Absolutely. There are various different pieces of software you can choose from, each with its own pros and cons:
https://github.com/spesmilo/electrumx
https://github.com/romanz/electrs
https://github.com/chris-belcher/electrum-personal-server

If your friends trust you, they can always connect to your Electrum server rather than having to spin up their own.

Good plan. The best airgapped devices are ones which physically can never connect to the internet again, not simply ones which could connect but hopefully don't.

No. The derivation path makes no real difference to security, especially since both used a hardened derivation at the account level.

I would set up an Electrum server linked to my own full node on my online computer. Then you can set up a watch only HD multi-sig Electrum wallet which is pointed exclusively at your own server. And then you can use airgapped Electrum wallets on your two airgapped laptops. You can then broadcast Electrum transactions via your own server via your own full node.

There is a drop down box on Ian Coleman which allows you to customize the number of words.

You can certainly do much worse than Ian Coleman, but personally I would still prefer to use reputable wallet software such as Core or Electrum to generate my entropy over a website.

It is trivial for a third party to download and install Electrum if they don't already have it in order to verify a signed message if the wallet software they are using does not support public key recovery via segwit addresses. Or alternatively, and slightly more complicated, they could convert the segwit address in to its corresponding legacy address and use that to perform public key recovery and signature verification, as I explain here: https://bitcointalk.org/index.php?topic=5417111.msg61126295#msg61126295

Speaking of, it seems like we might finally get a release post on bitcoincore.org and on this forum for v24.0.1, with this version being tagged ~30 minutes ago. It looks like v24.0 will be nuked entirely almost a month after its release, mainly because of a significant bug involved in creating transactions. Worth upgrading to v24.0.1 if you are one of the 400-500 nodes already running v24.0.

More info below:
https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.0.1.md
https://github.com/bitcoin/bitcoin/pull/26616

Sorry, I should have been more specific I was referring to bitcoin. If you dabble in centralized shitcoins, then your coins are never safe, regardless of what you do with them.

Oh well, that settles it then. We've definitely not heard this exact statement from any other centralized platforms which then went on to collapse within weeks or even days. Right!?

Now, let's take a look at the actual report:
So, in summary, not an audit, provides no assurances, and only looks at their liabilities to individual customers, and not any other liabilities they may have. And let's just ignore the fact that CRO - the centralized token they control and can print at will to sell and prop up any other insolvent part of their business - was suspiciously missing from this not-an-audit.

So, as I've said countless times over the last few weeks, this proves absolutely nothing and any coins which are stored on crypto.com continue to be at risk, just as with any centralized exchange.

I wouldn't. I would use Electrum as I mentioned in another thread. It's a far more straightforward process, does not involve doing a bunch of workarounds which only serve to increase the chances you lock yourself our of your coins, and does not require importing individual addresses rather than just an entire HD wallet.

This is a sufficient way to back up a 3-of-5 multi-sig, since the recovery of any 3 shares gives you 3 xprvs and the 2 missing xpubs.

What other errors are there? Bech32 addresses are of a fixed length (42 characters for P2WPKH, 62 characters for P2WSH or P2TR), so any error which adds or deletes a few characters will immediately result in an invalid address. The checksum will detect any error which affects up to 4 characters.

The reason that Bech32 excludes the characters "1", "b", "i", and "o" is explained in BIP173:

It is of course possible to shuffle a deck of cards by hand, but the difference here is that you aren't looking at the cards as you do it. Once you've already rolled the dice and can see the results, then ordering them manually can introduce bias. Maybe you don't arrange four 5s in a row because that isn't random enough.

That's the point I'm making though - turning an arrangement of a deck of cards in to a binary string is not something that is trivial. It is very possible that your method of randomness extraction does not result in a completely secure result.

Depends. Let's say you are using Electrum on a public computer. Whatever server(s) your copy of Electrum connects to will be able to link all your addresses to that IP address. Let's presume you connect over Tor so your IP address doesn't give away your rough geolocation or anything like that. What else do you do from that session which could then link you to your addresses via that IP address? Do you log in to an exchange account? Do you communicate with a trading partner via some third party platform or software? Do you open another wallet, linking those addresses to the first set of addresses? It all depends on your exact activities.

Keep in mind you can always set up your own node and Electrum server on your home computer and then connect to it over Tor from all the public computers you are using - you don't have to run the node on the public computers themselves.

That's correct. Each cosigner needs their own xprv, and the xpub of every other cosigner.

Bear in mind that when you make your back ups, backing up just the xprv is insufficient and you must back up the other xpubs as well. If your wallet is 3-of-5, for example, you cannot recover it with just 3 xprvs - you also need the other 2 xpubs.

The change level is not hardened. Provided you are using nested segwit, then:

m/48'/0'/0'/1'/0/0 will be your first external address.
m/48'/0'/0'/1'/0/1 will be your second external address.
m/48'/0'/0'/1'/1/0 will be your first change address.
m/48'/0'/0'/1'/1/1 will be your second change address.

And so on.

I'm certain you will be right, and there will be many more 0.1 BTC outputs than there will be 0.128 BTC outputs. That doesn't change my point, though. It's not just the individual transaction which creates 30x 0.1/0.128 BTC outputs, but rather you can follow the change output forward or backward and see transaction after transaction after transaction creating 30 outputs of various values. Although a 0.1 BTC output may look less obvious on first glance, to anyone who looks back even a single transaction it will still be immediately obvious it is coming from ChipMixer (and of course it is the people who look back at the history of a coin who are the very people you are protecting against by mixing).

I don't think it makes much difference. You can still withdraw 0.010 BTC with a 0.008 and a 0.002 chip, if you want. I like the powers of 2.

It kind of misses the point though.

It is trivial to identify an output as coming from ChipMixer. Take a look at this address: https://mempool.space/address/bc1qu225m44ere7sy89x5z0qhrhp7ma0yttrpwnyuh. Now, you can follow the coins on that address through dozens of transactions. Each transaction creates 30 outputs of the same chip size, and one change output. This chain of transactions creates hundreds of outputs for ChipMixer chips in total. There is no other service out there which does anything like this. It is completely unique and trivial to identify. This would not change if the chip sizes were 0.001/0.002/0.005/0.010/etc. instead of 0.001/0.002/0.004/0.008/etc.

The whole point of ChipMixer is to break the link between coins you deposit and coins you withdraw. It is not to hide the fact that you have used a mixer, and indeed, often the exact opposite. Being able to show quite clearly that all my inputs came from a mixer means I can prove that any claims you make about my coins being "tainted" or any other such nonsense are provably false. This same logic applies to coinjoins.

There is not one. Any set up which you can access yourself, you can be forced to access by an attacker if the consequences for not doing so are great enough, either to yourself or to your family. Even in the timelocked set up you describe where it is utterly impossible for you to access the coins sooner, there is no way for you to prove that to an attacker in order to get them to stop their attacks, and as Loyce says, they can just kidnap you and wait. They can force you to access any back up, unlock any wallet, log in to any account, or contact any third party with a gun to your head.

The best way to protect your funds from robbery is to have no evidence that they exist, and to be able to hand over something to an attacker in order to satisfy them. This means at least one wallet which no one knows about, created in a completely airgapped manner, with no evidence left behind, stored completely separately to your other wallets (including its back ups). It also means this wallet is funded only with coins which have no link to your other coins. You can't just empty 5 BTC out of your hot wallet and send it straight to this cold wallet, since it will be clearly obvious from looking at the blockchain what you have done. It needs to be funded with well mixed or coinjoined coins, preferable bought peer-to-peer and not via a centralized exchange. You also need to have other wallets you can hand over to an attacker. You might already have a hot wallet on your phone you can hand over, but the attacker will still expect that you have a cold wallet too. So you need a decoy cold wallet or two with an amount which could reasonable be "your stash" which you could also hand over in such an event, while your real cold wallet(s) remain hidden.

You can of course, provided you have three new devices in which to import your seed phrases.

If you were in the situation where your hardware wallets were lost/stolen, and you needed access to your coins urgently (before you had time to order three new hardware wallets and wait for their delivery or purchase three second hand laptops or similar), then your only option would be recover all the seed phrases in to the same wallet.

You certainly won't lose anything by doing it, but I'm not sure you would gain anything. As long as you make multiple trades and don't trade the exact amount all at once, then I don't see any real downside to just using Bisq.

I wouldn't recommend any centralized exchange at all. RoboSats is another option besides Bisq. More here: https://kycnot.me/

You need to consider the risks of doing all this in public. Are there people that can see what you are doing? Are there any cameras? Are you sure the computer you are using doesn't have some monitor device attached to it, such as a hardware keylogger, which would not be mitigated by your use of Tails?

For your method of fiat? Can you swap it to USD or similar first?

Maybe on a public block explorer, but you aren't fooling professional blockchain analysis firms by simply splitting UTXOs up and then recombining them later.

You don't know (unless you are also collecting extra data such as IP addresses from light wallets or similar), but if there is a transaction which combines several UTXOs, all of which can be traced back to a single UTXO in the last couple of parent transactions, and indeed comprise the entirety of that UTXO, it is a very reasonable assumption to make.

It's not a bad solution, but I would avoid using KuCoin or any other centralized exchange at all since they all track your movements and report to blockchain analysis companies. Far better to use a proper DEX such as Bisq for this step, just as you do at the end. And you should be running your own node for both Bitcoin and Monero rather than using light wallets depending on someone else's node.

A simpler solution all round would be to return your KYCed bitcoin to whichever centralized exchange you bought them from with a KYCed account, sell them, withdraw your fiat, close your account, and then take that fiat over to Bisq and buy completely unrelated non-KYC bitcoin.

But as you correctly predicted, I'll point out that it requires you to manually arrange them, which will not be a random process, regardless of how random you think you are being. Anything which introduces a human choice introduces a subconscious bias.

Just to be pedantic, but the domain isn't quite unlimited - it is any string up to length 2⁶⁴ - 1 bits, which is any string up to 2 million terabytes in length.

And impossible to answer without cycling through the entire set of possible inputs, which is similarly impossible.

As pooya87 has said, it is an elliptic curve multiplication.

Your private key is simply a random number. Your public key is a point on the secp256k1 curve which bitcoin uses. To get from the private key to the public key, you multiply the private key by what is known as the generator point, which is (we think) an arbitrarily chosen point on the curve. This point is the same for everyone, for every private key, and for every wallet. Once you've multiplied the generator point by your private key, using elliptic curve multiplication, you reach your public key. The public key (uncompressed) is comprised of a 0x04 byte (which tells us it is uncompressed), followed by the 32 byte x coordinate and then the 32 byte y coordinate.

It is guaranteed to detect up to 4 errors, and has less than a 1 in a billion chance of failing to detect more errors than that.

Addresses aren't designed to be hand written, but they should still be double (or even triple) checked after you have copy and pasted them. And excluding one character from similar character pairs such as o and 0 helps to make the manual double checking process easier and more accurate.

This thread is outdated - it was created before Wasabi started cooperating with blockchain analysis and spying on all their users. Wasabi can no longer be recommended as a good option.

Yeah, this doesn't work at all. You can split up an UTXO as many time as you want, but as soon as you use multiple inputs together in one transaction, then all those inputs are linked together as most probably belonging to the same entity. If all those inputs can be traced back to the same entity in the last 5 or 10 parent transactions, then you've achieved absolutely nothing except wasting money on fees.

Doesn't really matter. If a server sees your device fingerprint and IP query all the addresses from wallet 1, and the minutes later sees the same device fingerprint and IP query all the addresses from wallet 2, it is trivial to deduce that wallet 1 and wallet 2 are owned by the same person.

That blockchain analysis companies have admitted that they run multiple servers for such wallets with the sole purpose of collecting data. If you are serious about privacy, then you must run your own node. It is not a difficult thing to do.