It doesn't matter if your hardware supports it, you can boot up an old laptop on tails and convert the shards into a single seed and just type it into the wallet of your choice.
bip39 also has a passphrase component that you forgot to mention. it solves a huge portion of your problem statement making multi-sig an overkill for most individuals. since passphrase is an additional component to your 12/24 high entropy words; the passphrase can be derived from a public source - like a book, so it is easy to retrieve. Additionally, you can use the passphrase to encrypt your 12/24 words allowing you to make more copies and add redundancy. So while multisig is still technically stronger, you can gain extremely good security with just bip39 and maintain practicality.
So basically the trezor one using a hidden wallet with a passphrase is just as secure as a shamir backup? Maybe a shamir backup would make sense if several people share a large chunk of bitcoin.
@@thinkblue8089 I use a passphrase. Yes it is just as secure. But you could think of it as being a 2 of 2 set up. If the HW wallet is broken and you have to start getting scratch, you will need the seed words and the passphrase. So SSS is better in that you can set your threshold and afford to lose some of the shares. But. What I like about the passphrase is it can be redundant by storing it in a password manger AND memorize it yourself. If your PW manager was hacked, the passphrase won't compromise your stash.
I don’t understand. Why not use shamir backup and then do a multisig? Security against the loss of the seed + protection against attack at 5 dollars = perfect? By adding Liana timelock for the inheritance and it’s settled.
There is no perfect solution. It's a trade off between losing your seed and having it stolen. If you do a shamir backup, its more likely you won't be able to find enough shards because you distributed them geographically. But the FBI can't seize it from you if they raid your house. It's a trade off.
SO, which strategy do YOU think is best? Multi-sig? Shamir Backup? Or just hoping nobody finds your backup? I'd love to hear your experiences and opinion in the comments below!!!
Multisig is ALWAYS better because it's not storing your key on a single device where it can be exfiltrated. The only reason to do shamir instead is because you're too dumb to do multisig. You can do both though, but it makes it more likely you'll lose your keys and less likely you'll get robbed by a state level actor.
Jonathan, very insightful video. But I have a different point to mention with Shamir backup, especially with configuration 2 out of 3. Let's say the user engraves keywords on the metal plate then if one piece is stolen, the user needs to move his bitcoins to a new wallet. Too much information has been exposed to a thief. Do you agree that would be the safest move? Moving to a new wallet would invalidate the old phrase. This could be quite costly especially if you engraved words on a metal plate that cost $200.
There's a much easier way to do multisig backups. Use one BIP39 seed phrase. Write it down. Back it up on paper and steel. Use the BIP85 index child seeds from your seed phrase as multisig keys. For example: Want to do a 3 of 5 multisig? Use the BIP85 index 1, 2, 3, 4, and 5 child seeds from your seed phrase for your 5 multisig keys. The only thing you need to back up is your original BIP39 seed phrase plus a note to remind yourself that your multisig keys are BIP85 indexes from your seed phrase. Even if somebody found your BIP39 seed phrase, they'd have no way of knowing you aren't actually using it (because you're using the BIP85 child keys instead).
If you can derive all your keys from one key you're just creating a single point of failure. Plus, security through obscurity is not security. Do not invent your own techniques in crypto.
I think this defeats the purpose, you don't to have a single source that provides access to the funds. The existence of that BIP39 on paper is a problem.
This video was amazing. I’ve got a T-1 and I’d like to upgrade my security to Shamir, and have purchased a T-T. Im still a bit fuzzy how I get my laughably small amount of coins from my T1 onto my TT. Do I first set up the TT with Shamir backup, then just send to the new T-T wallet address? Oh, and I plan to use my T1 as a decoy.
Yep. You should send the funds to yourself. I suggest doing a many to many transaction and splitting it across many addresses on the T, with varying amounts, so it gives you some more privacy. If you send to one address, the next person you send to will know your whole balance. Make sure to triple check every address when you send. And send when mempool fees are low
Greetings Jonathan. On Medium, a very interesting article came out on this topic in which I am drawing on the knowledge to create a version that can be thought of as a cryptographic and more flexible version of Ledger's "redundant" seed phrase backups. The article is called "Bitcoin: Multisig vs. Shamir's Secret Sharing Scheme"
@@pavolhorvath7850 give your next of kin 12 words and the location of the other 12 words stored securely within your house. Wear a dogtag always that has numerical secret wallet codes that the Trezor supports. Only way next of kin can take your crypto is if they gain access to your house AND take possession of the dogtag. ie if you are dead and they are dealing with your belongings. IMO it must be a 24 word seed if you are going to split it. I wouldn't trust half a 12 word seed to be secure...
@@thevalleyofdisappointment And if something happens to you and the dog tag is compromised or unrecoverable then you just made a pro rata donation to everyone else on the network. Thank you!
@@vandogtrailer6701 Not sure how my loss is a donation to the rest of the users but if you are hoping for me to be burned beyond the melting point of 316 stainless steel then I won't take that personally!
@@thevalleyofdisappointment Ha! ... Just saying every time coins are lost, the remaining coins become more scarce. Hence, effectively a pro rata donation to the rest of us. For the sake of your heirs or your favored causes, I hope you pass your share on where you wish and not to the rest of us.
It doesn't matter if your hardware supports it, you can boot up an old laptop on tails and convert the shards into a single seed and just type it into the wallet of your choice.
bip39 also has a passphrase component that you forgot to mention. it solves a huge portion of your problem statement making multi-sig an overkill for most individuals.
since passphrase is an additional component to your 12/24 high entropy words; the passphrase can be derived from a public source - like a book, so it is easy to retrieve.
Additionally, you can use the passphrase to encrypt your 12/24 words allowing you to make more copies and add redundancy.
So while multisig is still technically stronger, you can gain extremely good security with just bip39 and maintain practicality.
KISS
So basically the trezor one using a hidden wallet with a passphrase is just as secure as a shamir backup? Maybe a shamir backup would make sense if several people share a large chunk of bitcoin.
@@thinkblue8089 I use a passphrase. Yes it is just as secure. But you could think of it as being a 2 of 2 set up. If the HW wallet is broken and you have to start getting scratch, you will need the seed words and the passphrase. So SSS is better in that you can set your threshold and afford to lose some of the shares. But. What I like about the passphrase is it can be redundant by storing it in a password manger AND memorize it yourself. If your PW manager was hacked, the passphrase won't compromise your stash.
Great content! Thanks for the detailed explanation and pros and cons of each solution. Subbed!
I don’t understand.
Why not use shamir backup and then do a multisig?
Security against the loss of the seed + protection against attack at 5 dollars = perfect?
By adding Liana timelock for the inheritance and it’s settled.
There is no perfect solution. It's a trade off between losing your seed and having it stolen. If you do a shamir backup, its more likely you won't be able to find enough shards because you distributed them geographically. But the FBI can't seize it from you if they raid your house. It's a trade off.
SO, which strategy do YOU think is best? Multi-sig? Shamir Backup? Or just hoping nobody finds your backup? I'd love to hear your experiences and opinion in the comments below!!!
Multisig is ALWAYS better because it's not storing your key on a single device where it can be exfiltrated. The only reason to do shamir instead is because you're too dumb to do multisig.
You can do both though, but it makes it more likely you'll lose your keys and less likely you'll get robbed by a state level actor.
Great video...
Jonathan, very insightful video. But I have a different point to mention with Shamir backup, especially with configuration 2 out of 3. Let's say the user engraves keywords on the metal plate then if one piece is stolen, the user needs to move his bitcoins to a new wallet. Too much information has been exposed to a thief. Do you agree that would be the safest move? Moving to a new wallet would invalidate the old phrase. This could be quite costly especially if you engraved words on a metal plate that cost $200.
What’s large amounts?
There's a much easier way to do multisig backups. Use one BIP39 seed phrase. Write it down. Back it up on paper and steel. Use the BIP85 index child seeds from your seed phrase as multisig keys.
For example: Want to do a 3 of 5 multisig? Use the BIP85 index 1, 2, 3, 4, and 5 child seeds from your seed phrase for your 5 multisig keys. The only thing you need to back up is your original BIP39 seed phrase plus a note to remind yourself that your multisig keys are BIP85 indexes from your seed phrase. Even if somebody found your BIP39 seed phrase, they'd have no way of knowing you aren't actually using it (because you're using the BIP85 child keys instead).
If you can derive all your keys from one key you're just creating a single point of failure. Plus, security through obscurity is not security. Do not invent your own techniques in crypto.
I think this defeats the purpose, you don't to have a single source that provides access to the funds. The existence of that BIP39 on paper is a problem.
Fantastic breakdown. 👍
Great stuff! Thank you
For someone like Satoshi, who has 1 million BTC, what would be the best way for someone like that?
This video was amazing. I’ve got a T-1 and I’d like to upgrade my security to Shamir, and have purchased a T-T. Im still a bit fuzzy how I get my laughably small amount of coins from my T1 onto my TT. Do I first set up the TT with Shamir backup, then just send to the new T-T wallet address? Oh, and I plan to use my T1 as a decoy.
Yep. You should send the funds to yourself. I suggest doing a many to many transaction and splitting it across many addresses on the T, with varying amounts, so it gives you some more privacy. If you send to one address, the next person you send to will know your whole balance. Make sure to triple check every address when you send. And send when mempool fees are low
Greetings Jonathan.
On Medium, a very interesting article came out on this topic in which I am drawing on the knowledge to create a version that can be thought of as a cryptographic and more flexible version of Ledger's "redundant" seed phrase backups.
The article is called "Bitcoin: Multisig vs. Shamir's Secret Sharing Scheme"
He mentions BCH address, is he talking about bitcoin cash?
Why not both? Throw a couple shamir backed up wallets on your multisig.
And make one of them airgapped with a key you made with dice or an offline computer that is older than bitcoin.
memorise your 24 words. takes a few days and then destroy all evidence. Solved.
and if something happens to you, who is gonna inherit?
@@pavolhorvath7850 give your next of kin 12 words and the location of the other 12 words stored securely within your house. Wear a dogtag always that has numerical secret wallet codes that the Trezor supports. Only way next of kin can take your crypto is if they gain access to your house AND take possession of the dogtag. ie if you are dead and they are dealing with your belongings. IMO it must be a 24 word seed if you are going to split it. I wouldn't trust half a 12 word seed to be secure...
@@thevalleyofdisappointment And if something happens to you and the dog tag is compromised or unrecoverable then you just made a pro rata donation to everyone else on the network. Thank you!
@@vandogtrailer6701 Not sure how my loss is a donation to the rest of the users but if you are hoping for me to be burned beyond the melting point of 316 stainless steel then I won't take that personally!
@@thevalleyofdisappointment Ha! ... Just saying every time coins are lost, the remaining coins become more scarce. Hence, effectively a pro rata donation to the rest of us. For the sake of your heirs or your favored causes, I hope you pass your share on where you wish and not to the rest of us.