[Feature] Add SLIP-39 Shamir's secret sharing import support for SeedSigner #636
Conversation
|
Very cool. I appreciate you honing your approach to fit the preferences we've adopted for the project thus far. I will be tied up with finish the upcoming multilanguage + Spanish release, but will be looking forward to reviewing this PR in the coming weeks. If we get to 2-3 weeks past the new release and you haven't heard from me, please poke me on telegram and remind me to return here! |
|
Hi team, this PR is ready for review. Please take a look when you can. Happy to address any feedback—thanks! |
bitcoinprecept
moved this from 🆕9.0 In Progress
to 9.0 Needs Code Review
in @SeedSigner Development Board
|
Great work, Álvaro! I ran the test suite with Python 3.10 and 3.12, and all tests passed:
Only when I try to go to the SSS recovery option do I encounter this error (video attached for better flow details): I could to be creating bad .img for my pi0(?), could be a problem with my raspi device(?): (build output)root@d3fbae864001:/opt# time ./build.sh --pi0 --app-repo=https://github.com/alvroble/seedsigner.git --app-branch=slip39_sss_import
Disk disk.img: 25 MiB, 26214400 bytes, 51200 sectors
New situation: Device Boot Start End Sectors Size Id Type The partition table has been altered. real 67m24.812s Maybe you could to build same image for pi0 and I will test it, will be in touch. Best. - |
|
Hi @fedebuyito. Thanks a lot for the review and for the bug catch. The code had not been adapted to a recent refactor in |
|
Hi, @alvroble ! You're welcome, I hope to can help. I could to navigate into sss feature and the bug was not presented anymore. Regarding to UX/UI I saw some bit minor details maybe can be considerered:
Best! |
src/seedsigner/views/seed_views.py
Outdated
| seed_screens.SeedMnemonicEntryScreen, | ||
| title=_("Share #{} Word #{}").format(self.cur_set_index+1, self.cur_word_index+1), # Human-readable 1-indexing! | ||
| initial_letters=list(self.cur_word) if self.cur_word else ["a"], | ||
| wordlist=Seed.get_slip39_wordlist(wordlist_language_code=self.settings.get_value(SettingsConstants.SETTING__WORDLIST_LANGUAGE)), |
There was a problem hiding this comment.
On first load, this took about 1.5-2 seconds to load, making the UX feel sluggish when loading this View.
I would put the LoadingScreenThread in front of this. Should be pretty easy. See PSBTOverviewView (though now that I look at it, it would be cleaner if the thread was stopped in a finally block).
There was a problem hiding this comment.
@kdmukai I don't see this delay of 1.5-2 seconds. Was it on SeedSignerOS or on Raspberry Pi OS manual build?
|
With help from @fedebuyito (thank you!!), we identified an inconsistency between this implementation and the behavior of Trezor and the recently added Sparrow Wallet support. After recovery, the fingerprint and derived addresses don’t match as expected. I still need to investigate whether this is an issue with I’m marking this PR as draft again while I dig into it. Thanks a lot @kdmukai for your review, I’ll definitely incorporate your suggestions regarding the UI and user flows. |
|
Thanks to you, Alvaro, I'm grateful to have been able to help you. I'll wait for your new approach so I can test it. Great work you’re doing with @kdmukai! |
* Solves issue from embit#90 * Creates new ShamirSeed class for cleaner implementation
|
Hi! I've resolved the issue and aligned our implementation with Sparrow's. The problem we found has been discussed in diybitcoinhardware/embit#90. Luckily, A key difference is that Sparrow recovers the HD Wallet from the provided shares but only supports backing up a single share. For SeedSigner, I propose adopting the same approach, avoiding:
To support single-share export like Sparrow, extendable backup flag must be supported by Will focus now on implementing @kdmukai suggestions. |
* New SeedShamirShareOptionsView * Deleted SeedEntryShamirThresholdView * Refactored the code according to this flow * Updated test cases and screenshots
|
New refactor allowing for this flow that @kdmukai suggested:
So now the user gets directly to the 
Feels much smoother this way and aligns with the Seed XOR flows that are being implemented. The other screens that received changes now looks like this: 
↑ Removed spaces in the title "Share#1, Word#1" because with spaces, when reaching 2-digit word index the text starts scrolling and makes the UX very laggish. 
|
Description
This PR introduces support for importing Shamir Secret Sharing (SSS) shards (SLIP-39) into SeedSigner, focusing on seed recovery for users with existing SSS-based backups. While SeedSigner’s stateless design discourages SSS for routine use, this feature provides flexibility for recovering keys from legacy setups or unique scenarios where SSS is used.
The implementation is strictly limited to key recovery, with no support for creating new SSS setups (this can be discussed along with SeedQR support for SSS). So this feature aligns with SeedSigner’s philosophy of providing versatile recovery options without compromising simplicity.
Relevant issue: #552
The seed recovery flow is designed so that the user first inputs the threshold, then enters the words, and is finally asked for an optional passphrase. This process is similar to the regular seed import flow.
Threshold entry is only numerical: (deleted view)
Then the user is asked about the original seed word length
Then, user enters words using the SLIP-39 wordlist. If the original seed length is 12 words, each Shamir's share will be 20 words long. If the original seed length is 24 words, each Shamir's share will be 33 words long. All shares (up to the threshold number) are required to recover the original secret.
SLIP-39 checksum errors are treated as follows:
Then the user will be asked if they want to enter a passphrase (the finalize screen is improvable), after which the device will take them to the SeedFinalizeView view
I'm open to comments around this feature as well as to UX improvements so we can get a final version of the PR
This pull request is categorized as a:
Checklist
pytestand made sure all unit tests pass before sumbitting the PRIf you modified or added functionality/workflow, did you add new unit tests?
I have tested this PR on the following platforms/os: