Oddbean new post about | logout
 Might just be my perspective and familiarity... but I kinda feel like every self custody setup should now be multisig, AND that multisig is how we should think about key recovery (rather than a bunch of paper seeds) and "backups" for the user. 🧐

Thoughts...? 
 Cold stored, geo distributed multisig... yes 
 I'm also waiting for lightning implementations that close channels to offline keys (single or multi sig). I'd feel a lot more comfortable holding more in lightning channels if I knew my sats ultimately would land in cold storage. 
 I feel like @Alby could do this.  Channels force close to hot wallet with seed, I'm sure they could map to a cold address or silent address or bolt 12. 
 I think I like this take, can you expand? 
 If you can spend you bitcoin without leaving your house, flying to at least three continents, traversing the ocean in a submarine and using a time machine then your bitcoin is not safe.
I don't know how you all sleep at night. 
 Like bitkey?

https://bitkey.build/seed-phrases-are-sharp-edges/ 
 Bitkey requires email and phone number to purchase and doesn't accept Bitcoin for payment..... 
 I think they are referring to the key design not anything about the service specifically. It’s a man obscured multisig with the intent of making it easy and safer for casual users. 
 I'm sure it works technically, but I'm not buying from a company that doesn't accept Bitcoin for a Bitcoin wallet 
 Fees, you're increasing fees on all transactions going forward to spend. 
 True-ish, except taproot. 
 Are there assisted MS solutions that have taproot support? 
 Nunchuk will soon I think. @c301f133 
 UGH I'm tired of soon™, I need NOW

😂 
 For generational cold storage, how do you argue against a 24 word seedplate stored in a block of concrete?  
 - Did you generate the seed on a single device?
- Can you prevent hurricanes, floods, fires, ...?
- Can governments prevent you to access the location in cases of (indefinitely long) emergencies? 
 Everything has tradeoffs. For long term storage, your first two points aren't applicable. 

1. You can do it offline and bring your own entropy
2. Most weather can't get through a block of concrete
3. This is valid risk and needs to be mitigated.  
 Fair point with the key generation.

With the single location, I wouldn't be comfy when I need to be.

Think about being in 1900 in Europe and trying to find a single secure location where your kids would always be able to access it in time of need for just a next 100 years...

Probably more than 95% of land mass or fakilies had some heavy access restrictions put place on them at least for some period during that time. Usually in the most crucial period. 
 I do not argue against that 
 The only reason I don't agree, is because I think a distributed multisig setup is a lot to ask of someone who just bought their first 100k sats.

Like anything in Bitcoin, security should be a journey that grows as your gain conviction.

This isn't to say that I didn't set up a distributed multisig for my early sats, but I think it's a bit to ask of someone who is brand new.

Anyone who holds >5% of their net worth in sats, and has been here for over a year should definitely be exploring multisig though. 
 Holding a smaller amount wouldn’t be about distributed multisig, it would be about service based multisig. 

I’m not saying there is one size or one setup, I’m saying that the various levels of security and self custody should be met with different kinds of multisig.

In the case of someone who just bought 100k sats, maybe it’s a 2/3 with their phone, their spouse (or another device), and the wallet provider? 

——

I just think the design mentality should be “so what multisig would be best for this user’s situation and skill level?” 🤔 
 This is the correct take.

Multisig everything, but solve for the difficulty on the design side.

As a non-dev, I often overlook the "just make it better" solution. Lol. 
 That's why bitkey is great for newbs, especially if they're stacking in size 
 I think when someone just bought their first 100k sats is the best time to teach "ultimately, you're responsible for protecting your keys". Conversely, "Don't worry.  If you screw up, your spouse might be able to bail you out." seems like the beginning of forming bad habits. 
 I think that's a little like saying that using training wheels is setting people up for not being able to ride a bike. 

I think making the presumption that learning and taking responsibility aren't incremental processes (when i think there's ample evidence that it is like any other learning process) is a great way to just get a lot of people to be too afraid to take the first step, imo. 
 Hmmm.. I'm not sure that relying on shared custody does much to teach self custody.  Using training wheels does in fact teach balance to ride a bike.

Regardless, if I don't want people too afraid to take the first step, I'm suggesting something like a singlesig wallet app on the phone they likely already own; not purchasing at least a 2nd signing device (either for themself and/or their spouse) in addition to having to sign up for some sort of assisted custody wallet service.  Remember, the premise here is that we're only talking about a mere 100k sats at first.  I think most newbies on the fence about dabbling in so little would be completely turned off by any relatively significant additional investment and enrollment process just to do so.

Learning can certainly be an incremental process.  That process ought to be learn singlesig; then you can learn multisig, imo. 
 Multisig is the way imo once you are sufficiently advanced, single points of failure are not ideal 

It makes it safer to make backups in traditionally "less secure" methods (ie encrypted cloud backups) because even if someone does find one key, you're still safe 
 There are also a lot pitfalls in multisig which you have to consider. There is probably not one goto solution. 
 Of course. 
 Couldn't agree more 
 > Multisig is how we should think about key recovery…

Could you expand on this point a bit? 
 Setups should be thought as as varying levels of multisig in complexity and sovereignty.

As I mentioned with @bitcoinpup, let’s say you have someone who’s buying their first bitcoin. You just onboarded your friend basically.

Well then maybe the setup should be that you have a key, your friend has a key, and the wallet provider has a key. That way this person can come back to you and still recover funds in case anything goes wrong.

It leverages local trust, instead of some huge, distant corporate (or scam wallet) trust model. 

Then this can have all sorts of default variations based on the level of user skill and knowledge. 3/7 for someone who really needs help, but has a ton of funds, and has a spouse/friend they trust with a device also. Use tapsigners for main keys because they are super easy and have no input or UI complexity. They always work and you just keep them in your wallet. Multiple options for recovery, and to them it’ll look like just “tap to sign” because their phones auto sign with a local key too. 

This way if they lose their phone, tapsigner, and additional key, it can still be recovered through their group. The UX challenge for something like that is mostly in the setup process.

But then there’s all sorts of options in between. As well as timelocks in the case of too many keys lost, let recovery still be possible on one key, with a 3 month delay, etc.

Just lots to explore and it could be hidden for the user behind, “just have these devices” or “just have this person confirm,” or “just tap this card,” etc. 
 Got it that all makes sense.

I like the idea of popularizing tapsigners, from a UX perspective it’s the most familiar which is a boon for onboarding.

I think assisted 2/3 multisig would be a good setup for most people, but that would probably require a subscription fee or some other funding mechanism to keep the provider’s lights on. Which may turn some people off of it altogether. 
  Do holders want to move their 'secure enough' stacks though? 🤔 
 This would be more for people who want to use their bitcoin or are on a bitcoin standard. 
 Strong agree but need FROST for privacy preservation and to swap keys in/out. 
 Anything that improves how you use taproot would be a big help. And just implementing naive multisig setups and making it the norm would build the pressure for things like FROST to get adopted. 
 Doesn’t mutlisig in some ways add counterparty risk which I’m trying to get away from in the fiat world? 
 Only if you do assisted MS. You can control all the keys if you want. And as long as you hold the minimum signer threshold (2 keys in a 2/3) you're only sacrificing privacy to the 3rd key holder (which is obviously a big consideration). 
 Not really; but it depends on implementation.  Most I've seen suggest that you should retain possession of 2 of the 3 keys in a 2-of-3 multisig, for example... There is no counterparty risk if a) your authorization is required to move funds; and b) you don't require anyone else's authorization to move funds.

The real risk multisig introduces is complication risk: simply more keys to keep track of. 
 Generally, I still subscribe to the Sparrow Wallet best practices.  Though, I'm not married to the amount thresholds.  In short, I still think a paper seed for a singlesig wallet can be perfectly appropriate depending on the situation.
 https://image.nostr.build/fe0e229d1cd014578bbfe732af086d60b7b60cd9fbd368b6d1d2fb6e03d37296.png 
https://sparrowwallet.com/docs/best-practices.html#summary 
 Yes. 
 Serious question, does the best most secure wallet and single or multi-sig really matter? If I'm coming after your Bitcoin I'm coming for your seed phrase not your wallet. If I have your words nothing else matters right?  
 This would be part of the benefit of multisig. A single set of seed words don't threaten your bitcoin and so you can still move them if a key has gotten compromised. 
 Seeds plus passphrase is a good poor mans multisig. Keep the seed and passphrase separate.  
 No. 
Unless you are securing more than 100 bitcoin, A 12 or 24 word passphrased cold card should suffice 
 It will suffice from a security standpoint if you know how to maintain it, secure it, and not lose it. 

I think most people discount just how unprepared and "tech security illiterate" the average person is. Yet many have decent amounts of money and want to get into #Bitcoin. In this case the "simple" solution is highly likely to result in disaster.

Example, someone I've been talking to who  have been buying bitcoin just lost his phone twice in 2 months, got tricked into buying rallycoin by coinbase jsut before they delisted it so he can't get rid of it, and now thinks he sent bitcoin to his green wallet but it never showed up (i still ahve to investigate this one).

The guy wants to put his savings into bitcoin but his life is pretty crazy and I honesly don't feel safe telling him to do this unless I can make him a setup that's easy to understand and recover from WHEN those things happen. I think the best option is to distribute among many devices. 
 Exposing your entire UTXO set to a KYC third party is a bigger risk IMO and there is no guarantee they won’t “lose” they key or get hacked and can’t retrieve it 
If they want to save in bitcoin, learn proper OpSec, it is not hard. They just have to put in the time 
And never advise someone to put their entire stack on one type or model of HWW. 
Distribute the risk with different companies 
 > just how unprepared and "tech security illiterate" the average person is. 
Yes an I don't know anyone besides myself that cares. They can't be bothered because things mostly work okay.   
 mixed/pros & cons 
 My paws are tired, and it's about time for sleep, but I thought about this today and put together a white paper...

https://github.com/bitcoinpup/Satoshi-Vault

nostr:nevent1qqsq50947s7ltevalq2qncv9at8tn5xlynddnq9r7eafyzmmqxtgpvcpr4mhxue69uhksmm5wf5kw6r5dehhwtnwdaehgu339e3k7mf0qgstnem9g6aqv3tw6vqaneftcj06frns56lj9q470gdww228vysz8hqrqsqqqqqppx35mt 
 Bitcoin's L1 architecture makes widespread self-custody on the L1 technically infeasible, regardless of setup (single-sig or multi-sig). Self-custodial Lightning wallets have proven inadequate due to their complexity and channel liquidity requirements. Sidechains like Liquid are not a viable solution either, as long as BTC can only be moved to L-BTC with one's own node but not vice versa. A truly decentralized L2 is needed, where billions of users can securely keep small amounts of BTC in multi-sig wallets and easily move it to the main chain when the UTXO exceeds a million sats. 
 nostr:nprofile1qqstnem9g6aqv3tw6vqaneftcj06frns56lj9q470gdww228vysz8hqpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqg6waehxw309ahx7um5wghx7unpdenk2urfd3kzuer9wcq3wamnwvaz7tmjv4kxz7fwvd6hyun9de6zuenedyvu6425, we heard you.

nostr:nevent1qqsq50947s7ltevalq2qncv9at8tn5xlynddnq9r7eafyzmmqxtgpvcpr4mhxue69uhksmm5wf5kw6r5dehhwtnwdaehgu339e3k7mf0qgstnem9g6aqv3tw6vqaneftcj06frns56lj9q470gdww228vysz8hqrqsqqqqqppx35mt