If the attacker it tech savvy, he can decode the SLIP39 mnemonic to bits to see how many required mnemonics and how many backups you have.
That information is certain unlike judging just from the word which is a representation of a 10-bit segment.
The attacker does not need to decrypt everything down to the bits, since the 3rd and 4th word contain information about share groups and the group threshold,
source.
-snip-Also, an attacker does not have to contact the converter every time, but rather create several tables of correspondence between 3 and 4 words to possible backup options.
The bit-representation of a "
share mnemonic" isn't encrypted, the bits are encoded to words which is fairly easy to decode with a cheat table.
(
but you probably just misused the term)
The "
Group Count" is the last 2bits of the 3rd word and the first 2bits of the fourth word so I replied about decoding the mnemonic to actually see the 4-bit 'g' value for better accuracy.
Pretty much what you've described in the last sentence if you meant "
3rd and 4th words".
In addition, as I wrote above, the fourth word can only have 4 options, so it can hardly be called a full-fledged 10-bit segment, information about the fourth word could easily be encoded using 2 bits (00, 01, 10, 11), but Trezor, for some reason, decided to do otherwise.
They have to follow the standard, otherwise, they'll have a proprietary implementation and their backup would be incompatible with other wallets that use SLIP39.