pull down to refresh

Today we’d like to propose a brand new form of self custody, the Time Locked Multisig wallet. While the explanation for this new type of wallet setup is a bit different, it solves one of the only remaining critical flaws we have in today’s self custody setups.
After 15 years of bitcoin, Software Wallets, Hardware Wallets and Multisig Wallets are the three main ways most people as well as serious companies with hundreds of billions of dollars of bitcoin, self custody their funds.
Despite this, even multisig wallets still don’t fully protect your funds under the extrema risk scenarios of where thieves break in / kidnap you and use physical duress and force you to give them your funds.
The general attack scenario we're referring to is where one or more thieves break in and threaten you and/or your family with a gun, knife, whatever. Even with a multisig setup, they can simply drive you at gun point and obtain your other keys. Does geographically distributed multisig make this task harder? Absolutely. Does it fully protect your funds? No. This is a critical flaw that no one seems to be addressing in a sufficient manor.

Self Custody: A double Edged Sword

We want users to have full custody and control over their funds with no trusted third parties and Bitcoin can give you that capability like no other asset can. But with great power comes great responsibility and even with a multisig wallet setup, criminals may still knock at your door and do you harm to get at those funds.
Fully seeding that control to a third party that specializes in secure custody and protection of valuable assets like a bank solves the problem, but now we’re just back at square one trusting third parties.
Worse still, if everyone eventually allows banks to custody their massive bitcoin funds in the future it opens the door to seizure from governments or confiscation of funds due to whatever “reason” the bank comes up with.

Space Locked Multisig

It’s recommend with a 2-of-3 multisig wallet that you store each of the keys at separate locations. This locks you out of being able to spend any funds until you physically go and retrieve a second key from some distance. This distance can be small or large and can be thought of as a “spacial lock” on your funds.
If it’s a small distance, say 10-100 miles away, then it’s moderately effective as a deterrent when dealing with the physical threat of duress. However assuming we’re talking about significant funds here, criminals can just drive you at gun point to where ever the second key is located and still steal all your funds.
If it’s a large distance, say 1,000-10,000 miles away in a different country, then this does make it all but impossible for the criminals to tag along as they’d have to pass through country borders which usually have numerous armed guards. However now you cannot access your funds without complying with local government rules. Access to your funds is now at the mercy of the state, which isn’t the best result.
In order for a space locked multisig setup to fully resist this type of physical threat of duress, it must force the attackers to pass through a location with specialized security and protective services. Armed guards. 24/7 surveillance. Steel reinforced locked vaults. In essence, a bank.
Not only that, but they must not be able to get 2 of the keys without passing through at least one of these types of locations. For example, if you keep 1 key at home, 1 in a bank vault and 1 at a families home they can just use your home and family keys.
For full protection, you must keep 1 key at home and the other 2 in a bank or banks. This however then lands us straight back at square one again as a private bank company now has your private keys. If so forced by the state, it can seize all your funds.

Time Locked Multisig

As it seems clear that limiting your control over the funds in the space domain doesn’t work, we would like to propose a new type of multisig wallet setup, one that limits control using not just space, but also time. We call this a Time Locked Multisig (TLM).
A TLM functions just like a regular multisig wallet, but adds further restrictions on when funds can be spent. Let’s have a look at how a 2-of-3 TLM might work:
  • Funds are time locked for whatever period the user desires, for example 1 year
  • Even if you have 2 keys, funds are not spendable until the time lock expires
  • If all 3 keys are used, the user can override the time lock and spend the funds immediately
So why the extra complexity? Well imagine you put a time lock on your 1 BTC UTXO that says it can only be spent after 1 year. You store 2 of the keys in regular environments such as at your home and a friends place.
The 3rd is stored in a location that is specialized in protecting valuable assets. This could be a bank, a bank safety deposit box or any other third party company that has a bank grade level secure location with 24/7 armed guards and check points.
Note: While many people detest banks now, taking deposit of and protecting valuable assets like gold is one of the main reasons they were created and has been a valuable service for many thousands of years. There is also no need to trust the bank as they only have 1 key, which is not enough to spend any funds.
This setup fully protects you from a physical duress attack. Even if a gang of criminals breaks into your home and holds a gun to your families head demanding “all your Bitcoin” they only have two options to get it:
  • Retrieve 2 keys from separate locations and wait 1 year for the time lock to expire
  • Retrieve 2 keys from separate locations and then also break into a bank grade secure location to obtain the 3rd key so they can override the time lock
This we think is enough security to stop even the most motivate criminals. These time locked coins are also fully provable via on chain, immutable data too. So even with a gun to your head, you have iron clad proof to show them that even with 2 private keys in your hands, you can’t send the criminal any funds.
Furthermore, if the criminals break in and steal 2 keys, you simply go to your bank and get the 3rd key. With all 3 keys you can now override the time lock and instantly move the funds to a new address. Meanwhile the criminals 2 keys cannot send any funds until the 1 year time lock is up making them worthless. You would also do this if you wanted to spend your 1 BTC instantly.
As the bank company only ever has 1 of the 3 keys it’s also useless on its own, no amount of government control or seizure can take your funds. If that same bank bans you or withholds access to your 3rd key for any reason, you simply wait until the time locks pass and you have your funds again without having to trust any third parties.
While in our example we’ve locked up 1 BTC for 1 year, you could splice and dice the amounts and time locks however you wish! For example, that same 1 BTC could be time locked in four separate UTXOs:
  • 0.5 BTC spendable after 1 year
  • 0.25 BTC spendable after 6 months
  • 0.15 BTC spendable after 1 month
  • 0.1 BTC spendable after after 1 week
After each tranche of coins passes its time lock and becomes spendable, you can then spend them with just 2 of the 3 keys and “refresh” the time lock. Another way is to have a rolling stock, so that 1 BTC is spliced up into 10 x 0.1 BTC UTXOs and time locked in rolling 1 month intervals.
If you have a 3-of-5 TLM, then you would still store 1 key in a bank grade protective environment and you would need 3 keys to spend funds (after the time lock has expired) and all 5 keys to spend funds instantly. If you lose a key at any point, you’re funds are still safe as you can spend them after the time lock expires. Future Self Custody
12 years ago mobile wallets didn’t exist. 10 years ago seed phrases, hardware wallets and multisig wallets all didn’t exist. Who knows what amazing tech we’ll have in another decade.
TLMs take the excellent spacial locking that geographically distributed private keys provide and combines it with temporal locking to prevent all known threats whilst still ensuring full self custody is maintained and no trusted third parties are required.
This type of multisig setup doesn’t exist at the moment, but as best we can tell, it doesn’t require any soft or hard forks of Bitcoin to enact. New wallets like Liana (which is in Beta at the moment) already use time locks for different reasons and Blockstream Green already has some server side time locks via their 2FA implementations that are similar in nature to this.
Obviously TLMs would only be for those with serious funds, just like regular multisig is now, but as bitcoins price inevitably increases and it gains major widespread use we expect instances like below to only increase in frequency.
This Monday, a middle-aged Swedish couple was tied up in their home and robbed by 4 masked men. They were physically abused and threatened with their own kitchen knives. They were tied up for hours and one had to be escorted to the hospital via helicopter. One of many in Sweden

You’re Not Setup For Serious Physical Attacks

A final point is that while we suggest this setup for those with “serious funds”, depending on who you are, that might not be nearly as much money as you think it might be. While most might instantly assume it’s only for high net worth individuals or businesses with millions or even billions of dollars worth of Bitcoin, you have to think about it from the thieves point of view.
Even a moderate amount of bitcoin (eg. 0.25 BTC worth ~$9,000 USD) is a lot of money to a lot of people and will motivate many criminals to do some horrendous things. As long as the above tactic works and rewards the criminals with thousands of dollars, the behavior will continue and likely flourish.
Maybe you’ve got guns a plenty and scream “come get some!” while you lather yourself in mud to avoid their thermal cameras, but even that might not be enough for a group of armed criminals given you’ve effectively got a bounty on your head equal to how much bitcoin you custody.
Multisig obviously helps, but again, criminals motivated by a huge bounty (even a few thousand dollars) could hold your family hostage while they force you to take them to retrieve the other keys. You likely are not specialized in armed conflict with a bank grade home and even if you’re a full on Command Sergeant Major in the army, there’s only so much 1 person can do against literally unlimited others.
TLMs we think, if implemented with a simple and clear user experience, could potentially become the standard way people self custody their bitcoins in the future, just like how hardware wallets are now. If everyone implements it as part of a normal Bitcoin savings and investment strategy, then it will significantly help mitigate this final major risk of physical duress.
If it’s eventually cheap, easy and everyone does it then fewer and fewer attacks will be successful which will discourage future instances. This will in turn ensure more people, both rich and poor fully self custody their funds without seeding the job to trusted third parties.
Mixing time locks and multisign is a really interesting approach, thanks for the article.
reply
You're welcome! It had been bugging us for a long time on how to securely solve the $5 wrench problem. It's moderately complicated we do admit, but the feedback so far has been very positive
reply
Excellent post that outlines the weaknesses of a typical multisig setup.
One other thing: If under duress you could destroy a single key via a "brick-me" PIN. This way it's now impossible for anyone (thief or otherwise) to spend funds before the timelock expires. With this plan, one is better off using a 2-of-4 quorum so there is still redundancy if a key is destroyed in this manner.
reply
This idea might be new to someone, but its not new. Liana even has a nice UI for it
reply
We literally mention Liana in the post...
This type of multisig setup doesn’t exist at the moment, but as best we can tell, it doesn’t require any soft or hard forks of Bitcoin to enact. New wallets like Liana (which is in Beta at the moment) already use time locks for different reasons and Blockstream Green already has some server side time locks via their 2FA implementations that are similar in nature to this.
reply
deleted by author
reply
Yeah sorry that's probably on us 😂 We just like talking about bitcoin!
reply
deleted by author
Bookmarked to read later. I have to go sleep now.
reply
You manage to explain to the thieves that they can only steal the funds now if they have the key from the bank.
They cut off your wife's pinky toe to show they mean business. You then go to the bank and get the key for them while she stays at home. Stack lost.
reply
Somewhat disagree. Criminals are unlikely to let you access the bank key unaccompanied in case you seize that moment to alert the authorities.
reply
Yes, one of the 4 dudes would come with you and wait outside the bank, reminding you of your wife's fingers and life as you enter.
reply
While possible, the thieves now MUST allow you to go to a bank grade security level place.
Now you have the ability to (hopefully covertly) alert the authorities and have your house surrounded by police. Will you and your family end up 100% safe? Unsure. But safety is never 100% in real life and TLM wallets now mean it's significantly harder and more riskier for the thieves to get away with it. Now there's a serious possibility that they're going to have armed men and women surround them, before there was virtually zero chance of that.
reply
You can imagine a scenario like this, but consider how much the bar has been raised to get around the security measures: you've moved from one dipshit with a $5 wrench being all that is needed to steal someone's savings, and now require a criminal gang that can coordinate over time and keep its shit together while multiple parties execute a complex plan.
More importantly, you're also assuming that the other parties and institutions in this threat model -- including "the bank" in this example -- don't evolve at all, that their awareness of these kinds of attacks stay at zero, and their security measures are negligible. That's not how it will unfold.
As I mentioned in an earlier post, the main job to be done right now is to evolve practices and norms that raise the bar for thieves much higher, and to ensure that that much higher bar becomes common knowledge.
There's no silver bullet that makes you safe against all attackers. If the government wants you dead, you're still dead. But as anyone in security will tell you, adding modest frictions provides an incredible ROI.
reply
I wasn't claiming things will not improve eventually.
4 masked men
These guys mentioned in the post, they are organized enough to spend the night torturing the couple. They have enough intelligence to target and extract crypto from victims. They know self-custodied crypto is easier to steal than doing a super-large bank transfer. Splitting up and having 1-2 guys follow you to the bank is not unthinkable. Banks don't have bitcoin transfer limits and you probably didn't tell them you have a bitcoin key in your deposit-box.
Present banks around where I live seem much more interested in keeping their employees safe rather than making it hard for robbers. Some even have policies of keeping vault doors open during office hours.
reply
These guys mentioned in the post, they are organized enough to spend the night torturing the couple.
I'm not disagreeing that criminals exist who can do this; nor am I claiming that it takes some kind of Ocean's 11 mastermind to follow someone to a bank and wait outside, while someone else waits at home with someone's wife.
I am saying that the scheme described is already quite a high bar vs most of the criminal activity that takes place; and that over time, as the implications of sovereign money really play out, a lot of other security measures will evolve, some in new institutions, some in old; and the sophistication required to rob someone will increase.
reply
I'm happy for our kids' sake then.
Many stackers who somehow leaked their interest in bitcoin will probably have to deal with a lot of pain before we get a better approach to cold storage.
reply
This, first thought lol
reply
deleted by author
reply
check out BitVaulty he first wallet with native timelocks over multisig:
Now self-custody has been made perfect and nobody can physically attack you or hack your wallet. Test the beta on https://www.bitvaulty.com/
reply
This was an interesting read, thank you. I wonder what possibilities Taproot addresses will have regarding this. I'm sort of a Luddite and want to wait for standard to come out before doing anything.
reply