# Ideas on multisig After accumulating for months (and years) during the current winter market, I have progressively felt more and more the responsibility of successful self-custody on my shoulders. As of today, with our current holdings, if a few or all the important wallets were compromised or lost, we would experience a complete and utter financial catastrophe. And I can't allow that to happen. I have know for some time now that the next level of security would be a multisignature wallet, but I have avoided tackling it out of laziness and because I thought it would be terribly complicated. The other day I watched a video from BTC sessions on the Sparrow wallet, mainly due to having heard a lot of people talking about this wallet lately. As the video passed, I kept thinking that the wallet is just as good as any other. But then, when I reached the multisig section, I was amazed. It was so damned simple, clean and obvious. After watching this, I decided it was time to get responsible and implement a multisig scheme to store our funds. ## What I have today Right now I have a mess of wallets. This is the current inventory: 1. Saylor 2. Palanca 3. Bisq cold 4. Umbrel 5. Bisq hot 6. Tainted 7. Saylor bait 8. Futurible Antonio MC 9. Futurible Ana y Scot 10. Arya y Unai 11. Gala Wisselink Wallets 4, 5, 6 and 8 will remain untouched. Wallet 7 will be outdated, I'll mix the coins back with the main saylor because I'm happy with the bait experiment and I don't want to have to keep a separate wallet anymore. Wallets 9, 10 and 11 should be moved to an alternative version that does not require using colki so I don't have to go fucking around with different seeds constantly since that is most definitely a bad idea. Wallets 1, 2 and 3 should be merged into the arctic. ## A draft on how I could clean up the mess Let's assume I had 3HW wallets. My Coldcard MK3, a BitBox02 and a Trezor One. That allows me to have: - One wallet associated with each HW seed. - Three possible 2-of-2 multisigs. - One 2-of-3 multisig. So, how to store safely? The devices themselves are not that dangerous. They all use some pin based security that makes them useless if they fall in the hands of adversaries. As long as this is not coupled with a physical attack on me to force me to give the pin away, I shouldn't be worried. Now, for the seed backups: this needs more thought. Effectively, 2 of the seeds plus the 3 master public keys are the required to spend from the wallet. Thus, to enjoy the benefits of multisig to the fullest, no single storage location should contain everything that is necessary to spend from the multisig wallet. Besides this, I can always have a single seed holding several "virtual" wallets just by keeping a separate accounting in gnucash. This simplifies management a lot, but also puts all the eggs in one basket. But then again, it's sort of a titanium basket... ### Temperature Policy - Hot wallets are hot and used to play around. No fucks given. - Snow wallets are Umbrel and Bisq. They have a good chunk of money to reduce the need to go to the arctic. - The arctic is the long-term, no touchy vault. ### Keys and Locations There are three keys: colki, biti and trevor. There are four physical locations: Tibidabo, Argentina, Matagalls and Maestrazgo. There are two virtual locations: Mitre and Redmond. | Location | Coldcard (MalasaƱa) | Coldcard Seed | Bitbox02 (Daoiz) | Bitbox02 Seed | Trezor (Velarde) | Trezor seed | Sparrow Backup | | ---------- | ----- | ---------- | ---- | --------- | ------ | ----------- | -------------- | | Tibidabo | X | X | | | | | | | Argentina | | | X | X | | | | | Matagalls | | X | | | X | X | | | Maestrazgo | | | | X | | X | | | Mitre | | | | 1 | | 2 | | | Redmond | | | | 2 | | 1 | | | Poco | | | | | | | X | The Tibidabo package contains: - Open use Coldcard - Tamper proof bag with: - Coldcard seed - USB with Sparrow wallet export, including all XPUBS The Argentina package contains: - Open use Bitbox02 - Tamper proof bag with: - Bitbox02 seed - USB with Sparrow wallet export, including all XPUBS The Matagalls package contains: - Tamper proof bag with: - Trezor one - Trezor one seed - Coldcard seed - USB with tails - Instructions in case of friendly opening The Maestrazgo package contains: - Tamper proof bag with: - Bitbox02 seed - Trezor one seed - USB with tails - Instructions in case of friendly opening Migration plan: - Create multisig - ~~Create malasana key set~~ - ~~Create wallet in sparrow~~ - ~~Backup wallet skeleton~~ - Back it up partly - ~~Create Tibidabo package and store~~ - ~~Create Argentina package and store~~ - Test ride with some money - ~~Create changes in accounting~~ - ~~Play around with a couple of transactions~~ - Load bisq cold - Load - Remove backup from home - Remove backup from argentina - Send monthly DCA - ~~Retrieve part of it ~~ - Back it up fully - ~~Create Maestrazgo package~~ and store - ~~Create Matagalls package and store~~ - Finish the transfer - Move saylor - Load - Remove backup from home - Remove backup from argentina - Remove border backup - Move palanca - Load - Remove backup from home - Remove backup from argentina - Remove border backup - Remove old stuff - Remove bisq cold keys - Remove palanca keys - Remove saylor keys - Train the team - Hold session 1 - Hold session 2 - Perform transfer simulation 1 - Perform transfer simulation 2 ## Status check on September 2023 The full plan for the multisig was not completed and we are in a shaky half-assed state that I don't like. I'm going to: - Describe how I would like the end state to be. - Assess how things are now. - Define the steps to go from as-is to to-be. ### Target state - Three locations with the following contents: - Tibidabo Package - Accessible coldcard - Coldcard seed - Sparrow file backup - Argentina Package - Accessible bitbox - Bitbox seed - Sparrow file backup - Fren Package - Trezor - Trezor seed - Sparrow file backup - Digital copies - Keychain - Stored in Onedrive - Encryption key in Bitwarden - Descriptor - Stored in Onedrive - Encryption key in Bitwarden Additional assets - Written description + instructions in case of death Operating procedures - Smoke test transaction once every quarter - Training session once every six months - Check on fren once a year ### How things are now - Tibidabo package exists - Argentina package exists - Fren package exists but is stored at tibidabo. - Digital copies do not exist - Written description + instructions do not exist ### Steps 1. ~~Write description and instructions~~ 1. ~~Prepare a Tails USB with persistence~~ 2. ~~Write and encrypt~~ 3. ~~Store a digital copy of instructions in onedrive~~ 4. ~~Store in two thumbdrives for heirs~~ 5. ~~Deliver to heirs and train them~~ 2. ~~Assemble all packages in one location~~ 3. ~~Create digital copies and store them~~ 1. ~~Write the seeds in different files~~ 2. ~~Encrypt them with PGP key~~ 3. ~~Upload to onedrive~~ 4. ~~Review contents of all packages~~ 5. ~~Store Tibidabo package~~ 6. ~~Store Argentina package~~ 7. ~~Store Fren package~~ 8. ~~Inform confidants and share description and instruction files~~ 9. ~~Set operating procedure calendar reminders~~ 10. Store mystery package