Extending a Shamir backup with additional shares

[andrewkozlik]

Summary

Make it possible to extend a Shamir backup with additional shares. For example convert a 2-of-2 backup to a 2-of-3 backup, where the first two shares remain the same.

Details

When running repeated backup, if the user requests a new backup with the same threshold as before, then ask them "Do you want to reuse your previous shares?". Ideally the question would be "Do you want to extend your previous set of shares?", but we don't actually know how many shares the user originally had. It could be that they had 2-of-5 and now they want 2-of-3, but different, or they had 2-of-3, but one got destroyed and they want to reproduce it. So "reuse" seems more appropriate.

Note that this feature works for old-style SLIP39 backups too! (The ones without the extendable flag, because in this scenario we maintain the identifier words.)

Let's start by implementing this functionality for Slip39_Basic, i.e. single group backup. The UI for extending advanced (multi-group) backups may be tricky.

The cryptographic part is already implemented in #4247, see slip39.py extend_mnemonics().

Slack thread: https://satoshilabs.slack.com/archives/C016ACNF1BN/p1727975559358469

Implementation notes

In perform_backup(), if the following conditions are satisfied:

• is_repeated_backup is true,
• storage_recovery.get_slip39_group_count() == 1,
• the new requested group_count is 1, and
• the new requested threshold is equal to the threshold of the mnemonics supplied in dry-run,

then the user should be asked "Do you want to reuse your previous shares?", and if they confirm, the new mnemonics should be generated as follows:

old_mnemonics = storage_recovery_shares.fetch_group(0)
new_mnemonics = extend_mnemonics(new_share_count, old_mnemonics)