Topic: Multisig best practices (Read 107 times)

It is up to you. You obviously need to store at least one copy of each seed phrase, and importantly, with each seed phrase you need to store the xpubs from the other two seed phrases. Two seed phrases on their own will not let you spend coins from a 2-of-3 multisig - you also need the third seed's public key at a minimum. So your three different pieces of paper should be as follows:

Paper 1: seed A, xpub B, xpub C
Paper 2: seed B, xpub A, xpub C
Paper 3: seed C, xpub A, xpub B

Whether you make one copy of each or multiple copies of each is a balance between security against loss or damage and security against theft. Multiple copies of each means multiple pieces of paper can be lost or damaged and you can still access your coins, but means there are more pieces of paper for a potential thief to discover. One copy of each means a smaller attacker surface for a thief, but also means you can only lose or damage a single piece of paper before you are at the limit for still having access to your coins.

It isn't exactly a "3rd party" service... "SeedPicker" is simply an (open-source) tool that basically bruteforces the 24th word for a BIP39 seed phrase when you give it the first 23 words...

Like it encourages you to put 342 pieces of paper into a bag and "randomly" draw one out, then pick 1 of 6 words on the paper by rolling a die to get 23 words, then bruteforce the 24th using their tool

imo, it's still a terrible idea... 24 word seeds aren't chosen by selecting 23 words and then bruteforcing a 24th... they're created by generating 256 bits of Entropy and then encoding that using the BIP39 algorithm and wordlist.

I have no idea what the entropy of pulling pieces of paper out of a bag is... but I'm not convinced it is going to be 256bits worth!!?!


So, I concur with the OP that you'd be much better of using another hardware wallet like a Trezor or Ledger or even an airgapped BIP39 compatible wallet (Electrum on a LiveOS etc) to create the "3rd" seed/key etc:


As for this:
It's not really dependent on the quorum really... in that m-of-n will always require (a minimum of) "m" seeds and "n-m" xpubs... it doesn't really affect how many copies of each seed should be stored.

So it really depends on your personal risk tolerance, I guess... for 2-of-3, as long as you have access to at least some combination of 2 seeds and 1 xpub (where they are all from different "co-signers":

SeedA, SeedB, xpubC
SeedA, xpubB, SeedC
xpubA, SeedB, SeedC

Then you could easily recreate the wallet and sign transactions.

The idea is to generate seeds separately and keep them separately. The problem is that most people would just generate their seeds on the same machine and store them in the same place (like writing all 3 seed phrases in a 2of3 design on a single piece of paper, or written on different papers but kept in the same home) which is why the author suggests using a third party service so that at least one signer is kept separately.
This is a bad suggestion not just for security and relying on third party being bad but also for privacy reasons since they (and by extension anybody else they sell give your information to) will know all your addresses and sees your transactions.

Consider 2/3, all three needs to have back up of their own seeds. It depends on them how many they will have. As long as the seed is not lost the wallet is good. The wallet is still good even one cosigner lose his seed because to use the wallet you only need two cosigners.

I am still trying to understand you first question.

You do not need any third party service. Whoever is the author he has overdone it I guess. All three cosigners can be created using the same software. It's three different device, if a hacker wants to get access of the wallet then he needs at least two devices to access or two cosigners to convince out of three.

I have read this 10x security guide:  https://btcguide.github.io/

I have some questions as I cannot get through to the creator of the guide.

1) Instead of using seedpicker.net for the 3rd emergency key, wouldn't it be better to generate the key on another hardware wallet e.g a trezor? This would not be used to sign. The xpub would be imported into the multisig and the multisig would never know of the hardware wallet that generated that key. This would only be needed for recovery if 1 key was lost in a 2 of 3 for example.

2) How many copies of each seed should be stored? Would there just be one for each seed so e.g for 2 of 3, there would be 3 in total, or would there be multiple of each? Maybe if that is a consideration, then a different quorum should be chosen.

Thanks.