As SSS relies on splitting a private key up into multiple shards, that key must exist on a single device at the time of splitting and then also later on whenever you need to spend funds or even generate a new receiving address. If the device is compromised at either of these points in time (or in between), your funds can be stolen. For example, through a rouge employee, government coercion or other means Trezor could push a malicious software update. There could also just be a flaw in the hardware or software of the device that’s exploited. The next time you bring your shards together to spend or receive funds, the device would reconstruct the single signature key and poof, no more funds. Multisig on the other hand protects against this as there are multiple, separate private keys and potentially even multiple separate devices from different manufacturers
A number of other “custom SSS implementations” have suffered from major security vulnerabilities in the past due to the added complexity of implementing SSS, putting all users funds from that company at risk. For example, Armory’s Fragmented Backups feature which used SSS had a vulnerability found in it while the 3 of 5 HTC Exodus setup also ended up allowing for full key reconstruction if an attacker had just 1 of the keys. These both serve as valuable historic lessons showing that the added complexity of SSS compared to the straightforward creation of a Multisig wallet is not a preferred security practice
Is a Multisig setup perfect? No. Multisig is more complicated for users to manage. You have to backup not just more keys, but more configuration data in the form of a wallet descriptor file as well. If an attacker finds that wallet descriptor information they can see all the information about your wallet which can be a big breach of security and privacy. The transactions that are made using Multisig are bigger (in kilobytes) and so cost more in fees than Single Signature ones.
As is very common in matters of security, it depends on your own specific goals and technical capabilities, but in general you should try to KISS (Keep It Simple Stupid) 🙂
This is an extremely good improvement. A Trezor with a secure element means it should no longer be vulnerable to the hardware-based attacks that previous models had been a victim of. It also fills in the gap as being an equivalent to Ledger without the atrocious record of controversies and a commitment to open-sourcing their firmware unlike what Ledger does.
It's not open source, but the Trezor firmware remains open source, unlike Ledger. Trezor picked this one because no NDA is required, so bugs can be reported transparently.
SeedSigner is definitely an excellent open source project and one we recommend. SeedQR and stateless is a super awesome way to role as well. Buying and building it can be a bit too technical for some though and annoyingly (at least for us) doesn't use USB-C.
We're very fond of the Blockstream Jade too as their recent update now allows it to be used in a very similar way (which we cover in our review). The camera on the Jade is a little... finicky? and obviously the hardware is not general purpose, but it's super cheap (cheaper with our code) and has a battery in it which makes the air gapped, SeedQR experience really nice.
The Foundation Passport is also another super premium HWW that will soon support SeedQR style workflows too.
Highlights from my points of view: USB Type C and Shamir Secret Sharing.
And SE and passphrase on device and low price tag. And bitcoin edition 🔥
Shamir’s Secret Sharing (SSS) is often not the silver bullet many think it is. It still has a few weaknesses people should be aware of:
Device Single Point Of FailureDevice Single Point Of Failure
As SSS relies on splitting a private key up into multiple shards, that key must exist on a single device at the time of splitting and then also later on whenever you need to spend funds or even generate a new receiving address. If the device is compromised at either of these points in time (or in between), your funds can be stolen. For example, through a rouge employee, government coercion or other means Trezor could push a malicious software update. There could also just be a flaw in the hardware or software of the device that’s exploited. The next time you bring your shards together to spend or receive funds, the device would reconstruct the single signature key and poof, no more funds. Multisig on the other hand protects against this as there are multiple, separate private keys and potentially even multiple separate devices from different manufacturers
Increased ComplexityIncreased Complexity
A number of other “custom SSS implementations” have suffered from major security vulnerabilities in the past due to the added complexity of implementing SSS, putting all users funds from that company at risk. For example, Armory’s Fragmented Backups feature which used SSS had a vulnerability found in it while the 3 of 5 HTC Exodus setup also ended up allowing for full key reconstruction if an attacker had just 1 of the keys. These both serve as valuable historic lessons showing that the added complexity of SSS compared to the straightforward creation of a Multisig wallet is not a preferred security practice
Is a Multisig setup perfect? No. Multisig is more complicated for users to manage. You have to backup not just more keys, but more configuration data in the form of a wallet descriptor file as well. If an attacker finds that wallet descriptor information they can see all the information about your wallet which can be a big breach of security and privacy. The transactions that are made using Multisig are bigger (in kilobytes) and so cost more in fees than Single Signature ones.
As is very common in matters of security, it depends on your own specific goals and technical capabilities, but in general you should try to KISS (Keep It Simple Stupid) 🙂
Why is the shamir thing a good thing? Haha, please bare with me 😅
I can see where this could be interesting.
Maybe not for me, seems to easily become too complicated.
Yeah, it is not for everyone.
Is Trezor the one that didn't have a secure elements for a long time? I can never keep Trezor and Ledger separate in my head.
Yes. First time Trezor has a secure element.
Trezor site uses cloudflare, cloudflare blocks tor..
The original Trezor onion site was trezoriovpjcahpzkrewelclulmszwbqpzmzgub37gbcjlvluxtruqad.onion, but that redirects to clearnet domain.
But the web suite still works on an onion domain: http://suite.trezoriovpjcahpzkrewelclulmszwbqpzmzgub37gbcjlvluxtruqad.onion/web/
deleted by author
this is a good note. advice to Trezor folks reading this:
deleted by author
Wow its way cheaper than the model T. Very cool
This is an extremely good improvement. A Trezor with a secure element means it should no longer be vulnerable to the hardware-based attacks that previous models had been a victim of. It also fills in the gap as being an equivalent to Ledger without the atrocious record of controversies and a commitment to open-sourcing their firmware unlike what Ledger does.
comes in fiat colors
The secure element is open source hw, right? Not like Ledger.
It's not open source, but the Trezor firmware remains open source, unlike Ledger. Trezor picked this one because no NDA is required, so bugs can be reported transparently.
https://trezor.io/learn/a/secure-element-in-trezor-safe-3
Chips are hard, technically the other chips that Trezor has had since day 1 are not open source either. But the code that runs on them is.
I thought they were working on open hw too, called Tropical — isn’t that this?
Tropic Square, still in development. It's mentioned the chip will maybe be ready in 2025.
Amazing!
I thought it will have a bigger display
Is it able to be used air gapped?
Just use SeedSigner.
So it is not able to be used air gapped?
deleted by author
lol the video is great
deleted by author
SeedSigner is definitely an excellent open source project and one we recommend. SeedQR and stateless is a super awesome way to role as well. Buying and building it can be a bit too technical for some though and annoyingly (at least for us) doesn't use USB-C.
We're very fond of the Blockstream Jade too as their recent update now allows it to be used in a very similar way (which we cover in our review). The camera on the Jade is a little... finicky? and obviously the hardware is not general purpose, but it's super cheap (cheaper with our code) and has a battery in it which makes the air gapped, SeedQR experience really nice.
The Foundation Passport is also another super premium HWW that will soon support SeedQR style workflows too.
We'd recommend all 3 over any Trezor.
What's your opinion on Block stream's Jade?
We have about 3,000+ words on it as per our Blockstream Jade review, but basically it's a fantastic device, clearly best value for the money