SSKR is Sharded Secret Key Reconstruction. It's a way that you can divide ("shard") the master seed underlying a Bitcoin HD wallet into "shares", which you can then distribute to friends, family, or fiduciaries. If you ever lose your seed, you can then "reconstruct" it by collecting sufficient of your shares (the "threshold").
The basic level of SSKR allows you to create a single group of shares, with a threshold for how many of those must be collected to reconstruct your seed. The following shows an example from Gordian SeedTool of creating three shares, of which two must be recovered.
|
|
You would take these shares and give one each to three different trusted people (or places, such as a safe or bank vault).
Note the overlap in words in different shares: this is expected. The first four words will always be the same as they describe the share as SSKR ("tuna acid epic") of a specific length ("gyro"). The next two ("navy grim") are a fingerprint that match all the shares in a split, and the next two ("able acid") describe the group threshold, count, and index, plus the member threshold, so they're the same for all the shares in a group.
| SSKR | length | ID | group & member info | secret share | checksum |
|---|---|---|---|---|---|
| tuna acid epic | gyro | navy grim | able acid able | dice good ... edge iris | inch plus oboe ruby |
Note also that your words will change each time you regenerate SSKR shares from a secret. This is also expected: there is a random factor in SSKR generation.
SSKR supports a more advanced methodology where you can define multiple groups, and then require a certain number of shares to come back from each group for a certain number of groups.
The following shows an example from Gordian SeedTool where either 2 of 3 shares must come back from the first group or 3 of 5 shares must come back from the second group. (If the group threshold was increased to 2, then those both would be required.)
|
|
This can allow for more complex scenarios, such as a business that hands off one set of shares to Chief Officers, and then backs that up with a set of shares held by their accountants or some other fiduciary.
Once you generate advanced SSKR shares, you would distribute them just like basic SSKR shares, but here being very careful to understand the roles of everyone you're giving shares to, since you're creating a more complex procedure.
You can record an SSKR share by storing the ByteWords in a safe and recoverable form. We suggest etching it in steel or titanium and have documented a full example of a cold storage scenario.
Technically, you don't need to record every word: the first four words can be removed if you know that you're recording an SSKR of a specific length, and the last four can be removed as they're checksums. If that makes you more likely to record your ByteWords, then do so. But it's always better to record the whole thing to have the complete, self-describing information about your share.
SSKR-compliant wallet tools should allow you to paste in your SSKR and reconstruct your seed, as shown in the following example for Gordian SeedTool
|
From there, your seed should be reconstructed and ready to go!
SSKR provides resilience for your keys. If you lose your master seed, you can then reconstruct it by recovering the threshold number of shares (or in the case of an advanced scenario, the threshold number of shares from the threshold number of groups).
SSKR simultaneously provides security. Because a number of shares must be combined to reconstruct a key, no individual could steal your digital assets; instead, a number would have to collude to do so, and you can design an SSKR scenario that makes that unlikely.
There is one caveat to using SSKR:
WARNING. The machine where you are reconstructing your key can be a vulnerability because your whole key is available at that location.
For that reason, we generally suggest multisig as a superior #SmartCustody tool. Nonetheless, we recognize that many people still use single-signature addresses, and for those situations, SSKR is an excellent tool for protecting your funds.
Though the examples here demonstrate SSKR with Gordian SeedTool, SSKR is a Blockchain Commons specification that we are making available to wallet manufacturers. We expect to see it become widely used in other products.
SSKR is the end-result of over two years of effort. It most immediately grew out of workgroups at the Rebooting the Web of Trust design workshops. At RWOT8 in Barcelona, a group of experts worked on "Shamir's Secret Sharing Best Practices" and the foundation of a new library, while at RWOT9 in Prague, a new cohort further discussed use cases, formats, and the two-level scheme. These workgroups included experts such as Christopher Allen, Bryan Bishop, Laurence Chen, Hank Chiu, Mark Friedenbach, Chris Howe, Yancy Ribbens, Daan Sprenkels, ChiaWei Tang, and others. Initial work on Blockchain Common's bc-shamir library grew from Daan's work on his own SSS library. Further encouragement to produce the new SSKR specification came from Ken Sedgwick, who identified the round-tripping problems between BIP-39 and SLIP-39.
For more SSKR for Users, also see our video example and our cold storage usage.