Topic: Secure private key restore (Read 312 times)

Let me tell you the reality, It’s Official: More People Have Access to a Mobile Phone than Toilets in the World which is shocking but backed by data so there is no point is assuming people are not privileged to have a smartphone.

This is why the community always suggest multiple backups at different locations which should be water and fire proof. I know not everyone is capable of doing that but we have alternatives like storing the seeds in meal sheets that can be worn as a jewelry, etc
This is rare phenomon and we can't really prepare ourselves for such incidents, no matter how good we are prepared we might not make it right at that time so we can have a backup that is stored in a different locations from where we live which depends on how rich we are and how much crypto we hold in our portfolio.

Let's say if it's just few thousand dollars then you could keep it in the same device that you use on everyday on good wallet that is self cutodial and open source. If it's in milions then you probably have ideas and where to keep them safe.

If you are still paranoid about a natural disaster is going to wipe all your wealth then it's okay to subscribe to those self custodial multi signature wallets which offers recovery by holding one or more keys on behalf of you.

There's saying "prevention is better than cure". So IMO people should take more time to backup their wallet file or recovery words properly. In addition, you could either encrypt the recovery words or split it using split before you place it on someone's else to reduce amount of trust needed.

That's the whole point of Bitcoin I suppose? Traditional banks can lock you out of your accounts or freeze and block your accounts without your permission. When you're in control of your accounts, you should be responsible to secure it accordingly.


This is unnecessarily complicated. If you're someone who can't store a key of strings securely with the help of additional hardware wallets or offline storage systems only exclusive to you, you shouldn't be using Bitcoins I guess. Adding multiple layers of encryption will make it difficult to access your funds.

I would suggest to make a thorough assessment of likely loss risks for your coins, your wallet(s). Most likely potential loss risks can be mitigated or properly removed with appropriate things or actions.

If you fear a tsunami or earthquake or wildfire can strike your fate, deploy redundant backups at different geographical locations. You could buy multiple copies of a book, mark somehow your recovery words in an inconspicuous way e.g. and package each book to send to friends or relatives who live somewhere else to keep and store it for you. I'm just giving an example...

No fancy public scheme or an encryption needed that will shoot you in your foot years later when you forgot to document it properly or lost your documentation or whatever silly things tend to happen which you haven't thought of beforehand.

Thank you all for participating this discussion.

Let me explain why I think it's important to have a key recovery mechanism with BTC. And I understand all privacy concerns, that's why, I see all proposal here as optional, but most likely suitable for large scale BTC adoption.

Assumption: For the majority of people around the globe, the smartphone will be used as a wallet. There are people using feature phones to make BTC payments already, because they can't afford a smartphone. So probably, not all can afford to buy another hard wallet, and have the possibility to store this wallet securely.

Scenario: Imagine some people living in Asia 2004, having stored their BTC on a hard wallet, as every Bitcoiner suggest to do, maybe they also have some paper backup.
Within minutes, a Tsunami arrives, destroys your house, you are losing your friends and family, and if you are lucky, you find yourself and them a few days later still living.

Now, despite you lost your houses and your whole life changes from one day to the next, you also lost all your money. Everything, you put aside for later, maybe also for the future of your kids is gone. You have no chance to claim your private key or seed phrase. It's gone, unless you have shared the seed phrase with some trusted person in a different country / area.

How can technology help to fix this issue? How do you imagine this should be fixed in a BTC world?

All that self-custodial thinking is useless in such a scenario. And that's just one out of many scenarios, when people suddenly have to leave their homes, and have no chance to take their smartphone or hard-wallet with them, because you may lose important minutes or seconds to save the life of someone you love.

I am definitely not a pessimistic person, but these are real problems BTC will face when it comes to mass adoption.

I don't see this as a challenge, when you are given a private key in a process of opening a wallet all you need to do is to keep it safe and secured, now there are many ways to keep your private key safe.
You can write down your private key on a book and then keep it in a place where you know no one can reach, a lot of people are using this method you can decide to write it in two different books and then keep it.
You can also use cold store by storing your private key on a device that is never connected to internet for example USB drive.
Some people will write down there private key on paper and then snap it with there phone back it up with there email or Google account and then delete the photo of the private key from there phones if maybe they are in need of it they will just restore it and the picture of the private key will show this is also a good way to save your private key, which ever way you want to use just make sure is good and your key is safe and won't get missing.
One thing I will like to add again is that don't connect your wallet to airdrop if you do then you have given hackers an opportunity to get access to your wallet.

The major factor of bitcoin is being your own bank by holding the private keys to your wallet directly.
If we are giving it away to somebody else to hold then how can we guarantee that our funds won't be compromised.
If you are allocating few people to recover your seeds then they can join hands together to access your funds can't they.
You have hardware wallets already and you can seggregate your funds to different hardware wallets and keep them secure too.
Why take the hassle to compromise on security ?

If you still consider the same thing then why not buying other assets like stock, bonds etc... as they don't require you to remember any seedpharse.

But BIP 39 exist, where user expected to backup 12 or 24 words securely without ever touching private key directly.


Your usual multi-sig (N-of-M) address isn't enough. You need to create P2WSH or P2TR with custom spending condition.


CMIIW, but it means knowing someone else phone number, IMEI or similar data open possibility to steal Bitcoin.

That's the principle idea behind Bitcoin and without it, there is no reason for it to exist. So if that discourages some people from getting into bitcoin, that's a good thing.


Your idea is adding complications and is relying on other layers that are not part of the Bitcoin protocol itself which makes it not-work.

Additionally what you are dealing with is lacking uniqueness and reliable identifiability. For example in Bitcoin when you have a key, that key is unique and can not be produced by anybody else. Others cannot produce a signature from your key without having your key.
But when it comes to something like IP address, many users don't have a unique IP since their ISPs give them dynamic IP. Secondly unlike a private key, that IP address can be spoofed and a malicious actor can pretend to be someone else!

I believe that SLIP-39 is exactly what you are looking for.

Trezor created a mnemonic seed protocol similar to BIP-39 called SLIP-39. It is an improvement over BIP-39 and it supports key sharing. It can be used with the Trezor wallet as well as a few others.

Take a look at https://content.trezor.io/slip39

Hi,

You've outlined an intriguing concept for improving the security and recoverability of Bitcoin private keys using a form of multi-signature (multi-sig) and network-layer identifiers like SIM or MAC addresses. By involving trusted friends and family members and leveraging network access identifiers, you aim to create a secure and practical method to recover lost keys without sacrificing complete control over one's assets. This could help more people feel secure in their Bitcoin ownership by providing a fallback KMFusa mechanism through trusted individuals. It's an innovative idea that could indeed find interest in the crypto community!

It is very important and it is recommended in How to back up a seed phrase? There are more important steps but I quote a point that is similar to your advice.

Test your back up by recover your wallet from it and compare it with your original wallet, to see whether adddresses are the same. If possible, you can fund that wallet with small money, and test its balance from two wallets (original one and recover one). If addresses are the same, balances are the same, you are doing well from backup and recovery, it's time to fund it fully.

Don't focus too much on private keys as users normally shouldn't have to deal with those. That's the purpose of wallets to manage and use your private keys. If you want safety for your wallet, use a decent good hardware wallet or a proper cold software wallet (offline).

Take and accept responsibility for your non-custodial wallet(s).

Do practice recovery BEFORE you load your wallet with real value coins, whatever your wallet is. I have the feeling that a large percentage of users simply don't think of this important step. Verify(!) that you're able to properly recover your wallet from scratch! Do not postpone this step. There's no excuse, you can play around with Testnet coins practically for free (you should not pay for Testnet coins, usually there are some free faucets or donors where you can get enough Testnet coins to practice a lot of recovery experience).

Then recovery boils down to usually mnemonic recovery words and if used in addition to not expose the wallet's security to the recovery words alone, an optional mnemonic passphrase. (You can also have a multisig-setup, if you understand it properly and if it actually aids security.)
I'm not going into much details here, some decent knowledge always helps (https://learnmeabitcoin.com). Never store mnemonic recovery words and optional mnemonic passphrase together, that should be obvious. Prefer analog backup on decent paper and/or stamp your recovery details into resistant metal washers or similar for fire/elements protection. Online digital backups is usually asking for later desaster (not in all cases, but in most). It's simple: something never being online, can't be stolen online.

Document enough details so you know after years what purpose a particular wallet has and that you have all details for successful recovery later (you did practice it, didn't you?). Prepare documentation for your heirs should something bad happen to you.

Make an assessment of what risks could lead to a loss of your wallet(s). Pick the most likely ones and find reasonable remedies for them. It's not likely you can cope with every risk and over-complicating solutions are a risk on their own. It's surprisingly easy to shoot yourself in your foot.

Keep it simple, keep it decent. Practice, practice, practice and never forget good documentation. You can't rely on human memory!

thanks for your feedback.

I don't think the private key or seed should go online, but maybe allow it to be distributed to a trusted group of people.

And I don't think there must be an instant recovery for lost keys, it's like you lost you credit card, you may have a short term problem and you are unable to pay. But the fact that you can go back into your bank, is still there. It's not like you lost your whole amount.
I am really talking about the "last resort". And as an independent person, I want to decide to whom I give acces to my keys. And not just an institution, which, then becomes more and more powerful (which might be the insurance industry, if you think of it in the future).

And technology is only useful it it solved problem to people or to the real world. Otherwise there is no value (that's why customer centric design etc. was evolved). And imho this problem is not solved with Bitcoin. And we cannot expect that everyone will manage this by themself, or educate themself in that details as people do who are very much involved with Bitcoin.

Since private key or seed should never go online, I find this direction... wrong.

Nowadays people recover seed, not private keys, English words and maybe some added protection are more.. human.
For seed recovery there's for example Shamir's secret, but not the only way.

Then, you seem to be keen on the fact one has to recover his private key "right now". Why the haste?
You may have it in your hardware wallet or cold storage and only if that gets broken you'll need your backup. Plus, you may have a backup hidden in a way or another at hand (even if probably encrypted in a way only you can recover it).
So the others are imho a "last resort". And if they'll give you their share of the backup even if 30 days later would not be the end of the world.


I don't want to be too harsh, since you are right, the lack of means for recovery are a real problem, you are going into a wrong direction.
The problem is human: people are lazy or they're lacking the proper knowledge to make a good backup.
The problem is not technical. And yet you want to find a technical solution that imho weakens the security of the wallet, i.e. not good.
Sorry.

While your idea is creative, it introduces some potential downsides that could conflict with bitcoin's principles and practicality.

1. Linking bitcoin keys to personal network identifiers like sims or mac address could expose users to tracking or hacking. This goes against bitcoin'ss core value of anonymity.

2. Network identifiers can be spoofed, stolen or hacked. If someone gains control over trusted person's identifier, they might compromise the key recovery process

3. Sim cards, mac addresses and other identifiers can change due to upgrades, switching providers or technical issues. Managing these changes securely without risking access loss could add complexity

4. Incorporating network-layer identifiers might introduce reliance on internet or telecom providers which could conflict with bitcoin's decentralized ethos

Hi, I would like to open a discussion about an idea which I have since couple of months. So maybe some people here are interesting in joining this discussion.

I think one of the biggest challenge with Bitcoin is that there is no standard process to recover a private key. When you lose it, it's gone. You are fully responsible for keeping it secure, but also to keep it safe. This gets a lot of people out of Bitcoin, because all of sudden, they become fully responsible for their own money. It's like you have a lot of cash, and now only you need to make sure that you (A) you hide it to prevent it from being stolen (B) you never forget where you have hidden all your money.

Because it's difficult to solve a and b together, it becomes easier to trust a third party like a bank. Most people have other problems than constantly worrying about their money, which is, of course a good thing

So, if would have a physical key to my secure deposit, i would hand over a copy to the most trustful person in my life (which is usually a partner or someone within your family). But you can also slice the key into smaller chunks, and give it to some of your friends, where you know only them together can open it up. And if one friend disappears, the others can still open it. As far as I understood, this is multi-sig, which already exists for Bitcoin.

Now, the crucial question: Could the name (or let's say some identifier) of my friends somwhere be stored secure, in an encrypted way? The "name" of my friends would usually something like a SIM or MAC address; in TCP/IP stack at network layer (or physical link in OSI model). Because this is where we all get connected, either with a modem at home (for fix line access), or with a SIM card for mobile networks. And I would argue that most of people using Bitcoin have either one of those two access (unless you are constlantly using public WiFi / enterprise WiFi).

So if we could bring this part into Bitcoin, we could probably solve the issue with lost keys. It doesn't mean that anyone has to use it, but for those you want to define some people who could act as a backup, that would be awesome, if this gets standardized, and without having any other blockchain, token etc.

Because if that's the case, I could define a group of real people, which are able to recover my key, in case I would lose my key, e.g.

Alice
Bob
Charlie
David
Eve
Frank
Grace

Out of these 7, at least random 5 people must agree to unlock the key. Or Alice & Bob can do it alone, because they are my kids, and I trust them that they would never steal my money. Because we trust people in our life all the time, and, at least my perspective as a bitcoiner, I would rather trust some very close people around me than an anonymous institution like a bank, to solve problem (B) from my introduction text..

I know this is probably the part of multi-sig (which I don't fully understand technically, but the concept).

But I think the issue is, that those people should not have to carry part of this key with them, but rather having is somehow automatically technically assigned in a way they access the internet (and this data being encrypted).
For mobile network access (SIM), there are MSISDN (phone number), IMSI, ICCID, IMEI (device)
For fixed network access (depending on technology, if xDSL, Docsis or Fiber) it's MSIDN (phone number), OTO number, and/or MAC.

Of course there are some other identifiers which could be used. And the tricky thing is they can change over time (SIM switch, network operator switch, relocation etc.) But it's unlikely that all identifiers change for all of your 7 people immediately, under "normal" circumstances.

But I am basically wondering if it's possible to use something from the network layer and combine it with the application layer (where Bitcoin is, at least from my understanding how the internet is working)

And yes, this may break anonymity for people, but made for some people it's a good trade off.

Happy to hear some good input I hope I could explain a bit the idea.