[Feature] Add SLIP-39 Shamir's secret sharing import support for SeedSigner #636
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Very cool. I appreciate you honing your approach to fit the preferences we've adopted for the project thus far. I will be tied up with finish the upcoming multilanguage + Spanish release, but will be looking forward to reviewing this PR in the coming weeks. If we get to 2-3 weeks past the new release and you haven't heard from me, please poke me on telegram and remind me to return here! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR introduces support for importing Shamir Secret Sharing (SSS) shards (SLIP-39) into SeedSigner, focusing on seed recovery for users with existing SSS-based backups. While SeedSigner’s stateless design discourages SSS for routine use, this feature provides flexibility for recovering keys from legacy setups or unique scenarios where SSS is used.
The implementation is strictly limited to key recovery, with no support for creating new SSS setups (this can be discussed along with SeedQR support for SSS). So this feature aligns with SeedSigner’s philosophy of providing versatile recovery options without compromising simplicity.
Relevant issue: #552
The seed recovery flow is designed so that the user first inputs the threshold, then enters the words, and is finally asked for an optional passphrase. This process is similar to the regular seed import flow.
Threshold entry is only numerical:
Then the user is asked about the original seed word length
Then, user enters words using the SLIP-39 wordlist. If the original seed length is 12 words, each Shamir's share will be 20 words long. If the original seed length is 24 words, each Shamir's share will be 33 words long. All shares (up to the threshold number) are required to recover the original secret.
SLIP-39 checksum errors are treated as follows:
Then the user will be asked if they want to enter a passphrase (the finalize screen is improvable), after which the device will take them to the SeedFinalizeView view
I'm open to comments around this feature as well as to UX improvements so we can get a final version of the PR
This pull request is categorized as a:
Checklist
pytestand made sure all unit tests pass before sumbitting the PRIf you modified or added functionality/workflow, did you add new unit tests?
I have tested this PR on the following platforms/os: