Shamir backup refers to using Shamir Secret Sharing (an algorithm) to split a single recovery secret into multiple independent pieces, or "shares." SLIP-39 is the standard that applies that idea to hardware wallet recovery phrases so each share becomes a human-readable phrase. The idea is simple: you don’t keep one master key in one place. Instead, you split it into parts and require only a threshold of those parts to recover your private keys.
Why does this matter for cryptocurrency? Because crypto is non-custodial: if you lose your private keys, you lose access. Shamir backup reduces single points of failure while keeping you in self-custody. In my experience, it’s an elegant middle ground between a single seed phrase and a full multisig setup.
(Short and practical: Shamir is about distribution and resilience.)
At a high level, SLIP-39 splits your wallet’s master secret into n shares with a threshold k. You choose both numbers. For example, you might create 5 shares and require any 3 to reconstruct the master secret. Each share is a recovery phrase in its own right and contains metadata to identify the share and the set.
Think of it like a map that’s been cut into pieces. You don’t need every piece to find the treasure—just enough of them. But note this: each share must be stored securely and separately. If an attacker gets k shares, they can rebuild your private keys.
SLIP-39 also supports different groupings and advanced parameters in some implementations (so you can design redundancy across family members, lawyers, or geographically separate safes). What I’ve found is that the flexibility is powerful—but it adds human operational complexity.
| Feature | SLIP-39 (Shamir backup) | BIP-39 (standard seed phrase) |
|---|---|---|
| Basic idea | Split a master secret into n shares; k needed to recover | A single mnemonic encodes the master seed |
| Compatibility | Requires specific SLIP-39 support to restore | Widely supported across wallets and tools |
| Single point of failure | Reduced (if shares distributed properly) | High (one phrase holds everything) |
| Complexity | Higher — more decisions, more physical storage | Lower — single backup to protect |
| Best for | Users who want distributed redundancy without full multisig | Users who prefer simplicity or broad compatibility |
Which should you pick? It depends on your threat model. Want simplicity and maximum compatibility? BIP-39. Want redundancy without multisig complexity? SLIP-39 is worth evaluating.
Note: not every hardware wallet implements SLIP-39. If your device supports it, the flow usually looks like this:
Be careful during step 4. I believe that writing each share on a metal backup plate is worth the extra effort for long-term storage. And yes, write legibly.
What I’ve seen go wrong most often is over-engineering: people make shares too many and forget the threshold. Keep the math simple and document recovery procedures for trusted family or an executor (without exposing secrets).
Shamir backup is a backup scheme for one private key. Multi-signature splits signing authority across multiple independent private keys and typically requires co-signers for transactions. Which is right?
They aren’t mutually exclusive. For instance, you can have multisig wallets where each signer uses Shamir backup for their private key. But that adds more moving parts. In my testing, multisig is the security-first choice; SLIP-39 is the convenience-first enhanced backup.
For a practical primer, see the multisig overview: multi-signature guide.
Can you recover if the device breaks? Yes, provided you have enough shares (or the original seed phrase if you used one). What if the company behind your wallet goes bankrupt? If you control your private keys (or shares) you still control your crypto—this is the point of self-custody.
If something goes wrong during setup, consult the recovery steps before trying risky workarounds. See the recovery guide here: device recovery.
Q: Can SLIP-39 shares be stored together in one safe?
A: Technically yes, but that defeats the purpose. The point is distribution.
Q: Is the passphrase (25th word) required with SLIP-39?
A: No. It’s optional. But adding it increases security and also increases the chance of permanent loss if forgotten.
Q: Is Bluetooth safe for a hardware wallet when setting up SLIP-39?
A: Bluetooth adds attack surface. For backup generation or recovery, prefer a USB connection or a truly air-gapped setup.
Shamir backup (SLIP-39) is a practical, flexible way to protect a single private-key wallet by splitting the recovery secret into multiple shares. It removes a single point of failure but asks you to manage more physical pieces. In my experience, it’s best for users who want redundancy without moving to full multisig.
Want concrete setup steps or troubleshooting for your model? Read the backups guide and the setup walkthrough. If you’re focused on firmware safety and supply-chain checks, the firmware and security page is a smart next read.
If you’re unsure whether SLIP-39 is right for your situation, ask yourself: do I want convenience or resilience? The answer will point you to the right choice.
CTA: Explore the practical guides and recovery tutorials next: seed phrase basics • firmware checklist • backup strategies.