Please try the above examples with 12 or 24 words if you think that will make it easier. Example:
Secret: either "a b c d e f g h i j k l" or "a b c d e f g h i j k l m n o p q r s t u v w x"
Participants: Alice, Bob, Carol, Dave
Quorum: 2
Which parts of the secret does each participant receive? Every combination of participant pairs must be able to recreate the full secret No single participant may have the full secret.
---
HN won't let me reply to the below comment so I'll copy and paste here:
> It's actually trivially possible [...] for [...] very long (60 words+) passphrases.
It is not. It doesn't matter if your passphrases is 6000 words, you can't have 4 participants with a quorum of 2.
This uses the exact cryptography that I said you'd need. This isn't just "mnemonic phrase split between three person's", it's literally Shamir's Secret Sharing.
It's actually trivially possible but the entropy for each shard will be abysmally low, requiring very long (60 words+) passphrases. So you're right, there's no trivial way (by hand) to split a 24 passphrase in 5 shards. However, it feels like a detail: such sharding is possible even if it's not trivial:
How? Example: Split a secret phrase ("correct horse battery staple") between 4 friends with a quorum of 2.
- Alice: correct
- Bob: horse
- Carol: battery
- Dave: staple
Great! But that's a quorum of 4. How do we reduce it to 2? Each person needs two words:
- Alice: correct horse
- Bob: battery staple
- Carol: correct horse
- Dave: battery staple
But what if Alice and Carol want to get the secret? Or Bob and Dave? Well, each person needs the entire secret.
- Alice: correct horse battery staple
- Bob: correct horse battery staple
- Carol: correct horse battery staple
- Dave: correct horse battery staple
...but now the quorum is 1, and all of them just have a copy of your secret. If you want to be able to have arbitrary quorums, you need cryptography.