Signed raw transaction

[bob123]

Remember, for example if you split your seed phase and store it this way A-B-C-D-E-F (location 1), D-E-F-G-H-I (location 2), G-H-I-J-K-L (location 3), J-K-L-A-B-C (location 4), this has a 1/4 fault tolerance, so if somehow you can't access one of the locations you are still safe, but if you can't access 2 locations from 4, you already have a problem as your seed is gone.

Splitting a mnemonic code or seed like that is not a good idea at all.

Using a secret sharing scheme is superior since it does not leak any information about the secret at all.

With the proposed solution what you will need:
1. a non custodial wallet where you will hold all your bitcoins (wallet A to be backed up)
2. a custodial wallet where you do the KYC but not hold anything there (this can also be another non custodial wallet) (wallet B where we send your coins if you need to activate backup)
3. an account with us that you will use in case you lose your access to your non custodial wallet (wallet A)

So, basically all your funds will stay forever on the non-custodial wallet but you will need wallet B only if somehow you lose the private key / seed phrase of wallet A. In this case, all you have to do is to login to the backup service and use the previously signed raw transaction (you signed it when you could still access your keys) to send all your funds to your wallet B. Since, wallet B is a custodial service (which is an advantage in this case), for example Coinbase, Bitstamp, etc., you simply login back to this service and voila, you have your bitcoin on the wallet B. If, for some reason, you forget the login and password for your wallet B, with proper KYC proof, they will let you in, and your funds will be safe. Of course, after this is done, you simply withdraw your funds from wallet B to a new wallet you are creating just to not keep your coins on an exchange.

If you consider your wallet instantly compromised and lost as soon as someone has access to the mnemonic code (which in itself is correct), then you also should instantly consider all coins gone if wallet A is lost.
You shouldn't differentiate here.
Based on this, the coins would be lost before you could even broadcast the raw transaction.

Further, this only works if you do not make any transaction after signing that "backup transaction".
Once a transaction is done, the transaction will be invalid.
So, in your case, this backup transaction has to be done after each transaction making it quite inconvenient.


In the end:

Because you have to secure it a lot and you can not prepare well for loss or stealing of your private keys.

You can not prepare against loss or theft of your Wallet A.

[1715664290]

1715664290

[zoltanb]

Splitting a mnemonic code or seed like that is not a good idea at all.

Using a secret sharing scheme is superior since it does not leak any information about the secret at all.

Right, but the secret sharing scheme has two main issues: 1) amnesia (you forgot where did you store one of the 3-4-5 pieces) and 2) what if one of the pieces is somehow damaged.

If you consider your wallet instantly compromised and lost as soon as someone has access to the mnemonic code (which in itself is correct), then you also should instantly consider all coins gone if wallet A is lost.
You shouldn't differentiate here.
Based on this, the coins would be lost before you could even broadcast the raw transaction.

Exactly! This is why you most probably need to destroy the private keys of wallet A right after you signed the transactions. This way, you only store private keys of wallet B (or simply use wallet B on a custodial exchange / wallet where you can login every time because you previously made the KYC) with 0 balance. With the custodial wallet, there is no risk of the exchange being hacked, because you don't store anything there, you will only use the wallet B if you'll ever need the backup. Best is to sign the same UTXO to more than one address and if you'll ever need the backup transaction just simply broadcast the one that you can surely access.

Further, this only works if you do not make any transaction after signing that "backup transaction".
Once a transaction is done, the transaction will be invalid.
So, in your case, this backup transaction has to be done after each transaction making it quite inconvenient.

I am aware of this, read the entire post please. This is why after every transaction (incoming or outgoing), the wallet itself should sign the remaining (unspent) UTXO-s and send the signed transaction to the external service (via an API). Otherwise, this has to be done manually which is definitely inconvenient as you explained. But for a "saving account" (just to use a banking term, that you do not use quite often to spend from it, this could work quite well.

[LoyceV]

This is why you most probably need to destroy the private keys of wallet A right after you signed the transactions.

This is terrible advice! Let's see what someone who knows a thing or two about Bitcoin said:

You should never delete a wallet.

This way, you only store private keys of wallet B (or simply use wallet B on a custodial exchange / wallet where you can login every time because you previously made the KYC) with 0 balance. With the custodial wallet, there is no risk of the exchange being hacked, because you don't store anything there, you will only use the wallet B if you'll ever need the backup. Best is to sign the same UTXO to more than one address and if you'll ever need the backup transaction just simply broadcast the one that you can surely access.

So instead of "be your own bank" and "not your keys, not your coins", you want people to completely rely on third party services and give them the power to broadcast away your coins whenever they want.

[NotATether]

Splitting a mnemonic code or seed like that is not a good idea at all.

Using a secret sharing scheme is superior since it does not leak any information about the secret at all.

Right, but the secret sharing scheme has two main issues: 1) amnesia (you forgot where did you store one of the 3-4-5 pieces) and 2) what if one of the pieces is somehow damaged.

This problem can be solved by making duplicate or several copies of each piece. Since a single piece on its own cannot be used to recover the seed there is no risk of funds loss if you suspect one of the copies was stolen, since you know where the rest of the pieces are and can just assemble them together and broadcast the bitcoins to a new address. Then you create new secretly-shared papers because the old ones automatically become invalidated after the seed is sweeped, by virtue of having no balance in them.

[zoltanb]

You should never delete a wallet.

Of course you should not, this was probably an extreme advise that should definitely not be followed by newbies. But if you setup 5 wallets / addresses: wallet A, B, C, D, E and you keep everything on wallet A, (B, C, D, E being all empty wallets) and you sign 4 different transactions to send all balance on wallet A to B, C, D, E (just save, not broadcast it), then you should simply take care of private keys of 4 empty wallets (B, C, D, E). Noone can rob you in this case. And, if you lose (or destroy) private keys of wallet A, you simply broadcast the transaction to any of the other wallets.

So instead of "be your own bank" and "not your keys, not your coins", you want people to completely rely on third party services and give them the power to broadcast away your coins whenever they want.

You do not need to rely on third party services, this is totally optional. You can keep all the signed raw transactions yourself, you can run your own node and verify every hour if the signed raw transaction is not invalidated and take action every time is needed.
Just think about this way:
a) what can I do if I somehow find the private key of your non-empty wallet (wallet A)? I can send all your funds, wherever I want, right? and you find this out only after all your funds are gone, right?
b) what can I do if I somehow find one of your previously signed transactions? the only thing I can do is to move your funds from your wallet A to one of your other wallets (B, C, D, E) and as soon as this is done you get instantly notified by wallet B that you received funds and you can immediately move away funds from there just to be save.

Which one of the above 2 scenarios are safer in your opinion? a or b?

[zoltanb]

IMHO, the best scenario is to keep the seed phrase in your head / mind, this way, it can't be stolen.
And, if for some reason, you forgot the seed phrase (or a wallet.dat passphrase), you can simply run the already signed transaction that will broadcast your funds to another address you control (and possibly have the keys somewhere else, not in your mind... ), or have it with a third party where you can KYC yourself and get back your funds.

[bob123]

Splitting a mnemonic code or seed like that is not a good idea at all.

Using a secret sharing scheme is superior since it does not leak any information about the secret at all.

Right, but the secret sharing scheme has two main issues: 1) amnesia (you forgot where did you store one of the 3-4-5 pieces) and 2) what if one of the pieces is somehow damaged.

Regarding 1), you can't protect against everything.
If you forgot the locations where you stored the mnemonic code, you might as well forget how the service (your service) is called. Or that exchanges exist. Or you might even forgot that bitcoin exists.
That's a bad argument IMO.

For 2), that's what a N-out-of-M scheme is for. You might have a 4-out-of-7 scheme. Or a 2-out-of-5 or whatever.

Exactly! This is why you most probably need to destroy the private keys of wallet A right after you signed the transactions.

Another problem with your approach is, that the user will depend on your 3rd party service.

Given that a user follows what you describe, after not having any possibility to access his coins, he relies on only your 3rd party service to broadcast that signed transaction.
The whole setup allows you to blackmail the user following your advices.

While the user could save the signed transactions himself, the user you are targeting with such a service probably doesn't even know what a signed transaction is.
Even without blackmailing, he relies on you not losing the signed tx.

Moving from proper risk management to relying on a 3rd party is... not how it is supposed to work.

[zoltanb]

Splitting a mnemonic code or seed like that is not a good idea at all.

Using a secret sharing scheme is superior since it does not leak any information about the secret at all.

Right, but the secret sharing scheme has two main issues: 1) amnesia (you forgot where did you store one of the 3-4-5 pieces) and 2) what if one of the pieces is somehow damaged.

Regarding 1), you can't protect against everything.
If you forgot the locations where you stored the mnemonic code, you might as well forget how the service (your service) is called. Or that exchanges exist. Or you might even forgot that bitcoin exists.
That's a bad argument IMO.

For 2), that's what a N-out-of-M scheme is for. You might have a 4-out-of-7 scheme. Or a 2-out-of-5 or whatever.

Exactly! This is why you most probably need to destroy the private keys of wallet A right after you signed the transactions.

Another problem with your approach is, that the user will depend on your 3rd party service.

Given that a user follows what you describe, after not having any possibility to access his coins, he relies on only your 3rd party service to broadcast that signed transaction.
The whole setup allows you to blackmail the user following your advices.

While the user could save the signed transactions himself, the user you are targeting with such a service probably doesn't even know what a signed transaction is.
Even without blackmailing, he relies on you not losing the signed tx.

Moving from proper risk management to relying on a 3rd party is... not how it is supposed to work.

Let's forget the 3rd party for now. Do we agree on one thing? If you want to protect against being robbed, it is safer to store 3-4 different signed transactions than to store the private key of wallet / address. Right or wrong?
Of course, you still need to somehow have access to all backup addresses (by storing the private keys of all backup addresses). But, if for some reason someone steals from you the private keys of the backup wallets and he doesn't know you are wealthy, he will probably check the balance, see it is 0 and will go away throwing it, thinking that this was just a test wallet and the probability of receiving funds later to this address are close to 0.

[bob123]

Do we agree on one thing? If you want to protect against being robbed, it is safer to store 3-4 different signed transactions than to store the private key of wallet / address. Right or wrong?

I'm not sure.
If someone wants to rob you, it probably doesn't matter whether you have the private key with you or a signed tx which shows how much money you own.

There are 2 cases:
1) If you have the private keys with you, he steals your money
2) If you don't but the burglar sees how much money you own, he might kidnap you if the amount is high enough. And if the amount is pretty low, well then losing this wouldn't matter at all and the whole setup wouldn't be required.

So in the end it might come down to what is more valuable to you: Your money or your health.

So, i'd say this question is not as easy to answer as you might think.


However, having a menmonic code with you, which is protected by a BIP39 passphrase might be a better option here.
The thief would take your mnemonic code and steal all the low amounts of BTC from the wallet. Without the password however, he will never access the large sum of BTC. You lose a little bit of money but don't get kidnapped.

But, if for some reason someone steals from you the private keys of the backup wallets and he doesn't know you are wealthy, he will probably check the balance, see it is 0 and will go away throwing it, thinking that this was just a test wallet and the probability of receiving funds later to this address are close to 0.

Same applies to a BIP39 passphrase protected mnemonic code. He sees there are only a few bucks, takes or leaves them and you are free. He won't know how much you own. And you saved the majority of your funds.

With your approach.. if he sees the signed transaction, he knows how much money there is. Might be worth to kidnap someone.
And if the signed tx is stored on a 3rd party server, then the user has to rely on them.. And you'd be no longer in the mindset of "don't trust, verify".

[zoltanb]

I'm not sure.
If someone wants to rob you, it probably doesn't matter whether you have the private key with you or a signed tx which shows how much money you own.

There are 2 cases:
1) If you have the private keys with you, he steals your money
2) If you don't but the burglar sees how much money you own, he might kidnap you if the amount is high enough. And if the amount is pretty low, well then losing this wouldn't matter at all and the whole setup wouldn't be required.

So in the end it might come down to what is more valuable to you: Your money or your health.

So, i'd say this question is not as easy to answer as you might think.


However, having a menmonic code with you, which is protected by a BIP39 passphrase might be a better option here.
The thief would take your mnemonic code and steal all the low amounts of BTC from the wallet. Without the password however, he will never access the large sum of BTC. You lose a little bit of money but don't get kidnapped.

Of course, your life is more important than your funds. No matter if it is private key or a signed tx, a robber would easily find out how much do you own and if he wants to take this from you... well there is not too much you can do.

Same applies to a BIP39 passphrase protected mnemonic code. He sees there are only a few bucks, takes or leaves them and you are free. He won't know how much you own. And you saved the majority of your funds.

With your approach.. if he sees the signed transaction, he knows how much money there is. Might be worth to kidnap someone.

Not sure how the BIP39 passphrase protected mnemonic code would not reveal your balance. Care to explain this? Thank you.

[LoyceV]

Not sure how the BIP39 passphrase protected mnemonic code would not reveal your balance. Care to explain this? Thank you.

You can set a password (for instance in Electrum) to extend the mnemonic. So with just 12 words, you'll find your daily spending money worth 2 pizzas. But if you add your own password to the 12 words, you'll get your hodlings worth 2 airplanes.

[bob123]

Not sure how the BIP39 passphrase protected mnemonic code would not reveal your balance. Care to explain this? Thank you.

It works by basically deriving two different seeds:

Mnemonic Code -> Seed1
Mnemonic Code + passphrase -> Seed2

Seed1 is here used for small amounts. Enough funds to let the thief be happy, while only being a small portion of your total wealth.
Seed2 derives other private keys. These are used to store the majority of your wealth.


It basically allows you to have a "hidden wallet".
Without the passphrase, there is no way to know whether there is such a "hidden wallet".
Any passphrase can be used to derive new seeds. But only the correct one will derive the seed which is being used to derive the private keys for holding the majority of funds.

[zoltanb]

You can set a password (for instance in Electrum) to extend the mnemonic. So with just 12 words, you'll find your daily spending money worth 2 pizzas. But if you add your own password to the 12 words, you'll get your hodlings worth 2 airplanes.

Not sure I understand this. If someone finds my 12 words but not my passphrase, he can see I have a smaller balance than the reality? I have 10 BTC, and without the password, someone sees I only have 0.1 BTC?

[zoltanb]

It works by basically deriving two different seeds:

Mnemonic Code -> Seed1
Mnemonic Code + passphrase -> Seed2

Seed1 is here used for small amounts. Enough funds to let the thief be happy, while only being a small portion of your total wealth.
Seed2 derives other private keys. These are used to store the majority of your wealth.


It basically allows you to have a "hidden wallet".
Without the passphrase, there is no way to know whether there is such a "hidden wallet".
Any passphrase can be used to derive new seeds. But only the correct one will derive the seed which is being used to derive the private keys for holding the majority of funds.

Understood. And basically, from Seed1, the thief will never find out that I also have a Seed2.
As far as I know, the BIP39 mnemonic is not working yet on bitcoin core, right?

[bob123]

Understood. And basically, from Seed1, the thief will never find out that I also have a Seed2.

Correct.

As far as I know, the BIP39 mnemonic is not working yet on bitcoin core, right?

Correct.
Bitcoin core does not have BIP39 (mnemonic codes) implemented.
While it still creates hierarchical deterministic wallets (BIP32), it does not create a mnemonic code to back it up. The keys have to be backed up by either backing up the master private key or the wallet file.

[LoyceV]

Not sure I understand this. If someone finds my 12 words but not my passphrase, he can see I have a smaller balance than the reality? I have 10 BTC, and without the password, someone sees I only have 0.1 BTC?

You can use IanColeman.io to try it (of course only do this online to see how it works, not to create private keys you're going to use):
12 words: plunge snow gorilla wool help income mom kitten volcano warm top girl
First address: 15Q9XKiYX4RZhNLdKYt894o1zguyhufoPZ

Now add BIP39 Passphrase: \q?mpN[!\4`LA5w*
First address: 19mYSjt1VaiGpTop31uEMWJFYbW76MCRJ3

Without the password, the same 12 words lead to different addresses.

[zoltanb]

Not sure I understand this. If someone finds my 12 words but not my passphrase, he can see I have a smaller balance than the reality? I have 10 BTC, and without the password, someone sees I only have 0.1 BTC?

You can use IanColeman.io to try it (of course only do this online to see how it works, not to create private keys you're going to use):
12 words: plunge snow gorilla wool help income mom kitten volcano warm top girl
First address: 15Q9XKiYX4RZhNLdKYt894o1zguyhufoPZ

Now add BIP39 Passphrase: \q?mpN[!\4`LA5w*
First address: 19mYSjt1VaiGpTop31uEMWJFYbW76MCRJ3

Without the password, the same 12 words lead to different addresses.

Thanks, will try it out.

[bob123]

~snip~
It basically allows you to have a "hidden wallet".
Without the passphrase, there is no way to know whether there is such a "hidden wallet".
Any passphrase can be used to derive new seeds. But only the correct one will derive the seed which is being used to derive the private keys for holding the majority of funds.

Adding to what bob123 has said. @zoltanb, with the same mnemonic but different passphrases you actually may have as many "hidden wallets" as you want. Something like this:

mnemonic + passphraseⁱ -> Seedⁱ, where i= 1,2........n

Read the bolded part

[nc50lc]

Is there an easy way to get the signed raw transaction on bitcoin core, electrum wallet or any other popular wallets before or without broadcasting the transaction to the network?

Is the original query still up?
In Bitcoin Core, adding walletbroadcast=0 to your bitcoin.conf file will enable you to create wallet transactions without sending it to your own mempool.

If you use the GUI, simply create a transaction using the send tab but when you click "send", it wont be sent to the network or even your mempool (the transaction will have a Status: 0/unconfirmed, not in memory pool).
Then you can use "Right-click->Copy raw transaction" on the particular transaction to get its signed RAW transaction.

In Bitcoin-cli, sendto will simply create a transaction but wont send it to your mempool; but since it's in the wallet, you can use gettransaction to get its signed raw transaction.

[zoltanb]

Is there an easy way to get the signed raw transaction on bitcoin core, electrum wallet or any other popular wallets before or without broadcasting the transaction to the network?

Is the original query still up?
In Bitcoin Core, adding walletbroadcast=0 to your bitcoin.conf file will enable you to create wallet transactions without sending it to your own mempool.

If you use the GUI, simply create a transaction using the send tab but when you click "send", it wont be sent to the network or even your mempool (the transaction will have a Status: 0/unconfirmed, not in memory pool).
Then you can use "Right-click->Copy raw transaction" on the particular transaction to get its signed RAW transaction.

In Bitcoin-cli, sendto will simply create a transaction but wont send it to your mempool; but since it's in the wallet, you can use gettransaction to get its signed raw transaction.

This is a very good advise! It will be just hard to explain to newbies.
From my own experience, I would definitely do something similar (sign a raw transaction and save it offline or online) just for an extra safety precaution if for some reason I can't access my wallet any more.