Jason C.


Bitcoin

Storing Keys

2017-10-01

Introduction

The tutorial for Using Multisig Wallets uses a 2of3 wallet. This means the wallet was created with 3 keys, but only requires 2 to sign a transaction. 2of3 is just an example, any combination of signatures is allowed.

When creating your multisig wallet, what should you choose? This guide explains my recommendation that should give you a good balance of trade-offs.

There's three main things to worry about when creating a Bitcoin wallet: security, reliability, and availability. Security refers to the likelihood someone else will gain access to the wallet. Availability refers to the ease of access. And reliability refers to the likelihood the wallet will be lost.

I've found a 2of4 wallet provides a good balance of these. The idea is to keep 2 keys readily available and 2 for disaster recovery.

Readily Available Keys

For the keys that are readily available, they should be separated and secured. These are Electron Cash seeds, so they are english words that can be written down on paper. Here's a few examples of places to keep the readily available keys:

Just remember to keep the keys separate. An attacker needs more than one key to access your Bitcoin, try to think of your threats.

It's a good idea to keep one of these outside the house. For example, in the cloud. Or if you have multiple residences, keep a copy at both. This way if your house burns down you will only need one of your disaster recovery keys.

Disaster Recovery

For disaster recovery keys, the common situations you want to protect against are house burning down and death. Some example places to keep these are:

For a will you could list the address of your wallet, which relative has one of the keys, and that the other key is in the safety deposit box. Note the more relatives you give your key to, the more risk one of (or someone they know) tries to steal from you. Also, if you give multiple people a key, give them all the same key, then they can't collude.

I recommend giving the key to only 1 or 2 people max. Your will has the public key, so transactions will be visible. Even if that person loses the key, they should be able to recover one of your readily available keys (e.g. in your wallet).

If your house burned down, you hopefully had at least 1 of your readily available keys outside the house. For the other key you should be able to go to your safety deposit box. Worst case scenario you have a relative as a backup.

Conclusion

You have to decide what's most important to you. If security is more important to you, you can create more keys, e.g. a 3of5 wallet.

This has trade-offs because now you have to make 3 keys easily accessible in order to use. You could also potentially lose 3 of the keys, and never be able to access the Bitcoin. But maybe that makes more sense for you. If you're not planning on accessing the money very often, perhaps having keys in multiple safety deposit boxes makes sense.

If you want to be really paranoid, you can have keys in multiple safety deposit boxes in different countries. This could protect you against a single government trying to seize your assets.

Also remember, you need the public keys of all wallets in order to create a transaction. If you lose the public key of even a single wallet, you will never be able to access that Bitcoin again. So store all of these with each key.

Additionally, if a key is compromised, as long as you have the public key of all other wallets, it's easy to create a new wallet replacing only the compromised key. You don't need access to all private keys. So, you would create a new wallet with only the compromised key replaced, and send all the money from the old wallet to the new one.

Return to top or back to Bitcoin.