When you create a Bitcoin wallet, you define the conditions in which the coins that are sent to that wallet can be spent. The most simple wallets just require a signature from your key. But Bitcoin allows us to place additional requirements on the coins in our wallets such as signatures from additional keys or timelocks.

A wallet with a recovery key allows an alternate key to spend your coins--but only after a pre-specified length of time has passed.

This is useful because it gives you a different set of security trade-offs when it comes to storing your keys.

If you have a significant (significant means it would be a big deal if you lost it) amount of wealth in a Bitcoin wallet, you probably shouldn't keep the keys on your phone...or any device that is connected to the internet.

But keeping them in your head isn't a good option either. So, you've got to figure out some way to record them that is both durable and secure.

Here are some of the most common ways people store their keys:

Writing down your seed words or your private key is about as simple as it gets. It's easy to do and you don't need to buy anything.

What's great about paper is that it isn't electronic. You just need to be able to read what's written on the paper. So if you write your seed words down and store them in a safe or in a drawer, they are likely to be there when you need them--unless your house burns down...or floods...or your dog chews on it. Paper is only durable in a narrow set of environmental conditions. You better have copies.

However, if someone finds your seed-word paper, they can steal your bitcoin. It's not feasible to encrypt a paper copy of your seeds -- the more characters you write down, the greater chance you mess something up. So you need to take the physical security of this piece of paper pretty seriously, and when you make copies of this not-terribly-durable thing, the problem is multiplied.

Most people probably know this, but taking a picture of your written down seed words is a really bad idea. Don't do it.

Steel is better than paper when it comes to physical durability. Steel can be more resistant to heat, corrosion, and water. Jameson Lopp has done a great job comparing steel backup devices. Our personal favorite is Cryptosteel's Seed12.

Steel backups make a lot of sense, but steel still doesn't solve the problem of keeping the keys secure. If someone gets access to the backup, they get access to your bitcoin.

You can encrypt your seed words and store them on a device like a hardware wallet or a flash drive or SD card. But just like paper, devices don't do well with house fires and floods and they have the additional risk that something might go wrong with the storage device itself.

Manufacturers say data on a flash drive can last between 5 and 10 years, but there are a lot of factors that affect the actual number. Who hasn't had a USB drive die on them just after you started using it?

Some people encrypt their seed words and upload them to the cloud. While this may solve data durability, it introduces a new problem: counterparty risk. The data storage provider may cancel your account or refuse to serve your data to you. You certainly don't want to be in the position where a third party has the only copy of your seeds -- even if it's encrypted.

And if you encrypt your seed words, you have the new problem of where to keep the key to decrypting your seeds. Perhaps the security trade-offs are slightly different for storing this passphrase, but all the same data durability concerns we already discussed still apply.

Let's talk about recovery keys again. A wallet with a recovery key still has a primary spending path. It can be a single signature or a multisig wallet. You still need to think through how you are going to store this key (or keys if you have a multisig).

However, because you have a recovery key, the trade-offs for storing all your keys look a little different. The recovery key is timelocked and cannot spend your coins until your primary key hasn't been used for a pre-specified length of time.

Let's pretend you create a wallet with a recovery key that has a timelock of one year. You can safely give your recovery key to a family member or your attorney and they won't be able to spend your coins for one year.

If you try to use your primary key and something goes wrong -- maybe your hardware wallet has died or your paper backup is illegible -- you don't have to freak out. Just go get your recovery key from wherever you stored it and wait until the timelock expires. Then you can send your funds to a new wallet.

The recovery key acts as your backup, but unlike a simple copy of your primary key, it can't be used until the timelock expires. Giving a copy of your primary key to your family or attorney means you trust them not to steal the coins. Giving a recovery key to them just means you trust them to keep the copy and give it to you when you ask.

Now imagine you have a multisig wallet. Multisigs are great because they allow you to spread out your keys. This means it is much more difficult for someone to steal from you because they have go to multiple locations to collect the keys.

Most people use multisigs with a threshold for spending that is lower than the total number of keys in the multisig. So you will often hear about a 2 of 3 multisig or a 3 of 5. In the first case, this means there are 3 total keys, but only two of them are needed to sign a transaction from the wallet.

In such constructions, the "extra" keys are essentially being used as backups. However, all the keys are equal and can contribute to the quorum needed to spend, so you are taking on the additional burden of securing all these keys.

If you have a recovery key, you can safely create a 2 of 2 wallet and get all the benefits of multisig, without having to secure extra spending keys. Your "backup" key is the timelocked recovery key that can only be used some pre-specified length of time after last using your primary keys. This recovery key can safely be kept with a family member or attorney and only becomes active if you lose one of your other keys.

So...are you curious how all this works?

Recovery keys are enforced by Bitcoin consensus rules. There's no proprietary tech or external code that enforces the timelock on a recovery key or the spending path of the wallet. It's just Bitcoin.

Bitcoin has had the ability to lock coins for a specified length of time (or number of blocks) since the very beginning. Today, many different kinds of transactions make use of timelocks: if you've opened a Lightning channel, you've used a timelock; if you've done an atomic swap (like Boltz) you've used a timelock; if you've posted a fidelity bond with join market, you've used a timelock.

There are a number of different ways to create a timelock in Bitcoin. Wallets with recovery keys use what is called a relative timelock. This means that the timelock is initiated when you receive the coins and that it can only last for 65535 blocks. This limit is imposed by Bitcoin consensus rules. However, the timelocked can be restarted by sending coins back to a new address in your wallet.

Normally, your wallet might only have a spending path where your coins can be spent in a transaction signed by the wallet's primary key. But wallets can have more than one path to spending their coins.

A wallet with a recovery key has an additional spending path where, if a timelock expires, your coins can be spent in a transaction signed by the primary key OR by a recovery key.

Liana Wallet has easy templates for creating wallets with recovery keys. If you just want to try it out, select Signet from the Network drop-down when you create your wallet. Signet is a Bitcoin testing network where the coins have no value. It's great for trying things out.

👉️ Download Liana Wallet and learn how use a wallet with recovery keys.