Skip to content

Feat/slip39 shamir secret sharing 407 #765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MkDev11 wants to merge 2 commits into
base: staging
Choose a base branch
from
Open

Feat/slip39 shamir secret sharing 407 #765

MkDev11 wants to merge 2 commits into from

Conversation

@MkDev11
Copy link
Contributor

@MkDev11 MkDev11 commented Dec 17, 2025
edited
Loading

Add SLIP39 (Shamir's Secret Sharing) Support for Coldkey Management

Summary

This PR implements SLIP39 support for coldkey management, addressing issue #407. It allows users to create and recover coldkeys using Shamir's Secret Sharing, where the plaintext seed phrase is never exposed - eliminating the risk of screen reader and keylogger attacks.

Closes #407

What's Changed

New Commands

Create a coldkey with SLIP39 shares:

# Default 3-of-5 threshold scheme
btcli wallet new-coldkey-slip39

# Custom threshold (2-of-3)
btcli wallet new-coldkey-slip39 --shares 3 --threshold 2

# Save shares to files for distribution
btcli wallet new-coldkey-slip39 --output-dir /secure/location

# Add passphrase protection
btcli wallet new-coldkey-slip39 --passphrase "extra security"

Recover a coldkey from shares:

# From share files
btcli wallet recover-coldkey-slip39 -f share1.slip39 -f share2.slip39 -f share3.slip39

# Interactive mode (enter shares manually)
btcli wallet recover-coldkey-slip39

# With passphrase
btcli wallet recover-coldkey-slip39 -f share1.slip39 -f share2.slip39 --passphrase "extra security"

How It Works

SLIP39 splits a secret into N shares where M shares are required to reconstruct the original (M-of-N threshold scheme). For example, with a 3-of-5 setup:

  • 5 shares are generated, each as a 20-33 word mnemonic
  • Any 3 shares can recover the original coldkey
  • Losing up to 2 shares doesn't prevent recovery
  • An attacker needs at least 3 shares to compromise the wallet

Security Benefits

  1. No plaintext exposure: The seed phrase is never displayed or entered - only SLIP39 shares are shown
  2. Distributed custody: Shares can be given to different people or stored in separate locations
  3. Fault tolerance: Losing some shares doesn't mean losing access (if threshold is met)
  4. Optional passphrase: Additional layer of security that must be memorized

Use Cases

  • Personal backup: Keep shares in different physical locations (home, safe deposit box, trusted family)
  • Corporate treasury: Distribute shares among executives - any 3 of 5 can authorize transactions
  • Team wallets: No single person has full control; requires collaboration to access funds

Files Changed

File Description
bittensor_cli/src/bittensor/slip39.py Core SLIP39 utilities for share generation and recovery
bittensor_cli/cli.py New CLI commands (new-coldkey-slip39, recover-coldkey-slip39)
tests/unit_tests/test_cli.py 11 unit tests covering SLIP39 functionality
pyproject.toml Added shamir-mnemonic>=0.3.0 dependency

Testing

  • Added 11 unit tests covering:
    • Configuration and threshold descriptions
    • Share generation and recovery
    • Passphrase protection (correct vs wrong passphrase)
    • Share validation (empty, invalid, mixed identifiers)
    • File I/O operations
    • Full coldkey create/recover workflow

All tests pass:

tests/unit_tests/test_cli.py::TestSLIP39Config::test_default_config PASSED
tests/unit_tests/test_cli.py::TestSLIP39Config::test_custom_config PASSED
tests/unit_tests/test_cli.py::TestSLIP39Config::test_threshold_description PASSED
tests/unit_tests/test_cli.py::TestSLIP39ShareGeneration::test_generate_and_recover_shares PASSED
tests/unit_tests/test_cli.py::TestSLIP39ShareGeneration::test_generate_shares_with_passphrase PASSED
tests/unit_tests/test_cli.py::TestSLIP39ShareGeneration::test_entropy_to_keypair PASSED
tests/unit_tests/test_cli.py::TestSLIP39Validation::test_validate_valid_shares PASSED
tests/unit_tests/test_cli.py::TestSLIP39Validation::test_validate_empty_shares PASSED
tests/unit_tests/test_cli.py::TestSLIP39Validation::test_validate_mixed_identifiers PASSED
tests/unit_tests/test_cli.py::TestSLIP39FileOperations::test_save_and_load_shares PASSED
tests/unit_tests/test_cli.py::TestSLIP39ColdkeyOperations::test_create_and_recover_coldkey PASSED

Dependencies

Added shamir-mnemonic>=0.3.0 - the official Trezor implementation of SLIP39.

References

Checklist

  • Forked from staging branch
  • Added tests for new functionality
  • All tests pass
  • Code lints cleanly (ruff)
  • Detailed explanation provided

Contribution by Gittensor, learn more at https://gittensor.io/

@MkDev11 MkDev11 changed the base branch from main to staging December 17, 2025 14:21
@MkDev11
Copy link
Contributor Author

MkDev11 commented Dec 17, 2025

@thewhaleking Please review this PR and let me know the result when you are available.

@MkDev11
feat: Add SLIP39 (Shamir's Secret Sharing) support for coldkey manage…
eb8c50b 
…ment

Implements issue opentensor#407 - SLIP39 wallet creation and recovery

Features:
- New 'wallet new-coldkey-slip39' command to create coldkeys with SLIP39 shares
- New 'wallet recover-coldkey-slip39' command to recover coldkeys from shares
- Configurable M-of-N threshold scheme (default 3-of-5)
- Optional passphrase protection for additional security
- Save shares to files or display on screen
- Interactive share entry for recovery

Security benefits:
- Plaintext seed phrase is NEVER exposed
- Eliminates risk of screen reader and keylogger attacks
- Shares can be distributed to separate custodians
- Threshold scheme allows recovery even if some shares are lost

Files changed:
- bittensor_cli/src/bittensor/slip39.py - Core SLIP39 utilities
- bittensor_cli/cli.py - New CLI commands
- tests/unit_tests/test_cli.py - 11 unit tests for SLIP39
- pyproject.toml - Added shamir-mnemonic>=0.3.0 dependency
@MkDev11 MkDev11 force-pushed the feat/slip39-shamir-secret-sharing-407 branch from f136e2a to eb8c50b Compare December 17, 2025 14:39
@thewhaleking
Copy link
Contributor

thewhaleking commented Dec 18, 2025

Do you think adding a new command rather than adapting the current command is the best approach here?

@MkDev11
Copy link
Contributor Author

MkDev11 commented Dec 18, 2025

Do you think adding a new command rather than adapting the current command is the best approach here?

I chose separate commands because SLIP39 has fundamentally different parameters (--shares, --threshold, --output-dir) and a different user workflow (share distribution, threshold recovery) that would clutter the existing new-coldkey command.

However, if you prefer, I can refactor to add a --slip39 flag to the existing new-coldkey and regen-coldkey commands instead. Let me know your preference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Shamir's Secret Sharing (SSS) and Slip39

2 participants

@MkDev11 @thewhaleking