Most info I've seen published on multisig requires a hardware wallet and a convoluted arrangement that would scare most newbs to even try. I don't think multisig requires that level of sophistication and contrary to what I've seen many times written, most people with cold storage should use it.
I've recently made a 2/4 multisig using Electrum with signers being: one ledger, one air gapped laptop and two cell phones. I feel pretty comfortable with it, and much more at ease comparing with the previous cold storage I had where it was a single sig built on the air gapped laptop.
This solution has several pros that I wanted to share:
  • Teaching normies about BTC wallets, signing transactions etc. is not simple so using HWW for them was out of question. Explaining to them how to do it on phone was quite simple and straightforward.
  • Phone security for storing private keys is ok (for a multisig). Even if one phone is lost or stolen, nothing goes wrong. Same goes for the seed words.
  • No single point of failure! This I like a lot, any 2 signers can be compromised/disappear and no coins are lost.
  • Even though I trust my friend to the point of giving him one of the signing keys, it's not possible for him to transfer coins on his own. He's there only to help me or family members in case I die. Inheritance problem is solved.
  • All 4 signing devices are in different locations, so no problem of losing something and getting screwed.
  • Physical backups for the 4 wallets are needed, not just one. You need both the seed and the zpubs.
  • My experience showed you need to do this simultaneously with all signers in order to share the zbpubs while building the wallet.
  • It's a little more complicate than using a single seed, but really not that much.
I think this could be done only with phones, but I like that 2 of the signing devices are more secure. Would like to hear your thoughts on this. Are there any problems with this arrangement?
I'd never use multi-sig unless it was business-related or hybrid self-custody (3rd party key and xpub retention). In fact, as an individual, I'd probably never use more than a 128bit 12-word seed with a passphrase, because in addition to the hardware backups, I want it backed up to my brain (memory) as well.
Why wouldn't you use multisig? I've been thinking of going multisig, but the only con I'm aware of us the technical complexity.
As a multi-sig user myself, the two main pitfalls IMO are:
  • Additional backup complexity. In order to recover the wallet from scratch having 2 of 3 seeds is not enough; you'll need all 3 public keys in the quorum.
  • Privacy. Due to the importance of backing up the public key set, you'll need multiple copies of this stashed away (ideally one copy alongside each seed backup). While an attacker cannot use the public key set to spend funds, they CAN see your balance. The same is true with collaborative custody models.
Basically it all comes down to the xPubs being a pain in the ass. It would be amazing if that went away and you only needed N-of-M keys to recover the wallet. Perhaps someone will figure that out one day.
deleted by author
Does a 12 word seed not worry you at all with the issues that came out the other day around seed words been guessed/cracked? Can’t remember the name but it was in Antonopoulos’s Mastering Bitcoin.
No. A seed with sufficient entropy of 128- to 256-bits can't be guessed unless an attacker guesses 1 trillion times a second and they have longer than the age of the galaxy on their hands. And this assumes they know the derivation path and passphrase to begin with. With a passphrase, it wouldn't matter if they guessed your seed right, it would show an empty address, they'd never know one address from another. Trust the math. Trust the computer science. The complexity of self-custody with many of the latest schemes: Shamir Secrets, XOR, substitution cyphers, multisig, etc, is really unnecessary complexity. You fall off the other side and become your own worst enemy, more so than a potential attacker.
So why the need at all for 24 word seeds and multi-sig for sole custody?
I trust the math and use a single-sig setup myself but I still got a bit worried reading that last week and started looking into Nunchuk.
If you are using bad seed generation, then having multiple keys might still fail. Not to dismiss your case at all, but a factor to bear in mind.
Would like to hear your thoughts on this. Are there any problems with this arrangement?
Seems comfy. Some additional thoughts:
I like to put anti-tamper seals / tags on my backups so I know if one has been accessed. That gives me time to rotate the other keys if one of them has been compromised.
Did you test wallet recovery in alternative software? I know Electrum isn't going anywhere, but still. I only felt comfortable when I knew my wallet could be recovered in Nunchuk, Sparrow and Spectre!
My experience showed you need to do this simultaneously with all signers in order to share the zbpubs while building the wallet.
Simultaneously? I never used Electrum for multi-sig, but I know that other wallets like Nunchuk allow you to add keys independently and then construct a multi-sig wallet after that. This way the keys never have to all be in the same location.
Good observation, I will test with Sparrow for recovery. I said simultaneously because you need all zpubs to complete the process and if you don't have them, and you stop and close the wallet, you have to start over again. Create wallet --> Multisig --> I have seed etc.
this is a great blogpost on why most folks are better off with a single sig + passphrase setup than pursuing a multi-sig setup.
Those are valid points, but the article kinda contradicts itself.
For all the reasons listed above, we don’t recommend multi-signature setups to single, fully sovereign individuals. However, there’s obviously a place for multi-signature in group settings such as organizations or families, and for collaborative settings
Nobody owns BTC as an individual, you're always part of some group: wife, kids, parents, brothers & sisters. And in case you die multisig offers a great plan for inheritance. I don't want to die and leave my corn to you guys by extracting them from circulation :) My previous setup was just a physical backup of the seed of single sig, but that's far from optimal for a non-btc person to recover. My worry started when one of my relatives told me 'yeah I think I have those words somewhere' 😨 Same thing could happen now and I don't care that much, me and my BTC connoisseur buddy have 2 sigs. My relatives know that he's the guy to contact in case I disappear.
Yup, love using Unchained Capital for mine! Lost a bunch of sats I had staked on Gemini, learned my lesson.
Thanks for the tip.
Most individuals DO NOT need multisig.
This point is critical:
Physical backups for the 4 wallets are needed, not just one. You need both the seed and the zpubs.
Some people think if you lose one xpub you are fine because you still have the others. To the contrary, if you lose just one, you are sunk.
If you have any question in your mind whatsoever, do not attempt. All you will achieve is to increase the odds that you will lose your funds.
All 4 zpubs are backed up 4 times physically + on the signing wallets, if someone loses his backup you can still ask the other signers to send the zpubs. I don't think this is a real concern. Even if someone completely loses his signing device plus backup, you can start all over by sending coins to another wallet. I will be checking in s few months if all other 3 signers are still with their full setup.