I don't think there is a special tool for it yet.

[RepublicSpace]

In regards to BIP38 (AFAIK the encrypted paper wallets): For a long time I did not see the benefit. However, I think these are awesome in case that you can only use an insecure printer. e.g. create wallets offline and then take them to a insecure by usb stick as a .pdf. Write the PW onto the wallet after printing. I guess there are other good use-cases but I don't know them.

[madmat]

In regards to BIP38 (AFAIK the encrypted paper wallets): For a long time I did not see the benefit. However, I think these are awesome in case that you can only use an insecure printer. e.g. create wallets offline and then take them to a insecure by usb stick as a .pdf. Write the PW onto the wallet after printing. I guess there are other good use-cases but I don't know them.

BIP38 + strong passphrase shared using shamir's secret scheme. Your bitcoins can't be stolen and you can't lost them if you correctly store shares of passphrase and bip38 paper in different places.

[DeathAndTaxes]

If you are using SSS then I would share the private key directly.  For added security one or more custodians could then encrypt their share.

SSS can be complex to implement.  If you are looking for a simpler solution you could just XOR two or more "subkeys".  This provides no direct redundancy but you could create duplicates for partial redudnacy (i.e. A, A, B, B and you need at least one A and one B to create the full key).   Still at this point with multisig tools getting better personally I would just create two or more BIP38 addresses.

Then create a single P2SH address using those BIP38 addresses and fund that.