Please try the above examples with 12 or 24 words if you think that will make it easier. Example:

Secret: either "a b c d e f g h i j k l" or "a b c d e f g h i j k l m n o p q r s t u v w x"

Participants: Alice, Bob, Carol, Dave

Quorum: 2

Which parts of the secret does each participant receive? Every combination of participant pairs must be able to recreate the full secret No single participant may have the full secret.

---

HN won't let me reply to the below comment so I'll copy and paste here:

> It's actually trivially possible [...] for [...] very long (60 words+) passphrases.

It is not. It doesn't matter if your passphrases is 6000 words, you can't have 4 participants with a quorum of 2.

> https://iancoleman.io/slip39/

This uses the exact cryptography that I said you'd need. This isn't just "mnemonic phrase split between three person's", it's literally Shamir's Secret Sharing.

It's actually trivially possible but the entropy for each shard will be abysmally low, requiring very long (60 words+) passphrases. So you're right, there's no trivial way (by hand) to split a 24 passphrase in 5 shards. However, it feels like a detail: such sharding is possible even if it's not trivial:

https://iancoleman.io/slip39/

Sorry, but what's wrong (apart the low entropy of each shard) with:

  Al  Bob  Car Dav

a: - x x x

b: x - x x

c: x x - x

d: x x x -

e: - x x x

f: x - x x

....etc?

Clever! I hadn't considered that.