multi-party-ecdsa VS python-slip39

Use MPC instead? Sadly there are not enough mature open source projects around: https://github.com/ZenGo-X/multi-party-ecdsa and you can always take a look at https://github.com/rdragos/awesome-mpc

Sadly companies like Unbound were acquired by Coinbase and the OSS codebase is not longer maintained: https://github.com/unboundsecurity/blockchain-crypto-mpc

Ha nice call!

Unfortunately we have not completed a satisfactory security audit. We engaged with one company, but I don't think they were worth their salt. The problem is that the "good" companies are much more expensive, so it's a consideration of the value of the security audit. (If you know of a reputable company that would like to audit for free though...)

The code is not yet open source, but we are primarily expanding on this open-source library. https://github.com/ZenGo-X/multi-party-ecdsa

As true decentralized security enthusiasts, we quickly got in touch with ZenGo and fixed the discovered security breach in a pull request. It was soon approved and merged into their TSS library. The researcher who found the attack was granted a bug bounty, the biggest in ZenGo’s history.

Sure — with about the same likelihood as selecting the same atom out of all the atoms in the universe, twice in a row.

Besides; don’t. Generate your own entropy, save it as sets of SLIP-39 Mnemonic cards, and use the https://slip39.com App or https://iancoleman.io/slip39/ to recover your entropy (and your BIP-39 Phrase.

Use https://slip39.com

Create a new seed (using your own dice tools to create good entropy).

Practice recovering your BIP-39 Mnemonic from your SLIP-39 Mnemonit cards.

Print out the cards, and decide who you’ll share them with. Send them.

Then, transfer your Bitcoin, etc. into the address printed / QR-coded on the card.

No hardware wallet required; later, use a hardware wallet to recover the account private keys, and use your coins.

Backup your BIP-39 Mnemonic phrase using SLIP-39 [0]

This saves the original entropy from which your BIP-39 phrase was generated, over several groups of multiple SLIP-39 mnemonics cards.

Later, recover enough cards from a few groups, recover your BIP-39, and recover your hardware wallet.

Much more reliable, and safer because an attacker must collect many independent mnemonics from groups they probably don’t know the members of.

[0] https://slip39.com

Use SLIP-39, and a hardware wallet that allows recovery from SLIP-39 shards (eg. a Trezor).

With BIP-39, you are simply going to lose your wallet, eventually. It's almost inevitable. Either because you lose the 12- or 24-word passphrase, OR because someone else finds one of your backups.

I've written a decent Python implementation, here, which is simple enough to review:

https://github.com/pjkundert/python-slip39/