Electrum multisig for long-term cold storage

[aesthete2022]

I am thinking of establishing a 2 of 3 multisig with Electrum, creating a watch only wallet from the xpubs, and leaving it there for a long while, backing up all seeds in separate locations.

I'll probably use native segwit as a derivation path.

My question is, should Electrum be unavailable, will I be able to reestablish access to the multisig wallet if in 10 years I want to spend funds and have all seeds and xpubs available to me?

I am thinking of establishing a 2 of 3 multisig with Electrum, creating a watch only wallet from the xpubs, and leaving it there for a long while, backing up all seeds in separate locations.

I'll probably use native segwit as a derivation path.

My question is, should Electrum be unavailable, will I be able to reestablish access to the multisig wallet if in 10 years I want to spend funds and have all seeds and xpubs available to me?

Also, I assume I can use one of the seeds for my multisig wallet for a single sig wallet?

[1714827110]

1714827110

[1714827110]

1714827110

[1714827110]

1714827110

[1714827110]

1714827110

[o_e_l_e_o]

My question is, should Electrum be unavailable, will I be able to reestablish access to the multisig wallet if in 10 years I want to spend funds and have all seeds and xpubs available to me?

Yes, although if Electrum is no longer available then it could be tricky.

Even if Electrum is no longer maintained, chances are you will still be able to find a version of the software which is usable. If you can't find the software at all, then you might need to tinker with another piece of software in order to recover this wallet since Electrum seed phrases are not the same as BIP39 seed phrases. You should also note that Electrum Segwit multi-sig derives at m/1'.

Also, I assume I can use one of the seeds for my multisig wallet for a single sig wallet?

Not with Electrum seed phrases. It has built in version which tells Electrum it is a multi-sig seed phrase, so you could only use it as a single sig seed phrase by doing something non-standard, which I would not recommend.
Correction below.

If you were to use BIP39 seed phrases, then you could use one of your multi-sig seed phrases for a single sig wallet.

[igor72]

Also, I assume I can use one of the seeds for my multisig wallet for a single sig wallet?

Not with Electrum seed phrases. It has built in version which tells Electrum it is a multi-sig seed phrase

It's not correct. There is no multi-sig seed phrases. There is a 2FA (multi-sig) seed phrase, but the multi-sig wallet uses normal "single-sig" seed phrases.

[jackg]

It'd be very hard to make electrum.unavailqble. Most open source projects often maintain an end of life version or get someone (in this case another wallet) to accept their seed phrases before they become obselete. You'd be able to recover everything if you backup the electrum binaries somewhere though (there are likely enough backups made already). Just don't use old software on an online machine to load up your wallet because that can lead to vulnerabilities that are already fixed that previously existed (in the past ~5 years we've seen two fairly substantial vulnerabilities - one with a phishing attack and one with a json rpc vulnerability that meant unsigned transaction data could be changed for an open wallet (and nmemonics could be extracted in unencrypted wallets but I didn't see an instance of this being reported at the time that wasn't a proof of concept)).

You can use the same nmemonic for both wallets too but you might lose some privacy doing that as you'll have the same public keys used again.

[o_e_l_e_o]

There is a 2FA (multi-sig) seed phrase, but the multi-sig wallet uses normal "single-sig" seed phrases.

My bad. I had in my head that version 0x101 was for multi-sig wallets, but you are right - it is specifically for 2FA wallets. Multi-sig wallets just use the usual 0x100 version of Segwit seed phrases.

You can use the same nmemonic for both wallets too but you might lose some privacy doing that as you'll have the same public keys used again.

By default, Electrum uses path m/0' for single sig segwit wallets but path m/1' for multi-sig segwit wallets, so the public keys would be different.

[aesthete2022]

Thank you all for your replies. I guess the most fail-safe way of creating an inviolable multisig wallet would be to do it through Bitcoin Core? Given that that is likely above my technical capabilities at present, I could just keep a copy of Electrum backed up.

The sovereign recovery info for my current multisig setup directs me to use p2sh-segwit on Electrum with derivation path m/49, not m/1. All keys on my current setup use BIP-39 passphrases, which I successfully tested when one of my keys became corrupted. Can I establish a multisig quorum by just inputting the BIP-39 seeds of my wallets?

[nc50lc]

Thank you all for your replies. I guess the most fail-safe way of creating an inviolable multisig wallet would be to do it through Bitcoin Core?

Bitcoin Core doesn't support HD MultiSig wallet so it'll be tricky to backup multiple MultiSig addresses.
No GUI option or menu for MultiSig as well, you'll have to operate using commands.

The sovereign recovery info for my current multisig setup directs me to use p2sh-segwit on Electrum with derivation path m/49, not m/1. All keys on my current setup use BIP-39 passphrases, which I successfully tested when one of my keys became corrupted. Can I establish a multisig quorum by just inputting the BIP-39 seeds of my wallets?

Yes, Electrum can restore from BIP39 seed phrase and BIP39 passphrase, just enable the options "BIP39 seed" and "Extend this seed with custom words" when importing the seed phrases(s).
Next to that, type the BIP39 passphrase when prompted for the "seed extension".
After that, you'll have to select the correct script type and then edit the derivation path if it's different from the default for P2SH-SegWit MultiSig - m/48'/0'/0'/1'.
But yours is probably more than just m/49 since it's usually the extended master key at BIP38 derivation path's 'script type' level (check your wallet for the correct path).

[o_e_l_e_o]

The sovereign recovery info for my current multisig setup directs me to use p2sh-segwit on Electrum with derivation path m/49, not m/1.

What is your current multi-sig set up? Why is that insufficient and why are you planning to change?

The derivation path you need to use to recover an existing multi-sig set up is dependent on how it was created in the first place, not on which software you are using to recover it. As I said above, if you create an Electrum segwit multi-sig wallet using Electrum seed phrases, it will use m/1' If you create an Electrum segwit multi-sig wallet using BIP39 seed phrases, it will use either m/48'/0'/0'/1' or m/48'/0'/0'/2' for P2SH and P2WSH respectively. If you recover an existing segwit multi-sig wallet using Electrum, then you'll need to use whatever derivation path your original software used when first establishing the multi-sig wallet. If it tells you to use m/49' (or more likely m/49'/0'/0'), then use that.

All keys on my current setup use BIP-39 passphrases, which I successfully tested when one of my keys became corrupted. Can I establish a multisig quorum by just inputting the BIP-39 seeds of my wallets?

The BIP39 seeds and any associated passphrases, yes. But be aware that by importing all of these in the same wallet, then you remove all the additional security that multi-sig brings by having all the keys necessary to spend your coins contained within the same wallet on the same device.

[aesthete2022]

My current multisig is with Casa. I thought for the sake of absolute self sovereignty/privacy, etc., I would explore the option of establishing a multisig address myself. However, on reflection, I think my relative lack of technical expertise may be more of a threat to my multisig security than Casa becoming a bad actor. Then there is the trade off between a more secure setup being correlated to the keys being more geographically dispersed and the ease of access to funds in a situation where travel is hard. With my current setup, I only need to have access to one physical key. The one vulnerability is the seedless setup they encourage, but I can easily overcome that by replacing the current seedless keys with new keys and have their seeds backed up.

Thank you all for your replies. I guess the most fail-safe way of creating an inviolable multisig wallet would be to do it through Bitcoin Core?

Bitcoin Core doesn't support HD MultiSig wallet so it'll be tricky to backup multiple MultiSig addresses.
No GUI option or menu for MultiSig as well, you'll have to operate using commands.

The sovereign recovery info for my current multisig setup directs me to use p2sh-segwit on Electrum with derivation path m/49, not m/1. All keys on my current setup use BIP-39 passphrases, which I successfully tested when one of my keys became corrupted. Can I establish a multisig quorum by just inputting the BIP-39 seeds of my wallets?

Yes, Electrum can restore from BIP39 seed phrase and BIP39 passphrase, just enable the options "BIP39 seed" and "Extend this seed with custom words" when importing the seed phrases(s).
Next to that, type the BIP39 passphrase when prompted for the "seed extension".
After that, you'll have to select the correct script type and then edit the derivation path if it's different from the default for P2SH-SegWit MultiSig - m/48'/0'/0'/1'.
But yours is probably more than just m/49 since it's usually the extended master key at BIP38 derivation path's 'script type' level (check your wallet for the correct path).

Appreciate this, thanks

[moderator's note: consecutive posts merged]

[o_e_l_e_o]

My current multisig is with Casa.

Then I think you should continue down the path of moving to a better system. Casa is closed source, holds one of your keys for you, and (correct me if I'm wrong) but you have to pay them $120 a year for the privilege of them holding one of your keys for you. None of these are good thigns.

However, on reflection, I think my relative lack of technical expertise may be more of a threat to my multisig security than Casa becoming a bad actor.

Maybe at the moment, sure. But the fact that you have self identified this means you are already well on the way to being able to address your lack of expertise. An entirely self hosted solution will always be preferable to one which depends on third parties.

With my current setup, I only need to have access to one physical key.

Well then you've already lost most of the benefits that a multi-sig solution brings.

[aesthete2022]

Closed source, yes. But I have all the derivation paths and xpubs for the multisig address that I can import to an open source wallet.

I'm also not sure a completely self custodied 2 of 3 setup beats a collaborative 3 of 5 setup. Having the seeds for the latter basically makes it 3 of 6 if Casa went offline. Establishing a completely self custodied 2 of 3 would essentially be a 2 of 6 if my seeds were also dispersed. However, the problem with the latter is that if the keys and seeds were dispersed enough to provide robust security, accessing the funds in an emergency could be problematic.

In an emergency situation, I'd use the mobile key, the Casa sovereign recovery key (which comes with a 48-hour delay to avoid wrench attacks) and the one HD. This seems to retain the benefits of a multisig setup.

[o_e_l_e_o]

Closed source, yes. But I have all the derivation paths and xpubs for the multisig address that I can import to an open source wallet.

It's not the recovery process that is the issue with closed source wallets. It's that you have no idea how the wallet was generated in the first place. Did it use a poor source of entropy? How do you know it didn't give you a seed phrase from a list of possible seed phrases that someone else possesses? How do you know it hasn't transmitted your seed phrase to Casa's servers or some other third party? These are not just hypotheticals - these are all things that have happened in the past with closed source wallets.

I'm also not sure a completely self custodied 2 of 3 setup beats a collaborative 3 of 5 setup.

Well, that's a personal decision, but I would always opt for the set up which does not depend on third parties.

Establishing a completely self custodied 2 of 3 would essentially be a 2 of 6 if my seeds were also dispersed.

I don't follow your meaning here. 2-of-3 is always 2-of-3, regardless of how many back ups you generate or where those back ups are stored.

In an emergency situation, I'd use the mobile key, the Casa sovereign recovery key (which comes with a 48-hour delay to avoid wrench attacks) and the one HD. This seems to retain the benefits of a multisig setup.

It seems to me you could achieve the same with a 2-of-3 multi-sig involving your mobile phone, a hardware wallet, and a paper wallet/back up stored somewhere else which would take a bit of time to be accessed.

[aesthete2022]

It seems to me you could achieve the same with a 2-of-3 multi-sig involving your mobile phone, a hardware wallet, and a paper wallet/back up stored somewhere else which would take a bit of time to be accessed.

Interesting, I didn't think this was possible. Can I generate a mobile key in Electrum? That would definitely address the access issue.

I don't follow your meaning here. 2-of-3 is always 2-of-3, regardless of how many back ups you generate or where those back ups are stored.

Yes, I guess I was thinking along the lines of redundancy. However, I hadn't factored in the scenarios where without the custodied keys you would only need to lose two items to prevent access to the wallet.

It's not the recovery process that is the issue with closed source wallets. It's that you have no idea how the wallet was generated in the first place. Did it use a poor source of entropy? How do you know it didn't give you a seed phrase from a list of possible seed phrases that someone else possesses? How do you know it hasn't transmitted your seed phrase to Casa's servers or some other third party? These are not just hypotheticals - these are all things that have happened in the past with closed source wallets.

I really hadn't considered any of this, thank you. I'm definitely erring on the side of setting up an entirely self-sovereign multisig.

[o_e_l_e_o]

Can I generate a mobile key in Electrum? That would definitely address the access issue.

I'm not sure what you mean by a "mobile key", but you can certainly use Electrum on mobile to generate and restore one part of a multi-sig wallet.

Yes, I guess I was thinking along the lines of redundancy. However, I hadn't factored in the scenarios where without the custodied keys you would only need to lose two items to prevent access to the wallet.

Yeah, you should always have more than one back up of every part, so for a 2-of-3 multi-sig that means at a minimum 6 different back ups. With such a scenario, you could lose any 3 back ups and still regain access to your wallet.

[aesthete2022]

I'm not sure what you mean by a "mobile key", but you can certainly use Electrum on mobile to generate and restore one part of a multi-sig wallet.

Yes, I mean a key that is held on the mobile phone.


So, Electrum doesn't seem to have an iOS app. I'm trying Bluewallet, but it seems it's impossible to use with a Trezor One or Ledger.

I'm at a loss as to how to incorporate a key on my phone into a multisig setup.

[Pmalek]

I'm trying Bluewallet, but it seems it's impossible to use with a Trezor One or Ledger.

I'm at a loss as to how to incorporate a key on my phone into a multisig setup.

BlueWallet works with Coldcard and CoboVault. According to the information on their website, it only works with hardware Wallets that support PSBT's.

Blockstream Green has support for hardware wallets. You could try that one.
Mycelium does as well but it doesn't work with iOS devices.

[aesthete2022]

BlueWallet works with Coldcard and CoboVault. According to the information on their website, it only works with hardware Wallets that support PSBT's.

Blockstream Green has support for hardware wallets. You could try that one.
Mycelium does as well but it doesn't work with iOS devices.

Thanks for this.

[dkbit98]

Thank you all for your replies. I guess the most fail-safe way of creating an inviolable multisig wallet would be to do it through Bitcoin Core? Given that that is likely above my technical capabilities at present, I could just keep a copy of Electrum backed up.

You can use any wallet you want but I don't think Bitcoin Core is good option unless you already running your own node, you will have to wait a very long time for sync to complete and blockchain to be downloaded.
I would also be careful making any multisig setup with hardware wallets like ledger or trezor, that are not fully supporting it or they shown some issues in past.
Other hardware wallets are much better for multisig, especially if they are airgapped like Passport or Keystone.

So, Electrum doesn't seem to have an iOS app. I'm trying Bluewallet, but it seems it's impossible to use with a Trezor One or Ledger.

One more option for Android wallet would be Airgap.it that is open source, but this wouldn't be my primary choice.
I think it's working for multisig setup, but I can't vouch for this.

[o_e_l_e_o]

So, Electrum doesn't seem to have an iOS app. I'm trying Bluewallet, but it seems it's impossible to use with a Trezor One or Ledger.

I'm at a loss as to how to incorporate a key on my phone into a multisig setup.

Well, that depends if you want to use a key stored on your phone, or if you want to use a key stored on a hardware wallet which you access via your phone.

I can't recommend specific wallets for iOS since I've never used any myself, but there will be a number of wallets which support multi-sig which could be used to make your phone one part of a multi-sig wallet. A subset of those wallets which support multi-sig will also have support for your chosen hardware wallet, if instead you want to make your hardware wallet one part of a multi-sig but interface with it via your phone.

[aesthete2022]

I would also be careful making any multisig setup with hardware wallets like ledger or trezor, that are not fully supporting it or they shown some issues in past.
Other hardware wallets are much better for multisig, especially if they are airgapped like Passport or Keystone.

But I guess so long as I have the backups for the wallets, it doesn't matter so much if the HDs have issues? Yes, I'm thinking about air gapped wallets/general setup.

can't recommend specific wallets for iOS since I've never used any myself, but there will be a number of wallets which support multi-sig which could be used to make your phone one part of a multi-sig wallet. A subset of those wallets which support multi-sig will also have support for your chosen hardware wallet, if instead you want to make your hardware wallet one part of a multi-sig but interface with it via your phone.

Keeper (https://www.bitcoinkeeper.app/) seem to be developing something that probably suits what I'm looking for. It's still in testnet mode however.

----

I'm now thinking about the following setup:

An air-gapped machine that I use to sign. One key kept on there, and one key kept nearby.

An online machine with a watch-only wallet. Importing the transactions to the air-gapped machine to sign, importing the signed transactions to the online machine and broadcasting.

Backups (seeds and wallet file) and one other key kept remotely.

This would seem to be better than a single sig wallet with multiple backups as there is no single point of failure.