You're Dead: How Shamir's Scheme can let you pass on your cryptocurrency without exposing your private keys ahead of time

in #money8 years ago (edited)

Egyptian slaves pulling a statue

We've been thinking for a long, long time about what happens to our wealth when we die.

For most of history, it has been basically a case of other people taking physical possession of your things. But Steem, Bitcoin and other cryptocurrencies are fundamentally different from other stores of wealth, and protecting them while you're alive could mean that when you die, so does your wealth.

Since money that's "lost" in this way is really gone out of circulation, this is a deflationary event. In this scenario value isn't really destroyed, since everyone else's buying power goes up to a new equilibruim once that money is out of circulation. But for most of us, we want to transfer the value we have accumulated to some kind of successor, whether that's family, businesses, or just some charitable cause we support.

Crypto wealth is just information. It takes the form of cryptographic private keys that allow you to control certain addresses, like having a notepad full of combinations that match certain school lockers. If you just copy your keys out and put them in a couple lock-boxes, the funds are exactly as secure as the weakest lockbox. But with cryptocurrencies, we can do a lot better.

How to share a secret without giving it away

Monkey telling a secret

In 1979 an MIT student named Adi Shamir wrote a paper called How to share a secret:

In this paper we show how to divide data D into n pieces in such a way that D is easily reconstructable from any k pieces, but even complete knowledge of k - 1 pieces reveals absolutely no information about D. This technique enables the construction of robust key management schemes for cryptographic systems that can function securely and reliably even when misfortunes destroy half the pieces and security breaches expose all but one of the remaining pieces.

The procedure he described shows a way to securely divide a piece of information into as many parts as you want, and then re-assemble it from some combination of a certain number of the pieces. Using Shamir's secret sharing scheme you could for instance split a private key into four pieces, and re-assemble it from any three of those pieces. That way if one of the pieces is destroyed or lost, it can still be recovered.

Using Shamir's scheme you could generate many parts of a key. Put one of them in a lockbox or give it to your lawyer, distribute keys to different people you trust, and set one or more up with a digital dead-man's switch. In the event of your death, your survivors could assemble a certain number of parts to assemble the key. You can adjust the number of parts generated and the number required to meet your own needs.

There is a modified version of Shamir's Scheme at Shattr.it. I recommend saving a copy of the site to some kind of permanent offline media like an archival DVD-ROM which you can give out when you give someone their piece of the key. This will protect you from attack in case this website is unavailable or compromised when it's needed. If you use Shattr.it, I suggest shattering a text file which contains the master password for a password manager or for your wallet backup files.

There are other more technical alternatives to Shattr.it, all the way down to writing your own implementation of Shamir's Scheme so you can REALLY trust it. Those alternatives are left as an optional exercise for the reader.