Multisig protects against single-key compromise. Hardware wallets protect against malware. Neither protects against you: you forget, you have a stroke, you die, your partner divorces you and walks off with one of the keys. Social recovery is the discipline that survives the human failure modes — and at 301-tier sizes it's the difference between a workable inheritance plan and a permanent loss.
What Shamir secret sharing does
Shamir's Secret Sharing Scheme (SSSS) splits a single secret — your seed phrase, your encryption key, a recovery code — into N shards, of which any T are sufficient to reconstruct the original. Below the threshold T, the remaining shards reveal nothing about the secret. This is information-theoretic, not just computationally hard: with T−1 shards, the secret could equally be any possible value.
Common configurations:
- 3-of-5 (commonest). Five shards, three reconstruct. Mirrors the multisig design. Loss of any two shards still recoverable. Gain of any three shards completes a recovery.
- 2-of-3 (simplest for solo). Three shards, two reconstruct. One at home, one at a relative's, one at a bank. Loss of any one is survivable.
- 5-of-9 (institutional). Used for inheritance trusts, treasury operations. Hard to coordinate; only worth it when geographic distribution is the dominant threat.
The standard implementation for blockchain use is SLIP-39, supported by Trezor and several open-source tools. Generate the shards offline, on a device that has never been online and never will be again (an old laptop, fully wiped, no networking). Write each shard on metal. Distribute physically — never email, never cloud, never message-app.
Why this is different from multisig
A common mistake is to think Shamir replaces multisig, or vice-versa. They solve different problems:
| Multisig | Shamir | |
|---|---|---|
| What gets split | The authority to sign | The seed phrase itself |
| Where the split lives | On-chain (SignerList) | Off-chain (paper/metal shards) |
| To use the wallet | You combine signatures at transaction time | You reconstruct the seed, then use the wallet |
| Bigger threat protected | Daily-use compromise | Loss / death / forgetting |
| Recovery vector | Always-on multi-party signing | Rare full-reconstruction events |
The 301-tier setup uses both: a 3-of-5 multisig for daily authorisation (signers stay separate), and a Shamir-split of any one signer's seed for recovery if that signer is lost permanently. The Shamir reconstruction lets you regenerate the lost key; the multisig prevents you from losing the wallet during the reconstruction.
The human protocol
The technology is the easy half. The hard half is the social protocol around the shards — who holds them, when they should act, how they coordinate.
Pick your shard-holders the same way you'd pick executors for your will. Geographic spread, ideological diversity (don't pick five people who'd all stop returning your messages after the same political disagreement), generational mix (not all peers — some younger, some older), at least one professional bound by a legal duty (an attorney, a notary).
Write the protocol down, in cleartext. Each shard-holder gets:
- Their shard.
- A printed letter explaining what it is, without explaining how to reconstruct (that goes to the attorney only).
- A list of the other shard-holders.
- The conditions under which they should bring their shard to a reconstruction (e.g. "if you receive a signed letter from me requesting it, OR my death certificate, OR a court order").
- Contact info for the attorney.
The attorney holds the reconstruction instructions. No shard-holder should be able to act unilaterally; that's the whole point.
Test the protocol once a year. Without actually reconstructing the seed (which would compromise the shards). Just call each shard-holder, confirm they still have it, confirm they remember what to do. This is half of the annual recovery drill (next lesson).
When social recovery is overkill
Same caveat as multisig: if you have €3,000 in a wallet you log into weekly, do not split your seed into five shards held by people in three time zones. You will be locked out within a year. Shamir's split is for long-term, large-value, low-touch custody. For active wallets, a single well-stored seed phrase is the right answer.
Below €25,000 of long-term holdings: Shamir is probably overkill. Above €100,000 of long-term holdings: not doing Shamir is probably negligent. In between is judgment.
The 301-tier insight
Custody is a series of trade-offs between security against theft and security against loss. Multisig pushes both up. Hardware wallets push security-against-theft up. Shamir pushes security-against-loss up. The annual drill is what keeps all three from rotting. The next lesson covers what that drill actually consists of.