MultiSig is NOT the best option for most people to store their bitcoin [June 2023]
HTML-код
- Опубликовано: 7 сен 2024
- In this video from aantonop's June 2023 Q&A session, Andreas answers the question, "What is the best use case for multisig?" Watch and learn why multisig is no longer the best option for most individuals.
COMMENT below and let us know what you think of the video. Post your follow-up questions there too!
SUBSCRIBE to this RUclips channel and select the bell 🔔 for notifications: / @aantonop
JOIN this RUclips channel to become a RUclips Community Member and access custom emoji and other perks: / @aantonop
BECOME a Community Builder: / aantonop
LEARN from Andreas in one of his popular Workshops which will teach you practical crypto skills. There’s even a FREE Intro to Bitcoin & Open Blockchains to get you started. aantonop.io/ta...
You can also learn from one of aantonop's many books. Andreas has written three technical books for developers about blockchain technology, Mastering Bitcoin, Mastering Ethereum, and Mastering the Lightning Network published by O’Reilly Media. He’s also written The Internet of Money Series books, which explain why bitcoin, ethereum, and open blockchains matter.
About aantonop: Andreas isn't promoting a company or an organization; he's paid by the community (people who support this work on Patreon and RUclips) and provides an unbiased look at open blockchain technologies, what they can do for our societies, and how to get involved. Learn more at aantonop.com
From Andreas: You may already know that my mission is to educate as many people as possible about #Bitcoin and open blockchain technologies. Watching these videos and sharing them with others is a big part of that. Thank you for being part of this mission.
**Learn More From Andreas’ Workshops, Books & Events*
Amazon & Kindle: www.amazon.com/...
Audible: www.audible.co...
E-books & Merch: aantonop.io/shop
Patreon: / aantonop
Website: aantonop.com
Workshops: aantonop.com/w...
Thanks for watching, sharing, and subscribing!
When this man speaks, I click on the video and listen.
Damn right! He is one of THE smartest OG's in the game!
Replay again and again. There are usually layers of knowledge shared that are worth coming back to
For most people, multi sigs are not necessary. A passphrase (aka 13th/25th word) can be a good option for some. The most likely way you’ll lose your bitcoin is unnecessary complication. Hold those sats safely, folks.
It depends entirely on the person, the setup, and the risk profile. Many would say that a computer/cloud is sufficient for a passphrase (to anyone reading this, that is NOT the seed phrase/private key). You want to make sure you don't have any single points of failure. Memory + cloud storage could make sense if private key is stored well. I hope that helps. @@davidhodge144
Yeah, a passphrase should be quite adequate in cases where both of the following are true:
(a) the potential thief doesn't know how much money you have, and
(b) the potential thief doesn't know if you're using a passphrase... or, indeed, if you're using 5 different passphrases.
What about an in person type theft where somebody finds the seed words? That's kind of where I was thinking on the multisIg.... or maybe setting it up to where I had a couple of seed words hidden in different places and one with an estate planner so that if something happens to my wife and I our daughter would still be able to get access when she gets older. But I would hate to leave the full information at a lawyers office. Any thoughts on that? I did consider maybe doing what you said but then not storing the past phrase with the seed words maybe 🤷🏻♂️
What about an in person type theft where somebody finds the seed words? That's kind of where I was thinking on the multisIg.... or maybe setting it up to where I had a couple of seed words hidden in different places and one with an estate planner so that if something happens to my wife and I our daughter would still be able to get access when she gets older. But I would hate to leave the full information at a lawyers office. Any thoughts on that? I did consider maybe doing what you said but then not storing the past phrase with the seed words maybe 🤷🏻♂️
@Firemedic2105 if someone finds your seed phrase, but doesn't know whether or not you're using a passphrase.... and who, in addition, doesn't know how much crypto you have.... in such a case, storing your crypto in a wallet that is defined by BOTH the seed phrase AND the passphrase can be highly effective.
But just to make a point, let's imagine that a person has $50 million in crypto... AND that a potential thief KNOWS that the person has $50 million... AND that the thief has the seed phrase. In such a case, the thief will be HIGHLY MOTIVATED to figure out what that passphrase is.
Exactly. All participants must backup their seed/mnemonics and then every cosigner must have a copy of all cosigners xpub and derivation path and also the threshold and script type. This is the ideal way to do it. I have seen too many videos recklessly recommend multisig without mentinoing anything about how to do proper backups.
0:45 _"... if you lose one of the multi-sig keys, any one of the multi-sig keys and you don't have backups of the public keys, you can't reconstruct the multi-sig. And that is a failure mode that is extremely dangerous."_ But the advantage is that the public keys can be backed up anywhere in the clear, with an many copies as you like. You can make it extremely difficult for them to be lost. Multi-sig, as I understand it gives you _private-key redundancy_ so it's possible for an individual to store the component secrets in separate secure locations, and if they lose access to 1-of-3 (however it's set up) or a redundant number are stolen, that individual can still spend or transfer their coins to another wallet. So there is still a potential benefit to an individual, and of course you need to know what you're doing no matter what you do.
This needs more upvotes. You are entirely correct.
My apartment is so small that government or ever robbers would find my keys given enough time. So I need to have multiple locations.
> But the advantage is that the public keys can be backed up anywhere in the clear, with an many copies as you like.
But the disadvantage is that almost no-one actually does this, if they even know to do this, and the number of keys that you need to back up is equal to the number of BIP-32 accounts you wish to use.
@@JivanPal Saying that people often don't properly secure their helmet strap while riding is not an argument against their use-case.
@@rath6375 I agree, but it is very much an argument for improving the user experience. People wear bike helmets because their importance is repeatedly stressed, and their accessibility is high.
The public keys can be kept for all of the individual backups.
Fantastic, I did not understand it that way. Thank you!
Hmm, why can't we just share all 3 public keys across all 3 members? Doesn't that allow 2/3 spending authority while maintaining 2/3 redundancy? 🤔
You can, and that is exactly what you should do. Have backups of the 3 public keys in multiple locations, as that does not comprise your security.
Goodness me! I almost forgot the fact that you need the signatures AND the script itself!
So a better situation would be to have 3 identical "physical' keys that a minimum of 2 of which are inserted like a 'launch nuke site' to open a safe containing the seed words. There's a million dollar idea, Make a safe that is around 10 feet long that require two keys to be turned simultaneously to be opened.
Hero genius stud. Crypto GOAT. Lookin sharp Sir.
Thanks bro
I've always thought multi sig was real sketchy .. Thanks for this video bud
I think do it yourself multisig is a bad idea for most people but collaborative custody multisig like Unchained capital and Casa are very good ideas if you decide it’s worth spending the money.
Without Antonopoullos we can not walking this path!!
Legend
Hello Andreas, thanks for the video. I couldn't agree more. However, I know a lot of people in the space who use multisig to increase security. They store the keys in different locations for their cold storage so that they can't be forced to hand over their keys in a home invasion. But this can't be the solution for the average user, right? With mass adoption, do you see anything at the horizon to increase security in a comparable way, but without multisig? Personally, I think security at home will be huge deal in the future when almost everybody is their own bank and has their life savings at home. I know you're not that active on RUclips anymore but would really appreciate if you could answer.
He has addressed this before. I agree with him that multi-sig is very risky for many users & a much better option is to use a passphrase. This is not the same as the seedphrase which is your 24 words (or sometimes just 12 words). A passphrase, sometimes called a "25th word" is an extra layer of security you create yourself so that even if someone has your 24 words they have absolutely no access to your bitcoin without the passphrase. This imo is the far better way for most people to secure their bitcoin.
24 word seed split 3 ways via Shamir along with a strong pass-phrase. Store each of the 3 shares of the seed in separate locations. You only need 2 of 3 to restore your seed. This backup storage works similar to multi-sig without the need to backup public keys.
Store the passphrase in multiple other locations but never with any of the shares of the seed. You can even store the pass-phrase digitally to make it easier for you to recover but not a thief.
Yes with multisig, in a home invasion you can provide the plausible deniability that you can’t spend it and there’s all these hoops you must go through to access a multisig spend, including different security/authority organizations and people and locations. The problem is it stops there if they kidnap your loved one, and you will want to direct everyone else involved in the multisig operation to spend it.
It’s difficult to tell when (not if) organized crime and/or government spooks begin to shake people down en masse It’s an old self custody problem that must be solved at the layer 1 level imo. Isn’t there a time lock option now?
The ultimate goal is self-custody sovereignty that is secured by the protocol itself, so that there’s no need to rely on government sanctioned structures like the police and bank vaults to protect you against $5 wrench or ransom attacks.
@@TOMinPDX i didnt know even you can have a passphrase and seed words at the same time , thanks for the info. Can you add a passphrase to a ledger wallet?
@@alexsorov1958 I would think so although I cannot say for sure. Ledger is a good wallet but you will have to go to their site to find out.
Andreas......Any chance you can do a Live Q&A???? Always love your videos. Can you PLEASE tell me if simply adding a Passphrase to a Bitcoin wallet is sufficient to protecting my coins? I just think it would make little sense and nearly impossible to try to guess every possible potential passphrase for a given wallet......not to mention the fact that there would be NO WAY to even know if a given wallet even has a Passphrase in the first place. Basically ever since the Ledger revelation regarding their backup service.....I have been concerned about security. Do you think creating a New Wallet On a different device such as a cold card and adding a Passphrase but then importing that Wallet back onto a Ledger device is safe?
Great video Andre!
💯 point well taken
Thank you very much Andreas.
What do you think of Bitera and its decision to close the wallets? What should users do? I hope you don't stop answering us. We are in the same boat. Thank you.
Why is it that every time I watch one of your videos I feel like I have to check to make sure my seed phrase is safe? Take a deep breath. I know its still buried in a jar, under a rock, by the big tree at the park. Or is it? Here we go again. Now where did I put the shovel. 😬
Would printing out a list of all the Xpub’s for each signing device and storing a copy along with the private seed backups of each signing device be a reasonable solution to enable recovery for a multisig strategy?
Yes. This is a must with multi-sig. The only downside is if any of the public keys get compromised, then the privacy of your wallet is gone.
Just need a backup public key as some companies are already doing. Then recreate a new multisig public address with new public addresses. Multi sig provide a more secure way to make transactions but it doesn't solve at all the question of self-custody for sure...
Appreciate you Andreas!
I have to disagree with you on this point. I think multi-sig is definitely more secure than single-sig if done properly. I have my bitcoin in multi-sig 2 of 3 collaborative custody. My 2 hardware wallets are in different locations, and the backups of those hardware wallets are in 2 other different locations. The collaborative custody company holds the script, which I'm sure is backed up in multiple locations, and I also have a copy of the script, which I have electronically backed up in multiple locations. I have no single point of failure, but someone with single-sig does. If someone found the backup of their hardware wallet, their bitcoin could be stolen.
What if God forbid something happens to you, incapacity or death?
Good question. The collaborate custody company has an inheritance protocol with clear instructions to the beneficiary what to do upon my demise.@@EnterBitcoin
No single point of failure if you use passphrases, different locations, seed words on steel etc. It's all about common-sense and covering for any weak points in your security (fire, theft, death). Multi-sig adds a layer of complexity that's just not needed for single parties.
He's not saying that multi-sig isn't more secure; his point is different from that.
How would this compare to Shamir Signature? Seems to me like Shamir is a nice inbetween single seed and multisig?
Thank for share
wow i never knew this. Amazing
N of m multisig forces individual(s) to always have a backup of m seeds (m times the failure mode of single sig); n spending authority with m redundancy still absolutely required. No room for error in redundancy responsibility!
Couldn't redundancy be achieved by the three participants keeping copies of all three public keys? They would need to have seen them at some point to create the address anyway, right? Broadcasting the public keys is still a bad idea of course, and they obviously wouldn't share private keys with each other as that would mean any one could sign transactions alone and defeat the purpose of multisig, but if you just saved the public key of the person who lost their private key, that should be fine, no?
I want to know something about passphrases:
How would your private key for your wallet look to the outside and to hackers when you use a passphrase?
So your 24 words represent a long string of letters and numbers which is the private key. If you add a passphrase, would that just change the long string of letters and numbers or is it more a 2 of 2 multi sig. so that when a hacker get’s a hold of the string of letters and words it can’t move the funds because it still needs the passphrase.
Same if you would look at it from the 24-words. If you add a passphrase, does that mean you have, as they say, a 25th word or whatever you want to call it. Which is always necessary to move the funds. Or, does the passphrase in the back ground transform your 24-words to 24 different words in different order so that it represents the hashed string of letters and numbers of the 24 words + passphrase?
24 words + passphrase are paramaters of PBKDF2 algo to create SEED. If you don't have passphrase, the passphrase is blank and same process: PBKDF2(24 words, " ") = SEED..
Always separate backup of 24 words and passphrase. (hackers need both informations !).
Using a passphrase creates a new wallet, so you have a new private key and xpub. Nothing is transformed or lost.
Allright so it's not that one would need his private ánd the passphrase? In theory one could also write down their new private key corresponding to the old private key + passphrase to controll the Bitcoin?
And in theory if a brute forcer would guess private keys (as in the strings of letters/numbers, not the 12/24 english words form). It would controll the Bitcoin with the new private key? So in that way it doesn't work the same way as multi sig?
Thank you.
@@sm0ki
Thanks for sharing this.
thank you for that explanation. Cleared up a lot of things. I've heard SSS Shamic secret sharing is good for encrypting and splitting seeds into 2/3 recoverable pieces.
Thank you Andreas.
I guess I don't understand because I thought if you have a multisig, say 2 of 3 needed to access funds and one loses their seed phrase, the other two keys are enough to access the bitcoin. But Andres is saying you need all three "public keys". And if you've lost a seed phrase, you've lost one of the public keys. I'll just stick to single sig with passphrase.
i dont know for sure, but i think w 2 of 3 seeds, u can still transfer ur money out, but u cant restore the multisig wallet
Yeah that’s how I understand it as well. You only need your 2 controlling keys to transfer money into a different wallet. The original wallet is compromised in a sense. Maybe it’s the compromised part he is trying to make the point about. I believe you can set it up so you only have control over 1 key and someone you trust has another, and a 3rd party has the last one. To me that seems like the situation that should be avoided.
What is the best option than?
Entonces con la frase de 24 palabras y una passphrase de 5 o 6 palabras ya suficiente. Multifirma igual se puede probar todo en tesnet y una vez simulas todo y ya lo tenes claro, ahí si dar el paso a multifirma
How could family offices benefit from multi-signature wallets?
Thank you as always ! Keep the good work up .
So attach all pub keys to each private key?
thanks for everything, but please change cam & micr
So, do you still suggest Shamir SSS for the average hodler?
thanks
Can you do a review on the Tangem hardwallet?
I miss your videos.
what are the cons of MPC wallets?
So essentially you need all N pubkeys but only K/N priv keys?
Great info! Never seen your channel before but this one video was enough to earn a subscription from me!!!❤
Never understood why some individual hodlers are going for multisig setups. If they want to decentralise backups, then just decentralise backups.
Yes absolutely, that's not what I meant with decentralising backups. What I think the best for most individuals is to use a hardware wallet (with a passphrase). To "decentralise backups", get another hardware wallet and keep it in another tamper resistant place. Occasionally check up on it (+ update etc). Keeping your seed elsewhere on paper or metal always seemed super risky to me. Keeping a hardware wallet not so much. And still, incase your house burns you can access your bitcoin and transfer it and recreate your setup.@@AA-rs8gn
Why not paper wallet?
Understand why you need to save original bitcoin script and 3 publicKey. But I am confused why Andreas said: "that if you loose one of the seed you lost third publicKey". My understanding is that if I have third publicKey I do not need third seed. Can somebody explain to me am I correct, if not what am I misunderstanding ?
If you have all three public keys backed up along with each seed, then you would be fine if you lost one of the seeds. 3 public keys and 2 seeds are all that's needed to access a 2 of 3 multi-sig funds.
@@Silarousdo i understand it correctly that if i lose 1 seed, and do not have all public keys, i could still transfer the money out to a different wallet?
@@omniver if you lose 1 seed and do not have all of the public keys backed up, you would not be able to transfer your money. Funds would be lost.
Best to keep a backup of all public keys used to create the multi-sig with each seed phrase. That way, if you lose one seed/public key backup, the other seed backups with their own copy of the public keys could reconstruct the wallet.
@@Silarous just to clarify. My question is for use case that all three seeds/publicKey are used in just one UTXO. I do understand if there are multiple UTXO with different keys, addresses and derivate paths then you have to save each of those.
Probably that is what Andreas ment.
@BitcoinGuru21 I may be missing the question you're asking. Forgive me if so. But if you have 2 of 3 seed words and 3 of 3 xpubs, you could restore the entire wallet along with all possible addresses and each UTXO associated with it. Now, if you buried a UTXO in an uncommon derivation path and didn't keep records of that, it could prove difficult to locate where that UTXO is. I'm personally unfamiliar with any multi-sig situation where if you lose 1 seed but have all xpubs, you still lose your funds.
What are your thoughts on Uniform Resource?
Wow!!
Thank you !
I use a Bitfi wallet.
Whats the best way for a normie to store there btc? As an individual should I eventually do multi sig with someone like unchained? where they have one of the keys and I have two.
Hi , what do you think about Apex One AI ?
❤❤
Collaborative custody is a good way to guard against your own carelessness and the potential failure of a hardware wallet. As long as you have enough keys to control the funds yourself.
However, it's not good for privacy.
Can we add passphrases to cold wallets like ledger?
Yes
👏👏🙏🙏🙏
Adam Back and Block stream don't trust those M'Fers throw Elon now into the mix
Yeah I said it again same guy 5 years later
Is trust wallet is safe.? Transfer btc and uninstall is this still hak able
Where can wee regularly hear more from you sir?
Thank you.
🤔
if u have one wallet and loose your sedds U loose all yor money too. Thieves have a greater chance of breaking into your wallet if U have only one-sig wallet
So he kept this info in his back pocket
For years…
Multisig makes little sense and very few reasons to use it. Sounds like creating a problem instead of fixing
Nice facial hair.
lol my comment was deleted
Great info! Never seen your channel before but this one video was enough to earn a subscription from me!!!❤