Could you elaborate on the clear disadvantages of Shamir's Secret Sharing? The only downside I see is the complexity of the implementation, which leaves room for error and can decrease security if not implemented right. For this reason, we will also add other schemes like SeedXOR and Hamming Backups, which are much simpler and leave less room for error.

In my personal opinion, the reason that SLIP39 did not get a lot of traction was because it is not compatible with BIP39. What I mean by this is that it's not possible to take a BIP39 mnemonic, then split it up into SLIP39 shares and get back your BIP39 mnemonic (=> no "roundtrips" are possible). SSKR is compatible with BIP39 mnemonics. From a wallet developer perspective, adding SLIP39 is more work because it often isn't compatible with the existing architecture of the app. But SSKR can basically just be added as a small add-on, then once the BIP39 mnemonic is recovered, the app can be used as usual. But I guess only time will tell what happens around adoption of those standards.


Multisig has advantages over Shamirs', the most important is that there is no one "single point of failure", because the keys can be distributed while signing. The one important downside in this context is that multisig isn't chain agnostic. Bitcoin supports multisig "natively", but for most other chains, smart contracts have to be used for multisig. So it's not possible to have a generic multisig implementation, but it is possible with Shamirs' because it works on a mnemonic level.

AirGap Vault does support multisig because it supports signing PSBTs. To do this, you'll have to use it with a watch-only wallet like Sparrow, Specter or BlueWallet. Please note that we didn't officially announce the support for multisig just yet, because we would like to add some additional functionality to make it more secure (eg. being able to register co-signers in the Vault to verify change addresses, which currently can't be done). This is on our roadmap and will hopefully come sometime in Q1.