Originally published on Unchained.com.
unleashed is the official US collaborative custody partner of Bitcoin Magazine and an integral sponsor of related content published through Bitcoin Magazine. For more information on the services offered, custodial products and the relationship between Unchained and Bitcoin Magazine, please visit our website.
As the Technical Director of the Concierge Team at Unchained, I have answered countless customer questions about Bitcoin Multisig. If you are just beginning to understand the benefits of multisig and how it works in a collaborative custody setting, I hope these ten tips will answer some of your questions.
Bitcoin does not live on your device
The phrase hardware wallet may make it seem like your bitcoin resides in the wallet itself, but that’s not the case: the bitcoin is never in your device at all. In reality, your wallet generates and stores your keys only. Your wallet also makes keys easier to access by plugging your device into a general-purpose computer or sharing information with your computer via a microSD card.
So where does bitcoin live? Bitcoin blockchain is a ledger that keeps track of every transaction made and the balances of every address on the network. Instead of storing your bitcoins, your hardware wallet protects and stores the keys used to unlock or spend bitcoins from these addresses.
You can restore your seed phrase to another hardware wallet
When you set up a Bitcoin hardware wallet that follows current best practices, you should be prompted to back up your wallet using 12 or 24 words, usually on a piece of paper that the manufacturer suggests you protect in case something happens to your wallet. These 12 or 24 words constitute your seed phrase, as established in Bitcoin Improvement Proposal 39, or BIP39.
Your seed phrase is like the “key to the castle” it contains everything you need to retrieve and use a key for all addresses protected by the seed phrase.
The benefit of BIP39 seedphrases is that they are interoperable between hardware wallets that support the standard, meaning you can recover your Bitcoin wallet backup (seedphrase) on another brand of hardware wallet. If you initially set up your Bitcoin wallet on a Trezor and want to upgrade to a Coldcard, it’s as simple as importing those 12 or 24 words.
Learn more: How to Replace or Upgrade a Bitcoin Hardware Wallet
You don’t need your hardware wallet with you to receive
With physical money, you must be physically present to confidently and securely transact with another party. Bitcoin fixes this problem for the digital world. If you want to receive bitcoins but don’t have your hardware wallet handy, you can always have a payment sent to the appropriate address.
As mentioned above, Bitcoin does not reside on your hardware wallet; it lives on the Bitcoin blockchain. For this reason, as long as you or someone else sends bitcoins to an address that you hold the private keys to control, you will always be able to move those funds whether or not you have physical access to your device. If Bitcoin is sent to an address you know you control, it will arrive perfectly in the background without your involvement.
What this means for you: If you create a multisig wallet and store your hardware wallets or seed phrases in secure locations, you do not need to have physical access to them to deposit funds.
A device used as a key in multisig can still be used as a singlesig wallet
Multisig involves building a multisig wallet using the public keys of multiple devices, each of which can also serve as a standalone singlesig wallet without any issues. When you create a multisig wallet following emerging standard processes, pre-existing monosig peers have no idea that the multisig wallet exists.
You could think of it as a group email address that redirects to multiple individual email addresses.
This means that, if you wish, you can store smaller amounts of bitcoin on a single wallet, while still keeping your main wealth in a constructed multisig wallet. use this device as one of the keys.
Confirm your multisig deposit address
Bitcoin transactions are completely irreversible, meaning that if you send your Bitcoin to the wrong address, it may be lost permanently. Fortunately, you can use hardware wallets to verify your multisig Bitcoin address on the device before sending funds.
Checking your address on your device confirms three things:
- that the address was constructed correctly (i.e. it is a 2 of 3 multisig, for example, not a 2 of 5 where an attacker added two keys and controls actually the funds)
- that the computer you are working on is not compromised by malware that finds and replaces Bitcoin addresses with an attacker’s address, and
- that your device holds a key to the address.
Address verification on your device should be performed before sending large amounts of funds to any address, whether single or multisig. As of this writing, Trezor and Coldcard support verification of multisig deposit addresses on the Unchained platform.
Learn more: How can I check the receive/deposit address on my hardware wallet?
You don’t need your devices to be physically together to sign
With multisig, you don’t need to have all your keys in the same place at the same time to spend bitcoin. That means you can sign a deal in Austin with one key and sign a day later in Dallas with the other. The transaction can only be broadcast after collecting all the necessary signatures (two in a 2 of 3 multisig scheme for example).
This is a significant advantage over other Bitcoin custody models such as Shamir’s secret sharing planwhich allows you to distribute control over your Bitcoin private key by dividing it into multiple parts (secrets), but requires all parts to be present at the same time to recompile a single key and create a transaction.
You can make a mistake in multisig and still recover your funds
In all Bitcoin multisig setups where m (the number of keys needed to sign) is less than not (the total number of keys in quorum), you are protected against single points of failure and can still recover your funds in the event that one or more critical items are lost, stolen, or otherwise compromised.
There are 2-of-3 multisig scenarios (with a collaborative custody partner like Unchained holding the third key), where up to three items could be compromised before it becomes impossible to recover your funds.
Even though fault tolerance in multisig provides peace of mind, all these scenarios you must always protect yourself at all costs Next Hardware wallet seed phrase and best practices for storing, and you should always regain full control as soon as possible in case any of your critical elements are lost or compromised. And that brings us to number eight…
Learn more: The Ultimate Guide to Storing Your Bitcoin Seed Phrase Backups
You can replace a key in your multisig configuration if necessary
When using Bitcoin Multisig, if you ever lose a wallet or misplace a seed phrase, it is important to replace that key in your multisig. m-of-not scheme. You can do this with any of the popular multisig wallets.
Although a single compromised key alone does not put your funds at risk in the most common multisig operations. m-of-not Under these schemes, replacing a compromised key will allow you to regain full control of your funds and eliminate the possibility that the key could ever be used against you in the future.
In a collaborative custody model like the one we use here at Unchained, replacing a key is simple. You can simply log into our platform, choose the key that has been compromised, and quickly replace it with a new one. You can read the full process of replacing or upgrading a hardware wallet at the link below, and if you’re already an Unchained customer, check out our knowledge base article.
Learn more: How to Replace or Upgrade a Bitcoin Hardware Wallet
You can create multiple multisig wallets using the same devices
As we mentioned in number four of this list, using your hardware wallets/seed expressions to both a singlesig wallet and building a multisig wallet is no problem. Likewise, using your hardware wallets/seedphrases for multiple multisig wallets does not cause a conflict between those wallets until you use the same one. extended public keys (xpubs). This is usually represented as a multiple accounts functionality in most Bitcoin wallets.
Hardware wallets allow you to use different xpubs from different derivation paths, which is a technical way of saying a different set of Bitcoin keys on your hardware wallet generated by the same 12 or 24 word seed phrase. This means you can create multiple multisig wallets from the same seed phrase/device set, such as using the same devices for a personal vault and an IRA vault. Maybe even a loaner safe too!
Collaborative custody does not introduce a single point of failure
When I’m getting started with multisig collaborative custody at Unchained, a concern I hear often is the dependency on our platform. If Unchained were to cease to exist or experience significant downtime, how would you recover your funds if your wallets were built using our tools?
Our multisig platform is designed to eliminate all single points of failure, including ourselves. As our platform is fully interoperable with established Bitcoin standards, you can always regain access to your vault outside of the Unchained platform with compatible software like our open source multisig coordinator, Caravan, or Bitcoin wallets like Sparrow or Electrum. Just make sure to save your wallet configuration file!
Learn more: How can I recover funds from my safe using Caravan?
Originally published on Unchained.com.
unleashed is the official US collaborative custody partner of Bitcoin Magazine and an integral sponsor of related content published through Bitcoin Magazine. For more information on the services offered, custodial products and the relationship between Unchained and Bitcoin Magazine, please visit our website.