Poke holes at my distributed cold storage custody plan

[requirementsmet38]

I'm new to self-custody, so I was trying to think of ways to achieve full sovereignty while at the same time retaining the protections we get from storing money in a bank.

I have come up with a plan but it may only be attractive to high value Bitcoin holders because it requires time, effort, and money to setup. Once it is setup, however, it costs less to keep up. The plan can also be simplified to further reduce cost and effort, and it would still offer good protection.

The plan offers protection from the following threats:

* Computer getting hacked
* Being robbed at gunpoint
* One or more copies of keys being lost
* Funds becoming inaccessible to heirs due to your death

I'll share the plan below. Please poke holes at it so we can improve it.

The plan uses 2-of-3 multisig HD wallet. It maintains your full sovereignty. But it also puts some distance between you and direct access to the funds. This is to thwart in-person attacks.

https://github.com/requirementsmet38/bitcoin-custody#readme

[pooya87]

it is an over kill in my opinion and would only make sense if you truly expect to be robbed at gunpoint! not to mention it is a nightmare to spend from since you would have to acquire the second seed each time from the safety deposit box or the third person, recover wallet keys, sync, create tx online, sign offline, broadcast online!

but the rest seems OK to me. it is surely a safe way, and since it is 2 of 3 and you are putting each key in a different place it is unlikely to lose access to the funds. you also may consider encrypting the individual seed words too before "distributing" them and you can include the password on a different piece of paper and hold it separately.

this section: https://github.com/requirementsmet38/bitcoin-custody#generate-and-store-your-keys
can be summarized to a shorter text which IMO can be easier to understand:
- create 3 different seed words
- one seed is to be stored in your hot wallet (you can choose your phone)
- another seed is to be stored in a safe place (it can be a safety deposit box)
- the final seed is to be shared with a trusted person (like a family member)
* each part should contain 1 seed + all 3 master public keys
* you can create multiple copies of each seed to store in the same manner (2 copies on 2 phones, 3 copies in 3 different safety deposit boxes, 2 copies with 2 family members) but it should be copy of the same thing.

p.s. an alternate to a laptop is using a live Linux burnt on a DVD. booting with network physically cut off.

[requirementsmet38]

it is an over kill in my opinion and would only make sense if you truly expect to be robbed at gunpoint!

I don't expect to be robbed at gunpoint, but I feel safer knowing that I'm not an attractive target to a robber.

not to mention it is a nightmare to spend from since you would have to acquire the second seed each time from the safety deposit box or the third person, recover wallet keys, sync, create tx online, sign offline, broadcast online!

It might make sense to consider this plan a long-term high-value storage plan and have another more accessible wallet for a smaller amount.

But do you have to create the transaction online? I thought a transaction can be both created and signed offline?

you also may consider encrypting the individual seed words too before "distributing" them and you can include the password on a different piece of paper and hold it separately.

I wonder if this might add too much complexity? Where would you store the encryption password? How would you ensure against loss of this password?

this section: https://github.com/requirementsmet38/bitcoin-custody#generate-and-store-your-keys
can be summarized to a shorter text which IMO can be easier to understand:
- create 3 different seed words
- one seed is to be stored in your hot wallet (you can choose your phone)
- another seed is to be stored in a safe place (it can be a safety deposit box)
- the final seed is to be shared with a trusted person (like a family member)
* each part should contain 1 seed + all 3 master public keys
* you can create multiple copies of each seed to store in the same manner (2 copies on 2 phones, 3 copies in 3 different safety deposit boxes, 2 copies with 2 family members) but it should be copy of the same thing.

p.s. an alternate to a laptop is using a live Linux burnt on a DVD. booting with network physically cut off.

Thanks, I'll see how to work this stuff into the document! 👍

[pooya87]

But do you have to create the transaction online? I thought a transaction can be both created and signed offline?

you have to have transaction ID and index of the transaction outputs that belong to your keys and you want to spend so you have to first go online and sync with the network to see how many unspent transactions you have. then create the unsigned tx and transfer than to your cold storage to sign.

you also may consider encrypting the individual seed words too before "distributing" them and you can include the password on a different piece of paper and hold it separately.

I wonder if this might add too much complexity? Where would you store the encryption password? How would you ensure against loss of this password?

yes it is extra complexity but it is also an extra layer of security. for example when you give the group 1 to a person you also give them a separate piece of paper which contains the password and ask them to store that in a different place. for example the password in their wall safe and the encrypted seed in their desk drawer or something like that.

in the end i believe that the best method of storing bitcoin in a safe way is the way that the user is most comfortable with. and sometimes you have to do some trial and error to see which way suits you best. for example if adding password made it too complex then skip it. since the seeds are already separate the risk of storing them unencrypted is not high enough to mandate an encryption.