Please critique my planned Multi-Sig-Setup.

[Teubwel]

Involved are 3 Bitcoin holding parties: Alice, Bob and Charlie.

Alice and Bob are considered to be one household, but for accounting purposes, still want separate wallets.

Charlie wants a separate wallet, but also doesn't want either Alice or Bob being able to spend his funds, in order to mitigate against 5-Dollar-wrench-attacks against them. Only after Charlie dies, he wants Alice and Bob to have access. He doesn't trust lawyers.


Secure physical locations:

 * H: Alice and Bob's [H]ouse, all 3 have access
 * V: [V]acation-home, all 3 have access
 * S: \[S\]afe-Deposit-Box, only Charlie has access


2-of-3 Multi-Sig-Setup Alice and Bob

 * H: Trezor1 + Passphrase_Alice + Passphrase_Bob
 * V: LedgerS + Passphrase_Alice + Passphrase_Bob
 * S: TrezorT + Passphrase_Alice + Passphrase_Bob
 


2-of-3 Multi-Sig-Setup Charlie

 * H: Trezor1 + encrypted Passphrase_Charlie
 * V: LedgerS + encrypted Passphrase_Charlie
 * S: TrezorT + plaintext Passphrase_Charlie + decryption passphrase for encrypted Passphrase_Charlie
 * FinalMessage.io GMail's delayed sending to Alice and Bob: Decryption passphrase for Passphrase_Charlie

OR


3-of-4 Multi-Sig-Setup Charlie

 * H: Trezor1 + Passphrase_Charlie
 * S: TrezorT + Passphrase_Charlie
 * V: LedgerS + Passphrase_Charlie
 * FinalMessage.io and GMail's delayed sending to Alice and Bob: Electrum Seed


OR

Since S and Charlie's brain B have a certain connection, they can backups of one another. If Charlie dies, S and B are inaccessible.

So alternativley:

3-of-5 Multi-Sig-Setup Charlie

* H: Trezor1 + Passphrase_Charlie
* S: TrezorT + Passphrase_Charlie + Electrum_Seed_Brain
* V: LedgerS + Passphrase_Charlie
* GMail & FinalMessage: Electrum_Seed_GFM
* Brain: Electrum_Seed_Brain

plus sha256sum of Electrum_Seed_Brain as a passphrase to encrypt content of S (TrezorT+Passphrase_Charlie) and storing this with H and V.

If Charlie dies: H+V+Gmail&FinalMessage

If Charlie forgets Electrum_Seed_Brain: Nothing really happens

If Safe Deposit Box gets nuked: H+V+Brain


What do you think? What's the best way forward? Or something completely different?

[1715400439]

1715400439

[1715400439]

1715400439

[1715400439]

1715400439

[1715400439]

1715400439

[ABCbits]

I'm a bit confused about the setup plan, but 2-of-3 Multi-Sig-Setup Charlie seems like best option. Not too complicated & only rely on one third-party.

3-of-4 Multi-Sig-Setup Charlie clearly bad idea because you store unencrypted passphrase/seed on multiple location and third-party.
I don't understand about Electrum_Seed_GFM & Electrum_Seed_Brain, so no comment about 3-of-5 Multi-Sig-Setup Charlie.

Alternatively, i'd recommend build bitcoin script where Charlie can spend coin anytime, but Alice and Bob only can spend it after block height n mined or after timestamp m.
The cons is Charlie need to spend coin to P2SH address with same script again before Alice and Bob can spend the coin.

[LoyceV]

2-of-3 Multi-Sig-Setup Alice and Bob

 * H: Trezor1 + Passphrase_Alice + Passphrase_Bob
 * V: LedgerS + Passphrase_Alice + Passphrase_Bob
 * S: TrezorT + Passphrase_Alice + Passphrase_Bob

I'm having a hard time wrapping my head around all scenarios, so I'll only respond to this one now: if both Alice's and Bob's passphrase are needed for all wallets, you have no fail safe if either one of them can't reprodue the passphrase. And that brings me to the next question: where are the seed word phrases for all wallets stored?

[o_e_l_e_o]

Yeah, your explanation isn't the clearest, but if I am understanding it correctly then I would agree with ETFbitcoin that the 2-of-3 Multi-Sig-Setup Charlie seems like the best set up. You could actually simplify this to a regular wallet, with the FinalMessage.io to Alice and Bob being the decryption key for passphrase_Charlie, and the same decryption key also being stored in S as a back-up in case Charlie forgets it.

I know that FinalMessage.io allows you to encrypt your message, but I'm not sure if Gmail 's delayed sending also allows that functionality. Under no circumstances should you be storing your seed or wallet keys unencrypted on an electronic device, and especially not unencrypted with a third party. I would also warn against any set-up which requires memorizing a seed. There is a reason that every wallet recommends you write down your seed on paper. It is far too easy to forget a couple of words or get the order mixed up and effectively lose you coins forever.

[Teubwel]

Sorry for the confusion.


Here a little clearer, hopefully:

2-of-3 Multi-Sig-Setup Alice and Bob

Alice and Bob share the physical devices Trezor1, TrezorT and LedgerS.

But, Alice and Bob have different passphrases, in order to have different xpub's.

That means:

House: There's a Trezor1, its recovery seed and two passphrases, Passphrase_Alice and Passphrase_Bob.
Vacation Home: There's a Ledger, its recovery seed and two passphrases, Passphrase_Alice and Passphrase_Bob.
Safe Deposit Box: There's a TrezorT, its recovery seed and two passphrases, Passphrase_Alice and Passphrase_Bob.

The passphrases are per person the same across locations, but different for Alice and Bob, in order for them to have logically different wallets.

3-of-4

Too little redundancy, that's out.



3-of-5

Charlie creates the following wallets:

Trezor1 using its seed and the passphrase "Passphrase_Charlie" (substituted for an actual strong passphrase, of course)

TrezorT using its seed and the passphrase "Passphrase_Charlie" (same as with the Trezor1, but the seed is different, hence different wallet)

LedgerS using its seed and the passphrase "Passphrase_Charlie" (same as with the Trezor1, but the seed is different, hence different wallet)

Electrum_Seed_Brain: An Electrum wallet to which he remembers the seed, but also writes the seed on paper.

Electrum_Seed_GFM: Another Electrum wallet, but the seed is encrypted using Passphrase_GFM. It's intended to be sent out using GMail's scheduled sending and FinalMessage.io.

Additionally, he calculates the sha256sum of Electrum_Seed_Brain and uses that hex-string as the passphrase to encrypt the seed of TrezorT.


Locations:

Home:
  * Trezor1 and Passphrase_Charlie
  * Passphrase_GFM
  * encrypted TrezorT-Seed, using sha256sum of Electrum_Seed_Brain

Safe-Deposit-Box:
  * TrezorT, Passphrase_Charlie
  * Electrum_Seed_Brain.
  * Passphrase_GFM
So here are 2 of the 5 wallet seeds needed.

Vacation Home
  * LedgerS and Passphrase_Charlie
  * Passphrase_GFM
  * encrypted TrezorT-Seed, using sha256sum of Electrum_Seed_Brain

He then uploads the encrypted Electrum_Seed_GFM to FinalMessage.io and GMail.

And he remembers the seed to Electrum_Seed_Brain.

How can Charlie lose his bitcoins? Ideally, a 3-of-5 should survive the loss of 2 seeds.



If he loses:

Home & Safe-Deposit-Box: He still has vacation home, he hopes that FinalMessage.io and GMail deliver the encrypted seed of Electrum_Seed_GFM, so that's 2 and now he has to remember the brain-wallet Electrum_Seed_Brain, that's 3 out of 5. Actually it's 4, because with the brain-wallet he can recreate TrezorT of the now gone Safe-Deposit-Box too.

(Uppercase OR and AND are to be understood in the logical sense, not in the colloquial)

Dependency: He's dependent on (FinalMessage.io OR GMail) AND brain.



If he loses:

Home & Vacation-Home: He still has Safe-Deposit-Box, that's 2 seeds and now has to hope that FinalMessage.io OR Gmail delivers.

Dependency: Safe-Deposit-Box AND (FinalMessage OR Gmail). A little better than before, because at least he's not dependent on his brain.


If he loses:

Vacation-Home and Safe-Deposit-Box: Same as "Home & Safe-Deposit-Box".


If he loses:

Brain and Safe-Deposit-Box (i.e. death): Trezor1 at home, plus LedgerS in Vacation Home, plus FinalMessage OR Gmail.

Dependency: Home AND Vacation-Home AND (FinalMessage OR Gmail)


If he loses:

Brain and something else, except Safe-Deposit-Box (i.e. forgot brain-wallet): Trezor1 at Home, TrezorT in Safe-Deposit-Box, LedgerS in Vacation-Home, also Brain-Wallet backed up in Safe-Deposit-Box.

Dependency: Only physical locations.


If he loses:

FinalMessage.io and GMail (i.e. they don't deliver for whatever reason): Trezor1 at Home, LedgerS in Vacation-Home.

Now his relatives are fucked, if they don't get the content of the Safe-Deposit-Box.

This might be a problem.

[o_e_l_e_o]

This is much clearer now, thanks.

Your 3-of-5 scenario, while certainly making it very difficult to steal the coins, also makes it too easy to inadvertently lose access to them. In many of your "loss of 2" situations you are depending on either a third party service (Gmail/FinalMessage) or a human's memory to recover your coins. Both of these are far from guaranteed.

There is also the important question as Loyce pointed out of where the seeds for all your hardware wallets are being stored, as these devices can fail.

[keychainX]

 Passphrase_Charlie
* S: TrezorT + Passphrase_Charlie + Electrum_Seed_Brain
* V: LedgerS + Passphrase_Charlie
* GMail & FinalMessage: Electrum_Seed_GFM
* Brain: Electrum_Seed_Brain

[/quote]

ps. none of them should use trezor1 as the mnemonic can be extracted with a simple side channel attack

/KX

[Rath_]

ps. none of them should use trezor1 as the mnemonic can be extracted with a simple side channel attack

Trezor is aware of such attack and it can't be patched. Users can mitigate this attack by using a long passphrase. If you want to discuss this issue then visit this thread.

[Teubwel]

This is much clearer now, thanks.

Your 3-of-5 scenario, while certainly making it very difficult to steal the coins, also makes it too easy to inadvertently lose access to them. In many of your "loss of 2" situations you are depending on either a third party service (Gmail/FinalMessage) or a human's memory to recover your coins. Both of these are far from guaranteed.

There is also the important question as Loyce pointed out of where the seeds for all your hardware wallets are being stored, as these devices can fail.

Those are exactly my concerns as well. Going redundant, i.e. adding more dead-man-switch-services, payed for a year in advance might make it better, but still, not ideal. But where is the difference to a service like Casa Hodl and Unchained Capitals multi-sig-service? It's still a 3rd party...

Does anybody know of more dead-man-switch services?

The seeds would be on paper with the hardware wallets in an envelope. I'm not too concerned about the seeds being encrypted, because if one location gets compromised, i.e. I realize the seal on the envelope has been broken, I have to create a new multi-sig-setup, rotating the compromised seed out.

[o_e_l_e_o]

It's still a 3rd party.

If you want to use a dead man's switch, then you pretty much have to trust a third party somewhere, since you won't be around to oversee the process yourself. The safest way would probably be to set up a program yourself on a dedicated computer, but you still have to trust the computer doesn't fail, your ISP, it isn't attacked, etc.

The seeds would be on paper with the hardware wallets in an envelope.

If you are going to store the mnemonic phrase in plaintext along with the wallet, then there is hardly any point in having a hardware wallet at all. For a passphrase alone to be secure as a 24 word mnemonic phrase, it needs to be 37 random characters from the 128 character ASCII set, and something this complex should also be backed up on paper.

[DaCryptoRaccoon]

It's still a 3rd party.

If you want to use a dead man's switch, then you pretty much have to trust a third party somewhere, since you won't be around to oversee the process yourself. The safest way would probably be to set up a program yourself on a dedicated computer, but you still have to trust the computer doesn't fail, your ISP, it isn't attacked, etc.

The seeds would be on paper with the hardware wallets in an envelope.

If you are going to store the mnemonic phrase in plaintext along with the wallet, then there is hardly any point in having a hardware wallet at all. For a passphrase alone to be secure as a 24 word mnemonic phrase, it needs to be 37 random characters from the 128 character ASCII set, and something this complex should also be backed up on paper.

There was similar talk of a dead-man style switch for bitcoin you can find the post here it may be of some use to you..or not.
The issue with dead-man switch is normally you would need to trust some 3rd party service such as Lawyer or Solicitor ect still leaving trust with someone out of your control.

I really think bitcoin in general should look at ways of creating inheritance wallets of such I think many people are searching for similar things.

On your plans they look good thought as said above take care in the preparation.
 


** EDIT **

Found the topic

https://bitcointalk.org/index.php?topic=5069728.0