Distributed Passphrase > Multisig? Poke holes in this.

[Kpex]

In a 2-of-3 multisig scenario: One key at home, second key in a bank vault, third at a distant trusted location.

It occurred to me, why not just use a geographically-distributed single key plus passphrase? Scenario: The single key at home, the passphrase in a bank vault, a backup of the key at a second bank, backup of the passphrase at the distant trusted location.

I can't see what multisig has over the passphrase. You can lose one location and still recover the wallet, just like a 2-of-3. Yet no one location has access to the funds. Theft/robbery/fire protection is the same. If the bank loses your safe deposit box you can still recover. You'll need two separate safe deposit boxes but so what, they're cheap.

What the passphrase does provide is a simpler learning curve for loved ones if you die. I'm trying to game out how to explain xpubs and descriptors and derivation paths to people who aren't technical. With singlesig+passphrase, there are fewer moving parts for family to access the funds.

Somebody poke holes in this. What's the benefit of multisig? What am I not seeing?

[1714490656]

1714490656

[1714490656]

1714490656

[pooya87]

I personally have always viewed multi-sig equal to multi-party. Meaning for example 2 or 3 partners in a business each hold a key to a 2 of 3 multi-sig to be able to spend the funds together. That's where multisig signs best in my opinion.

For a single user, I'd stick to a simple single-sig setup with separate backups too. Specially when it is coins you want to place in cold storage and not touch for a very long time.

The only downside I see is that you generally don't want to keep or use a single private key (address), so what you actually backup is your seed phrase (that generates many keys you'd use). Considering there aren't any standard way of encrypting a seed phrase (as opposed to BIP38 for single private key) using a seed+password setup becomes complicated again compared to multi-sig where there are multiple seed phrases.

I'm trying to game out how to explain xpubs and descriptors and derivation paths to people who aren't technical.

There are certain things like derivation paths that end users don't really need to know. The wallet should take care of them under the hood automatically. Like what Electrum does.

[Blitzboy]

A strong security system is the main benefit of multisig. Finding the right amount of keys isn't enough; it's also important to know who has access to what keys. If someone gets both the key and the passphrase, they have access to the money. However, in a multisig setup, compromise means breaking into more than one different entity.

The complicated nature of Multisig is its strength. Although we should think about the non-technical heirs, shouldn't security come first? Single-key systems aren't as secure as multisig setups, but they do add an extra layer of security. There is a trade-off between simplicity and increased protection. If security is so important in the Bitcoin, doesn't this extra layer of protection make the process more robust?

[hugeblack]

I do not think that we should look at which is better or make a comparison between them, as the multi-sig wallet allows for more extensive options than Passphrase, where you can set up 3 out of 5, thus ensuring that hackers need to search in 3 places + Passphrase before they reach your coins, and so on.
A multi-sig wallet is good when there is more than one person who wants to make the decision, while for a single user, sometimes the Passphrase is sufficient, and sometimes you need a multi-sig in addition to the Passphrase, depending on the purpose of use and the level of complexity.

[o_e_l_e_o]

Somebody poke holes in this. What's the benefit of multisig? What am I not seeing?

A single point of failure.

The main benefit of multi-sig over single sig plus passphrase is that multi-sig does not have a single point of failure. You can use three different devices to generate three different seed phrases, and only move the xpubs between devices in order to generate addresses. The compromise of any one device does not lead to compromise of the wallet. The same is true when spending from a multi-sig - you can keep each set of private keys on separate devices, and so one compromised device never has enough information to steal the coins.

With single sig plus passphrase, you must bring the seed phrase and the passphrase together on the same device both to create the wallet and also to spend from the wallet. If that device is compromised, then your funds are also compromised. The best way to address this is to use either a permanently airgapped computer running an open source OS, or use an open source airgapped hardware wallet such as Passport.

In terms of back ups, then the security and redundancy is comparable between a single sig plus passphrase with two back ups of each component and a 2-of-3 multi-sig. In both scenarios you can lose one back up and still recover your wallet, and in both scenarios an attacker needs to compromise two back ups to steal your coins. The single sig plus passphrase is actually slightly safer in this arrangement since you might be able to lose two back ups and still recover your wallet, and an attacker might need to compromise three back ups to steal your coins, depending on which back ups are involved. The down side is you need four back ups instead of three.

I'm trying to game out how to explain xpubs and descriptors and derivation paths to people who aren't technical.

You shouldn't need to explain either descriptors or derivation paths. Back up your three seed phrases along with one xpub, so the recovery of any two back ups provides two seed phrases plus the third xpub, as follows:

Back up 1: Seed A, xpub B
Back up 2: Seed B, xpub C
Back up 3: Seed C, xpub A

Then your family member can simply follow the instructions on a wallet such as Electrum to recover the multi-sig.

[Kpex]

You shouldn't need to explain either descriptors or derivation paths. Back up your three seed phrases along with one xpub, so the recovery of any two back ups provides two seed phrases plus the third xpub, as follows:

Back up 1: Seed A, xpub B
Back up 2: Seed B, xpub C
Back up 3: Seed C, xpub A

That is way more streamlined than what I had planned. Brilliant.

The multi-vendor aspect is something I realized too. That's a downside of the passphrase option.