Looking for a post discussing 2:2 vs 2:3 multisig cold storage
1235 sats \ 54 comments \ @0330830bf9 22 Nov 2023 bitcoin
In another thread I mentioned a takeaway that stuck with me having read at some point about the merits of 2:2 multisig, as opposed to 2:3
... but for the life of me I can't find it. Not sure if it was here, twitter, or elsewhere.
The gist was that the added complexity of managing 2:3 makes it less failure proof 2:2 and that the redundancy is a paradox. There was more to it than that, and so I'd like to re-read it.
Others requested it as well per the conversation in the other thread: #323877
I'm putting up 6150 sats for the best steel man of 2:2 vs. 2:3 in an effort to crowdsource a search.
write
preview
related posts
20 sats \ 19 replies \ @deletedd 22 Nov 2023
deleted by author
reply
332 sats \ 11 replies \ @Zepasta 22 Nov 2023
deleted by author
reply
21 sats \ 0 replies \ @krinkov 22 Nov 2023
Holy cow, I have never thought of this
reply
493 sats \ 4 replies \ @TSW 22 Nov 2023
Wow, this must be one of the riskiest setups that I have heard of:
  • You talk about backups of your seeds but the weakness is in backup in the passphrase
  • Passphrases are not standardized and people use weak passphrases every time
  • You need three additional secure locations to secure your passphrases. In this set-up you require six secure locations
  • There are no standards for this set-up to backup the descriptor, so another thing you need to keep track off
reply
0 sats \ 3 replies \ @Zepasta 22 Nov 2023
Its 3-of-3 multisig with different passphrases, you can't really bruteforce that even if they were somewhat weak.
No secure locations needed, be smart... You should only "store" passphrases in your own head. Make them complex yet easy to remember.
You could even use a lengthy quote from a movie or book as a passphrase, so even if you forget parts of it, you can always look it up online.
reply
3 sats \ 2 replies \ @TSW 22 Nov 2023
What about inheritance planning?
reply
31 sats \ 1 reply \ @Zepasta 22 Nov 2023
deleted by author
reply
10 sats \ 0 replies \ @DarthCoin 22 Nov 2023
Yes, fuck them.
reply
0 sats \ 4 replies \ @deletedd 22 Nov 2023
deleted by author
reply
21 sats \ 3 replies \ @Zepasta 22 Nov 2023
deleted by author
reply
3 sats \ 1 reply \ @deletedd 22 Nov 2023
deleted by author
reply
0 sats \ 0 replies \ @Zepasta 22 Nov 2023
deleted by author
reply
0 sats \ 0 replies \ @deerwhisper 22 Nov 2023
Super interesting. The more you know...
reply
120 sats \ 1 reply \ @TSW 22 Nov 2023
Single-sig vs. Multi-sig It is crucial to safeguard your bitcoin assets so that:
  • You feel comfortable when purchasing power increases tenfold.
  • You have confidence in securely managing your bitcoin in the coming decades.
  • You have arranged your bitcoin legacy.
Multi-sig
When properly set up, multi-sig provides the following security benefits:
  • Protection against a 'single point of failure.'
  • Protection against loss/theft of private keys.
  • Protection against 'evil maid' attacks.
  • Protection against physical attacks.
  • Protection against phishing.
  • Protection against malware.
Multi-sig also offers additional functionality possibilities, such as:
  • Configurable co-signing: reduces the need to travel for the minimum required signatures and having multiple wallets, which is a risk in itself.
  • (Automated) inheritance planning.
Single-sig
The main reason cited for using single-sig vs. multi-sig is that multi-sig is too complex and thus carries additional risks. However, this is a false sense of security because securely managing a single-sig requires additional complexity, such as:
  • Adding a passphrase so that access to the seed does not grant access to the bitcoin.
  • Creating multiple physical copies of the seed so that if one backup is lost, the bitcoin are not lost.
Passphrases bring multiple risks: Are they random and complex enough to resist brute force attacks? Many hardware wallets offer the option to use BIP39 words, making it easy to enter the passphrase. However, if you use <12 words, your passphrase is weaker than a 12-word seed phrase. There is no standard for securely storing passphrases. You have your seed in steel, what do you do with your passphrase? On paper? On the computer? In your head? How do you guarantee that no one gains unauthorized access? Physical copies of seeds and passphrases: If you lose your seed or passphrase, you can no longer access your bitcoin. Therefore, additional locations are needed to store your passphrase separately from your seed phrase. Additional locations that you must secure and check regularly.
Single-sig vs. Multi-sig
The complexity required to set up a secure single-sig is not lower than setting up a multi-sig. In fact, because you can use standards for multi-sig, it is, in our opinion, a safer solution. The biggest technical drawback of multi-sig is that you need the so-called 'wallet descriptor' to restore your wallet; this issue has been solved by @SeedHammer .
reply
21 sats \ 0 replies \ @Zepasta 22 Nov 2023
It is crucial to safeguard your bitcoin assets
My what? Bitcoin assets?
reply
100 sats \ 4 replies \ @0330830bf9 OP 22 Nov 2023
Multisig in a purely technical context is about non-reliance on either a single source of entropy or exfiltration.
Say you do something dumb like store a large amount of Bitcoin in a mobile wallet, well some employee at Google or Apple, or maybe even just an exploit of the device's software, could exfiltrate your key to their servers and sweep your coin without any evidence.
Had you a 2:2 multisig, the phone key alone would be inadequate to sweep.
It could be even less dumb than that, say a clean linux install on a name brand PC with an Intel, AMD, or ARM chip that has NSA-level skewing of the random number generator. Even if it was airgapped, your key could be re-created by an attacker and scanned for outputs.
It could also be a honeypot like a HWW that stealth shipped a similar backdoor.
By using 2+ signatures, no single attack is adequate... it's about requiring multiple coordinated attacks or collusion which vastly increases your security threshold.
Memory is not a storage strategy no matter how much people want to think it is, as there are factors like future cognitive impairment and inheritance scenarios that rule it out for anyone needing a serious setup. 
For passphrasing stuff with encryption, that can be done at a higher layer like keeping encrypted instructions on a cloud drive. The problem with that is password patterns from the 80s are still the zeitgeist.
This old XKCD summarizes my view on passwords:
reply
0 sats \ 1 reply \ @Signal312 22 Nov 2023
So I just talked to someone about the password scheme, in the XKCD cartoon above. He said it's NOT 44 bits of entropy, because it's 4 dictionary words, instead of the same number of random characters. Thoughts?
reply
0 sats \ 0 replies \ @0330830bf9 OP 22 Nov 2023
the spaces make it one big not-dictionary word
reply
0 sats \ 1 reply \ @deletedd 22 Nov 2023
deleted by author
reply
0 sats \ 0 replies \ @0330830bf9 OP 22 Nov 2023
No that's still single sig and probably a bad idea all around.
reply
10 sats \ 0 replies \ @POTUS 22 Nov 2023
2:2 is probably just as good as 2:3 if you don't have a third secure location to keep the third private key.
reply
10 sats \ 0 replies \ @Zepasta 22 Nov 2023
I look forward to this discussion.
reply
10 sats \ 0 replies \ @bitcoincoast 22 Nov 2023 freebie
This is an older podcast, but one of my favorites. Michael talks allot about about 2:2 multisig on his episode 'Every Bitcoin Hardware Wallet Sucks".
reply
3 sats \ 0 replies \ @BlueSlime 22 Nov 2023
2:2 will not let you recover anything if a key is lost. 2:3 allows you to recover in the event of a lost private key.
With taproot, you can split the 2:3 into three 2:2 unlocking scripts, so that if you lose one of the keys entirely (pubkey as well) you can still spend without it. (though you need to backup the merkle proof, so it may be a moot point).
Once Frost becomes more supported, you can setup a 2:3 without using a script, protecting the privacy of your keys (which is great).
2:2 can work if you have additional recovery paths in your script, but you may as well setup a 2:3.
In order of greatness, Frost 2:3 > Taproot Tree 2:3 > segwit 2:3
reply
0 sats \ 0 replies \ @OT 22 Nov 2023
2:2 could be just a seed + passphrase. Passphrases can also be used for decoy wallets.
Any multisig also needs a copy of the xpub from each signing device. So a 2:3 might be more secure, its just also more complex.
reply
0 sats \ 0 replies \ @fiatdenier 22 Nov 2023
A single 24 word seed with a 12 word paraphrase will offer the same security with less risk of using a 2-3 multisig. If you must, use Shamir backup instead
reply
0 sats \ 27 replies \ @0330830bf9 OP 22 Nov 2023
One thing I have found is that 2:3 requires the xpubs for each key to be part of your backup...
Meaning 3 sets of 12 words PLUS a very long and non-readable string for each is a much more complicated storage/restore than two sets of 12 words.
If the biggest risk to your coin is you, then the complexity of 2:3 exacerbates this relative to a 2:2 that otherwise has most of the same benefits.
reply
0 sats \ 10 replies \ @TSW 22 Nov 2023
This has been resolved by https://seedhammer.com/. You only need two plates from the 2of3 to restore a wallet. One plate does not provide all the XPUB details so if anyone finds one plate your privacy is still protected.
reply
0 sats \ 9 replies \ @Zepasta 22 Nov 2023
$678 bruuuuuh
You dont need any of that. Focus on stacking sats, don't waste your money on unecessary things. It feels like everyone in the bitcoin space is trying to sell over-priced products.
reply
0 sats \ 8 replies \ @TSW 22 Nov 2023
Security budget likely increases with what you have to secure, for example:
  • 100 USD of bitcoin: paper wallet
  • 1k USD of bitcoin: HW wallet single sig
  • 20k USD of bitcoin: multisig
  • 100k USD of bitcoin: multisig with SeedHammer
  • 100k of bitcoin: proper inheritance planning
reply
0 sats \ 3 replies \ @Zepasta 22 Nov 2023
Keep on wasting sats on all of that useless hw wallets and over-priced steel stuff.
My "security budget" is SeedQRs printed on small pieces of paper that cost 2 cents. Come take my coins if you can.
@Darthcoin has a whole bitcoin on a JPG image that he posts regularly here aswell, and a seedphrase hidden somewhere on his substack blog. Go take his coins.
reply
0 sats \ 2 replies \ @Bullen 22 Nov 2023
I'm too paranoid printing my seed phrases.
Plus I don't have a printer, hate those things.
reply
24 sats \ 0 replies \ @okpj 22 Nov 2023
You “print” the cards with a marker. They are just QR codes and work great with stateless, roll-your-own hardware wallets :)
reply
0 sats \ 0 replies \ @Zepasta 22 Nov 2023
You only print the QR box, then you fill the spots with a market to generate your own SeedQR. See SeedSigner tutorial from @BTCsessions youtube channel.
reply
0 sats \ 3 replies \ @DarthCoin 22 Nov 2023
reply
0 sats \ 2 replies \ @Bullen 22 Nov 2023
Is it your cats?
reply
0 sats \ 1 reply \ @DarthCoin 22 Nov 2023
yes real ones
reply
0 sats \ 0 replies \ @Bullen 22 Nov 2023
If all cats didn't hate me, I'd cuddle the shit out of them at the very first instance I saw them. They seem super nice!
reply on another page
0 sats \ 15 replies \ @Zepasta 22 Nov 2023
deleted by author
reply
0 sats \ 14 replies \ @0330830bf9 OP 22 Nov 2023
That sounds like just 3 copies of a single sig backup, probably bad.
reply
110 sats \ 13 replies \ @Zepasta 22 Nov 2023
deleted by author
reply
0 sats \ 1 reply \ @Signal312 22 Nov 2023
This, I understand: "When you add a passphrase to a seedphrase, it is essentially a new private key."
This, I don't understand: "Using one seedphrase with three distinct passphrases is much, much more secure compared to using one seedphrase with just one passphrase"
When using one seed phrase with three distinct passphrases - at that point, aren't you creating 3 separate private keys?
reply
0 sats \ 0 replies \ @Zepasta 22 Nov 2023
Yes.
  • Seedphrase #1 + Passphrase #1
  • Seedphrase #1 + Passphrase #2
  • Seedphrase #1 + Passphrase #3
Its all different private keys.
reply
0 sats \ 10 replies \ @0330830bf9 OP 22 Nov 2023
Very interesting, I'd like to see a deep dive write up on this. Wen @DarthCoin?
reply
3 sats \ 9 replies \ @DarthCoin 22 Nov 2023
What more guide than that simple explanation Onions gave you need? Is literally this:
When you add a passphrase to a seedphrase, it is essentially a new private key.
reply
0 sats \ 8 replies \ @0330830bf9 OP 22 Nov 2023
If I knew I wouldn't need it...
I may just have to fuck around with it on regtest a few different ways with different software to check for blindspots
reply
0 sats \ 7 replies \ @DarthCoin 22 Nov 2023
Why do you want to complicate your life with multisig? Are you a big fucking company with multiple users that need the access to that wallet? For a simple individual, is not really necessary man. Keep it simple, damn it.
view replies