How Shamir Secret Sharing keeps your keys safe
How Vaultr's 2-of-3 Shamir Secret Sharing over GF(256) splits your master key across device, server, and recovery so no single breach can take your keys.
Quick answer: Vaultr protects your wallet with Shamir Secret Sharing over GF(256): your master key is split into three shares — device, server, and recovery — and any two of the three can reconstruct it. Because no single location holds a usable key, compromising one place gives an attacker only one useless share. The reconstructed master key then derives all your chain addresses via BIP32/BIP44 HD derivation.
Self-custody means you control your keys, but a single private key in a single place is a single point of failure. Vaultr solves this with Shamir Secret Sharing (SSS), a proven cryptographic technique for splitting a secret across multiple locations. This article explains how it protects you.
What is Shamir Secret Sharing?
Shamir Secret Sharing splits a secret into multiple shares such that a defined threshold of them is required to reconstruct the original, while fewer than the threshold reveal nothing. Vaultr implements SSS over GF(256) (a finite field also known as Galois Field 2^8), the same field arithmetic used widely in cryptography.
Vaultr uses a 2-of-3 scheme: the master key is split into three shares, and any two of the three can reconstruct it.
Where are the three shares stored?
Vaultr distributes your three shares across separate locations:
- Device share — held on your device.
- Server share — held by Vaultr’s server.
- Recovery share — your recovery share.
Because reconstruction needs any two of the three, no single location can rebuild the key alone. If an attacker compromises one location, they obtain just one useless share — not enough to reconstruct anything. This is the core security benefit: there is no single point of failure.
Why is 2-of-3 better than one key?
A traditional wallet stores one private key. Steal it once, and the wallet is gone. Vaultr’s 2-of-3 threshold changes the math in two ways:
- Resilience: you can lose any one share and still recover, because the remaining two reconstruct the key.
- Security: an attacker must compromise two separate locations at once, not one, to gain control.
This balance gives you both recoverability and strong protection against a single breach.
How does the master key relate to my wallet addresses?
Once reconstructed, the master key feeds hierarchical deterministic (HD) key derivation following BIP32/BIP44. From that one master key, Vaultr derives addresses for EVM chains, Bitcoin, and Solana. So a single, well-protected secret backs your entire multi-chain wallet, and the SSS scheme is what keeps that secret safe at rest.
How does this fit with Vaultr’s other protections?
Key custody via SSS protects the secret itself. On top of that, Vaultr adds wallet 2FA for authorizing transactions — an independent factor signed with its own key, separate from your login session — so even an active session cannot move funds without a fresh challenge. Together, split-key custody and transaction-time 2FA defend the wallet at two distinct layers.
FAQ
How many shares are there, and how many do I need?
Three shares (device, server, recovery), and any two of the three reconstruct the master key.
What happens if one share is compromised?
Nothing usable is exposed. A single share cannot reconstruct the key, so an attacker who breaches one location gains only one useless share.
What is GF(256)?
It is the finite field (Galois Field 2^8) over which Vaultr performs the Shamir Secret Sharing arithmetic, a standard choice for this kind of cryptography.
Does the same key cover all my chains?
Yes. The reconstructed master key derives EVM, Bitcoin, and Solana addresses through BIP32/BIP44 HD derivation.
Learn more about key security in the Vaultr smart wallet.
Didn’t find what you needed?
Back to the Knowledge Base