0 sats \ 6 replies \ @BitcoinIsTheFuture OP 19 Oct \ parent \ on: Unchained Capital - The free ride stops now bitcoin_beginners
Hmm cool option. I’ll look into that!
Shamir Secret Sharing, implemented by Trezor's SLIP-39...
Provides 'information-theoretic' security.
By setting a recovery threshold of let's say 2 of 3 or 3 of 5...
zero information is derived about the 'secret' or private key unless that threshold is met. If one of the 'keys' is found absolutely nothing is learned about the actual secret. No public key no private key no addresses no balances no nothing.
This is in opposition to multisig where copies of the XPUBS have to be kept. Your 'wallet configuration file' that unchained has you keep is essentially... describing the 'wallet' that you unlock. You can 'unlock' it with only 2 of the 3 keys HOWEVER you MUST have all the 'names of the keys' (the wallet "config" file) plus the 2 keys themselves.
Anyone with the Xpubs ('wallet config file') can see all your addresses and balance. They can't move the funds but they can see what they are - at possibly a huge loss of privacy.
SLIP-39 otoh reveals nothing about balances unless the 'share' threshold is met - meaning that if someone, a family member for example, finds a share they know nothing about the Bitcoin transaction or transactions or balances until they have enough keys to actually move the funds. Either they know everything and have access or they know nothing.
SSS is either you have 0 information. Or you have all of it, with nothing in between.
Trezor, who as I understand it implemented the original BIP-39 protocol, is switching to SLIP-39 by default as it's a superior form of storage for most people.
It would make sense that it would be far superior for inheritance as the recovery process is simpler than multisig. The downside (and there are always downsides) is that it is not widely supported yet unlike multisig - and that you are relying on 'one device' to interact with the private key.
One hardware wallet one private key. As opposed to multisig where multiple hardware wallets interact separately with multiple private keys. Tradeoffs but also opportunities (like everything else)
Just my thoughts.
reply
Some of the main reasons I like multisig are:
- malicious HWW manufacturer
- malicious firmware update to a HWW
- supply chain attack on HWW (compromised prior to arriving to me)
- bad random number generator used by a HWW for seed generation
I don't believe any of these concerns are addressed by using Shamir's. However, you're right, it is all tradeoffs and multisig does require storing more information along with the seeds.
reply
I 100% agree with you. It is unfortunately all tradeoffs.
Let me play the devil's advocate though (for the Op's sake):
If you set up a multisig and it works for years and years but is ultimately too complicated for heirs and family to use after we are all gone... then what was the point? Ya sure it's secure - but if it's too complicated for recovery then what was the point?
reply
Yup, absolutely agree.
If your setup is too complicated for you and/or your heirs to use, it is useless. Multisig, IMO, is not actually much more complicated than single sig.
Let's run through a 2 of 3 multisig example where your child has one key, you have one key and your lawyer (or safe deposit box) has one key. You pass away and you have left instructions in your will for your child to open the bitcoin envelope you left them since you've passed. Inside the envelope are:
- A set of instructions
- A written and metal backup of one set of seed words
- A backup (physical piece of paper printed pdf and on a microSD card) of the public keys (this pdf and electronic backup are created by your wallet software like sparrow)
The instructions (#1 above) are fairly straightforward. Essentially your heir must:
- Acquire the second envelope from either the lawyer/safe deposit box or from your home
- On a (preferably new/clean) laptop download sparrow wallet
- Using the microSD card (or the backup physical paper) load the saved wallet
- Use the sparrow interface to attempt to send the bitcoin if desired - provide links to good resources/videos on how to spend such as one from BTC Sessions (https://www.youtube.com/watch?v=qJ_SpQX_YKw)
I am not saying this is 'easy' per say. But I also don't think it is overly challenging, especially considering your children will likely be more technically proficient than you are. Additionally, I believe you could point your heirs in the direction of solid bitcoin companies that provide consulting help and I imagine for a fee they would help the heir with the recovery process once they have the requisite keys in hand. I imagine folks like these could be helpful if they need some handholding:
Probably several bitcoin focused lawyers that you could reach out to as well who could help in the process...
reply
Thank you for your post.
Yes Bitcoin and software security in general... is always a moving target.
There's good and there's even really good, but there's nothing that's perfect.
In my opinion Bitcoin can't be and doesn't need to be perfect, it just needs to be better than everything else and it is. And the way to achieve that is education salutes
reply
These are all really cool facts! Onward!
reply