Cold storage dilemma

[aesthete2022]

The single sig/multisig debate seems to be coming to the fore again.

As a current collaborative custodial multisiger, I am keen to be fully self sovereign. I had thought I'd go the route of 2-of-3 multisig. I believe I have the knowledge after educating myself (backup xpubs, seeds, derivation path), but reading about multisig "degradation," and conscious of the fact that there may be many other aspects of multisig that could break that I don't know about, would a Coldcard with a backup in a commercial vault be less risky? I mean, I'll know if the vault gets raided (highly unlikely). With far fewer moving parts, this has to be the safer option, surely?

[1714249718]

1714249718

[1714249718]

1714249718

[1714249718]

1714249718

[1714249718]

1714249718

[franky1]

far better to self manage your keys and not rely on services..

however the storage of keys is a different story to the utility of keys after hashing to PKH to then use in things like multisig..

your main topic is about self sovereign and storage. so lets delve into that

you can store your master seed locally at home. where you wont need to touch often. (basically a emergency only use.  should you forget where u put your daughter keys) thus not need to have on a online pc at home that puts you at risk.. but instead a paper wallet or offline PC you use just to generate keypairs on..

and then derive some daughter keypairs from that. maybe have a small subset of keypairs for a low value wallet.. and a large value wallets of keypairs.

use the small value wallet in association with a service/multisig thus risking less value being lost or hacked by the service co-signee partners bad software or flaw or etc etc.yada yada yada.. to use and spend regularly in a easy access fashion..

and have the main large hoard of value on the other wallet you protect personally and now and again top up funds to the small value wallet

the beauty of bitcoin is you are not stuck needing to choose where or how you store or locate one key. you can use multiple keys and assign different risks to them and put differing amounts into them depending on that risk

but keep the master key safe in your own local storage away from third parties

[aesthete2022]

Thanks for the response. You seem to think that single sig is the least risky option. I'm going to have to do a bit of reading around daughter/child keys. I like the simplicity of a one seed backup.

I had thought of a standard multisig 2-of-3, with three seed backups held at non-bank vaults in three different countries. Backup 1 has xpub 3, backup 2 has xpub 1 and backup 3 has xpub 2. That way you only need access to two vaults to restore the wallet. Obviously there is a risk of bitcoin made illegal, a raid on a vault, etc. But the jurisdictional spread mitigates that somewhat. I'd say the risk of all three separate vaults in three different countries being raided is less of a risk than me losing one backup seed (even if that seed is built into my house somehow). Am I missing something?

[franky1]

issues with multisig

before even funding the keys you have to create the keys. and then consolidate them into a multisig for your funding and then use them repeatedly to then sign funds as you move them regularly..

thus your home system initially has to use a master key.. to make the child keys to then have to walk to a bank and rent a safety deposit box

setting up a master key on an offline computer. is always the first step even before buying a safety deposit box at a bank vault.. to put the keys into..

so step one is creating the keys..which i suggest using a master key to create 2 child keypairs
(well a triplet elder brothers key set for the multisig) and then a child key(legacy/single) for daily spend easy access

where you for ease of use for daily spend only use a small amount of funds allocated to it the single use. which does not need the elaborate walk to the bank/log into a service need.

and separately once a month top up that small spend address with another wallet that is more elaborate in its security

but then still have the master key held in secret by you alone..

EG if 2 banks were robbed.. you can still quickly use master key at home to generate the 3keys again and move your large stash of coins out before the robbers get to the copies of the keys you put in a banks vault


(personally i dont see the need for the elaborate bank vault separation of keys unless you are to wipe your wallet files daily to ensure no one can hack your online pc at home..

to me as long as you keep your master key offline(separate device) secure. then a hacker cant get to your master keys)

but its all from the prospective of how much value you are storing and such

EG usually institutions have 3 managing partners with 1 key each.
but if you are sole custody sole human signing. all keys end up on one system, so whats the point in triple signing(unless you are denying yourself easy access to keys by wiping wallet files per use and having to physically go to a bank /online store source/card source to gather the keys per use)

[aesthete2022]

I'm definitely going to have to do more reading into multisig and child keys. Tbh a lot of that went over my head. To create multisig wallets in Electrum, I have generated seeds offline and imported them. I presume the master/child seeds were automatically created by the software?

[so98nn]

Taking your facts in consideration even paper wallet is far more safer then. You know there is fact, if you try to hold something far beyond its capacity then it could burst out badly. Well whether it is materialistic thing or non-materialistic it applies to both of them in similar fashion. So when you have your bitcoins stored into something; be it hardware wallet/paper/normal app/paper etc then you will start thinking too much about its safety then you will be more worried about it and once you worry too much you will start making mistakes.

If you just store it in normal wallet, have its private keys stored properly and just keep calm then I am sure your bitcoin's gonna stay there forever unless and until you access and move them.

And about the multisig, yup we can advance as time moves, just keep it normal guys, nothing moves unless until we move it.

[aesthete2022]

Good response, thanks. I don't really see the downside to a multisig setup, however.

[franky1]

it all depends on how much value you are hoarding/spending that can decide how elaborate you wish to have it

but keep in mind these 2 things

have 2 wallets
reduce the amount of use of a master/privkeys use on an online system

small spend amount
large spend/hoar amount

dont keep all funds on one address no matter how elaborate you make that address composition

also if your the sole signer. ensure you are not key leaking by having the keys on a system that is online often/at all.

if you are going to be online spending often. definitely use the small pot big pot idea where the big pot is not used as frequently and used just to top-up refill the small pot

its more about decisions of your lifestyle and personal finance risk that matters more then the technical abilities of key creation.

EG if its grocery amounts. dont worry too much. if its car purchase, house purchase, island purchase amounts.. then get more elaborate

[aesthete2022]

Sure. I'd probably keep 25% on a single sig and 75% on multisig. There is evidently a trade off between distributed risk (i.e., distributed funds) and creating a situation that builds up too much risk from being too complex. I think two addresses properly safeguarded should do it?

[franky1]

Sure. I'd probably keep 25% on a single sig and 75% on multisig. There is evidently a trade off between distributed risk (i.e., distributed funds) and creating a situation that builds up too much risk from being too complex. I think two addresses properly safeguarded should do it?

for the 25% single. treat that as your hotwallet regular spend

for 75% the multisig. if you are the sole signer. obviously you end up putting the keys into a wallet to maybe once a month top up the single.
but because you the sole signer they all end up in one pc anyweay so spreading the keys out is less than needed (unless value risk is extensive to be worth the extra efforts)

just be sure to have a 'change' address that the remainder goes to that is a new multisig. so that you can wipe the wallet after spend and be at no key use risk. and have new private keys for the 75% hoard each time you use it (dont re-use address per spend)

where you have not put the priv keys into a online pc of the new multisig. you just make the public multisig offline to grab the public address to be used as the destination of the change.

and only reveal the private when its time to spend

that way your not having to reveal the private keys too often and only use them once.

as said. if you were to be putting those keys into a bank safety deposit box. it then becomes a hassle to do that each month. so only needed if you are going to be not touching 75% hoard that often or the amounts are just to much value to risk hoarding keys at home.

but obviously to generate these keys even before funding the addresses should be done on an offline system

..

but in short. just do what feels right to you dependant on how much value you feel is at risk and how much elaborateness you want to mitigate the risks, dependant on how awkward it would be to manage making payments each time you want to make a payment.

so think more about how your lifestyle fits your value. more then the technology capabilities.

[aesthete2022]

but because you the sole signer they all end up in one pc anyweay so spreading he keys out is less than needed (unless value risk is extensive to be worth the extra efforts)

Not if each signing is air gapped. The keys never need to all be in one place.

just be sure to have a 'change' address that the remainder goes to that is a new multisig. so that you can wipe the wallet after spend and be at no key use risk. and have new private keys for the 75% hoard each time you use it (dont re-use address per spend)

You don't need to create new private keys after every spend. Multisig wallets create new addresses like single sig wallets.

but obviously to generate these keys even before funding the addresses should be done on an offline system

Agreed.

but in short. just do what feels right to you dependant on how much value you feel is at risk and how much elaborateness you want to mitigate the risks, dependant on how awkward it would be to manage making payments each time you want to make a payment.

so think more about how your lifestyle fits your value. more then the technology capabilities.

Great advice, thanks!

[franky1]

but because you the sole signer they all end up in one pc anyweay so spreading he keys out is less than needed (unless value risk is extensive to be worth the extra efforts)

Not if each signing is air gapped. The keys never need to all be in one place.

if your the sole person signing. then you are being too elaborate to be running off to 3 locations if you are the only signer. id only justify running off to 3 locations to sign if the values were more then a few months/years salary. and worth the journey each month(infrequently)

usually just airgapped at home and put the device in a strongbox thats welded to the foundations of your home.

just be sure to have a 'change' address that the remainder goes to that is a new multisig. so that you can wipe the wallet after spend and be at no key use risk. and have new private keys for the 75% hoard each time you use it (dont re-use address per spend)

You don't need to create new private keys after every spend. Multisig wallets create new addresses like single sig wallets.

and each of those addresses have a corresponding private key

you personally dont manually with your fingertips on a keyboard create them. but the software is doing it. and storing it in the wallet. so just be cautious of the wallet file