A good consumer product does not require human onboarding.

The consumer downloads the app, and the rest should be seamless and intuitive to follow, walking the user through the onboarding process step by step in a way that does not require outside human intervention.

You’re correct that this application could tell the user to send funds to an address, and then once received, to transfer those funds to a multisig output. But that’s not intuitively how a vault should work. It shouldn’t require a special application to move funds into, with an intermediate location before they can be moved.

The consumer is taught that funds are stored at addresses. This is analogous to bank accounts and easy for the consumer to pick up. Why break that analogy if we don’t need to?

I disagree that we should be ok with a user experience that requires human onboarding.

Sure, I can explain to my grandmother how to move funds to a multisig output. My grandmother trusts me, and I can explain things simply enough that she can mostly follow along.

But not everyone has that. We should be making consumer experiences that are seamless to use, and seamless to understand. Bitcoin self-custody should be self-serve, and it should be designed in a way that is simple to understand.

Step 1) Write down 3 seed phrases Step 2) Create an address to receive funds Step 3) Move funds from Coinbase to that vault’s address

Anything more complicated than that makes it scary for a first time user to follow, unless they have a person they know holding their hand.

To be clear, this is not a question of reasonableness or security. You can set up a perfectly secure multisig wallet with the technology we have today.

This is purely about the user experience, and making it intuitive for a new person to understand. Bitcoin is complicated enough as it is, but it can be explained in extremely simple terms:

Your funds are stored at an address, which is a location on the Internet no different than the address that identifies the location of your house.

Your funds at the address are controlled by keys. And a key is represented by 12 words (or 24 if you choose).

In a single sig, you need only one key to unlock and move funds, but in a multisig, you can set it up so that you need 2 of 3 different keys. This provides redundancy in case you lose one.

That’s it. And the user experience should match that, at least for the average consumer.

Cold storage is terrifying for most people, but it doesn’t need to be. And there’s no reason why people should be introduced to Bitcoin through exchanges, and only later taught to move the funds to cold storage.

You don’t truly learn about Bitcoin until you take it into your possession, and we should develop an outstanding user experience that matches that behavior.

Again, this isn’t about what’s reasonable to ask someone to do. The burden is on us to create the most beautiful, simplistic, and dare I say magical user experience that could possibly exist. Technology should be like magic, and Bitcoin should be no different.

Precisely, the idea is that it’s possible to recover by running a full node. You’d simply need to scan the relevant witness data until you find the data you’re looking for.

If the user writes down the current blockheight along with the 12 word seeds, this can be done quite quickly, because we’d only need to scan blocks after that point.

True. But the user experience for moving funds directly to a multisig in an output script is quite poor today. The entire industry is setup to move funds to addresses.

The user experience for my grandmother should be as seamless as possible. If she wants to move funds to and from Coinbase, she should be able to do that directly. To use a multisig output, she would need to type in an address on Coinbase, moving funds to a personal single sig, then make a transaction moving funds to a multisig output script.

The ideal multisig setup would require nothing more than writing down 36 words on three slips of paper of 12, and securing them in three different locations. Setting up a wallet to move the funds should then require exactly 24 words (2 of the slips of paper).

The problem is that today, a backup configuration file containing the 3 public keys must also be stored. Without it, you need all 3 slips of paper to set up a new wallet and move the funds.

If we want a user to be able to recover funds with only 2 seed phrases, the backup file containing the 3 public keys must be stored in a way that anyone on the Internet can access it.

Imagine a multisig mobile app where the user only needs to input two seed phrases, and the wallet is completely set up for the user, without them needing to import a backup file.

To do this, the three public keys in the backup file must be stored on the Bitcoin blockchain, to guarantee that they can be accessed by wallet software in the future. To provide privacy, this data can be encrypted such that you need 2 of the seed phrases to decrypt it. The software then runs a simple scan over the relevant data on chain until it finds the configuration file that the two seed phrases can decrypt.

I'm glad you find it interesting! I like the way you phrased the question, that's precisely what I'm trying to get at.

To clarify the thought experiment, 1 bond gives you $1 per year in real terms forever. If you buy 2 bonds, you get $2 per year, and so forth.

In other words, if you could invest in a different asset that (1) lasts forever and (2) has a certain rate of return, what yield would you require such that you would consider selling your bitcoin?

Thank you! Just updating my bio actually, but appreciate the welcome!

Excellent writeup @davidw - I love the optimistic tone. Too often we think of the world as a zero-sum game, but reality could not be further from the truth.

As you say, calling bitcoin a black hole does not quite do it justice.

Thanks, I appreciate it.

Getting this operational is definitely the goal, but the precise manner and timing is still TBD. I have a working prototype, which I’ll share publicly when ready.

Thanks for the feedback. Perhaps "unit of account" is too encompassing of a term. Most say that money has three functions (unit of account, store of value, and medium of exchange), but some include a fourth function: a standard of deferred payment.

The reason that a standard of deferred payment is usually left out is that it is considered redundant. A good unit of account should be a good standard of deferred payment, the thinking goes. But I recognize that not everyone agrees.

My intention was not to use language that was alienating, and I appreciate the feedback.