Pages:
Author

Topic: Writing down seed phrase: printer ink or pen ink ? - page 2. (Read 1198 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
You can derive xpub2 from seed2, which you do have.
That I do not know how to do. Please drop a link about it to get some idea.
Electrum can do this: New Wallet > Multi-signature wallet > "From 5 cosigners Require 3 signatures" > "I already have a seed" > scrub random route excite document walk decorate disorder raw float rubber typical > "Here is your master public key": Zpub6xh6PiSGQbm4rHdk4Uzevhz1zuz5Vk8vwpPxDQvNRXbCdkDfsdPwZkdRQjxA7WfnH9t8vXL8oCF kaN3SepiPbxB2WcubPkh6TWzSmqsjfaB.

Quote
In a 3 - of - 5 wallet don't I need at least three cosigner and all 5 xpubs to restore the wallet.
If you have 2 xpubs and 3 seeds, you have everything you need to get 5 xpubs. Or in my example zpubs (which means it's using a native Segwit address).
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
You can derive xpub2 from seed2, which you do have.
That I do not know how to do. Please drop a link about it to get some idea.

Quote
You only need the 2 xpubs from the seeds you don't have.
A bit confuse now. In a 3 - of - 5 wallet don't I need at least three cosigner and all 5 xpubs to restore the wallet. I have used 2-of-3 multi sig but did not try with 3-of-5 however my understanding is the algorithm should be similar for restoring an x-of-y wallet.
legendary
Activity: 2268
Merit: 18771
You can derive xpub2 from seed2, which you do have. You only need the 2 xpubs from the seeds you don't have.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
I need all five people alive to get me the full set.
No, you don't. That would be a 5-of-5. The set up you've quoted is a 3-of-5. Pick any 3 of those 5 friends, and you will have at a minimum three seed phrases and master public keys from the other two seed phrases. This gives you all you need to fully restore the wallet and spend the coins from it.
My understanding is I need at least three seed and all 5 xpub keys on a 3 - of - 5.

Let me pick
Quote
Friend two: Seed2, xpub3, xpub4
Friend three: Seed3, xpub4, xpub5
Friend four: Seed4, xpub5, xpub1
Am I not missing xpub2? Without it I can not restore the wallet.

The combination I need to restore the wallet is

1. Seed2: xpub 1, xpub2, xpub3, xpub4 and xpub5
2. Seed3: xpub 1, xpub2, xpub3, xpub4 and xpub5
3. Seed4: xpub 1, xpub2, xpub3, xpub4 and xpub5

Since xpub2 is missing, I can not restore the wallet.
legendary
Activity: 2268
Merit: 18771
I need all five people alive to get me the full set.
No, you don't. That would be a 5-of-5. The set up you've quoted is a 3-of-5. Pick any 3 of those 5 friends, and you will have at a minimum three seed phrases and master public keys from the other two seed phrases. This gives you all you need to fully restore the wallet and spend the coins from it.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
My understanding is when you will create a 3-of-5 multi-sig, all five need to have all public master key to get the wallet created first. Or you are saying I create a 3-of-5 wallet and carefully give them the public key and public master key?
If you are going to create 5 separate wallets, then yes, each wallet needs to be given the other four master public keys in addition to its own seed phrase. There is no need to actually create 5 separate wallets though. I can generate 5 seed phrase, derive the 5 master public keys, use those 5 seed phrases (or master public keys if you want a watch only wallet) to create a single wallet for my own use, and then create the 5 back ups I have specified above and hand them out to 5 friends or relatives. The friends or relatives don't need to create a wallet; they just need to hold on to the back up you give them.
In a x - of - y wallet it's actually one wallet, isn't it? There are y set of seed and public master key. LoyceV's example is perfect to understand what I mean. We are considering that one wallet.

Anyway, the concept seems clear now. All I need is to create an x - of - y. In this case if it's 3 - of - 5 then I need 5 friends to hand out -
Friend one: Seed1, xpub2, xpub3
Friend two: Seed2, xpub3, xpub4
Friend three: Seed3, xpub4, xpub5
Friend four: Seed4, xpub5, xpub1
Friend five: Seed5, xpub1, xpub2

I see a problem here. I need all five people alive to get me the full set. If anything happen to anyone of them then I lose the wallet unless I find an alternative for each set. So I will need. Friend one (a, b), Friend two (a, b), Friend three (a, b), Friend four (a, b) and Friend five (a, b). It's involving too many people LOL. Or I messed up?
legendary
Activity: 2268
Merit: 18771
My understanding is when you will create a 3-of-5 multi-sig, all five need to have all public master key to get the wallet created first. Or you are saying I create a 3-of-5 wallet and carefully give them the public key and public master key?
If you are going to create 5 separate wallets, then yes, each wallet needs to be given the other four master public keys in addition to its own seed phrase. There is no need to actually create 5 separate wallets though. I can generate 5 seed phrase, derive the 5 master public keys, use those 5 seed phrases (or master public keys if you want a watch only wallet) to create a single wallet for my own use, and then create the 5 back ups I have specified above and hand them out to 5 friends or relatives. The friends or relatives don't need to create a wallet; they just need to hold on to the back up you give them.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Let's take 3-of-5 as an example since that's what we've been using so far.

Back up 1: Seed A, xpub B, xpub C
Back up 2: Seed B, xpub C, xpub D
Back up 3: Seed C, xpub D, xpub E
Back up 4: Seed D, xpub E, xpub A
Back up 5: Seed E, xpub A, xpub B

Any 3 of those 5 back ups gives you 3 seeds and the other 2 xpubs, allowing you to fully recover the wallet, while preventing any person from viewing the contents of the multi-sig wallet.
My understanding is when you will create a 3-of-5 multi-sig, all five need to have all public master key to get the wallet created first.
Let's just test it Smiley

I created the following Multi-Signature Wallets in Electrum ("from 5 cosigners require 3 signatures"):
A. uphold plug victory much grunt plug convince option dizzy edge observe drastic
master public key: Zpub6xxXDnNQaCWT8QAZy9omUXxqtxFvaZyqpfaH79dZYVFZidZAnvJR7ta44V5ajdy16nr917DcWkK 9yGST24TFCTNgyxnk5uJPMEpQRVoGABk
B. scrub random route excite document walk decorate disorder raw float rubber typical
master public key: Zpub6xh6PiSGQbm4rHdk4Uzevhz1zuz5Vk8vwpPxDQvNRXbCdkDfsdPwZkdRQjxA7WfnH9t8vXL8oCF kaN3SepiPbxB2WcubPkh6TWzSmqsjfaB
C. grape thumb verify sail raven river regret view net laptop clump grocery
master public key: Zpub6xv1ZrjZp8qdrcR2NfG7ZUnnw1Ce8GH39WZ8ZWyjq1yFAnguYfvMLKjrpruu1uCCWynvR9diff3 nGWx52TdNbCp43NHTJzaGQGVybo8PN8s
D. tourist brick accuse tooth spike erode remind patch biology cheese auto dinosaur
master public key: Zpub6yATJpzSCj8ps6xGJXRjHfFotNXUCTpqz2CSQcbC5V16FDJNYp8bVmUQsV4p5yiVUWvW6r1QxfU vCXz9LbpfYcSjux1fiSsVsJNgxLDNUKL
E. dinosaur kit uphold ring region attract ill blur goose swamp noodle million
master public key: Zpub6xofxsy4oCYwkfCF2Aw8XhXW9yRVPx5kBeYHtFWjRR78mmpYUH4e8kYaG6X1StgvnRidK8UBgb5 gYjRmmgmRi4i3JzeL2vRChuSjuCAK5V3

Using the seed A and master public keys B-E, Electrum produces this address first: bc1qlcaruvdjc4em502w0pxadwrhjtrh4sd5jf7td65nctr7yhm0gfgq97ynk9

Quote
Or you are saying I create a 3-of-5 wallet and carefully give them the public key and public master key?
From my little test, I think this is correct. Anyone holding 1 out of 5 cards can help you recover funds, but doesn't know the address(es). Some combinations of 2 out of 5 cards are enough to recreate the address.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
Part of my OPSEC is not sharing the exact details. It feels better that way.
Critical Venezuela mindset, Biden might go to you for oil and gas and reconsider sanctions from USA, I mean it's fine 😉

Let's take 3-of-5 as an example since that's what we've been using so far.

Back up 1: Seed A, xpub B, xpub C
Back up 2: Seed B, xpub C, xpub D
Back up 3: Seed C, xpub D, xpub E
Back up 4: Seed D, xpub E, xpub A
Back up 5: Seed E, xpub A, xpub B

Any 3 of those 5 back ups gives you 3 seeds and the other 2 xpubs, allowing you to fully recover the wallet, while preventing any person from viewing the contents of the multi-sig wallet.
My understanding is when you will create a 3-of-5 multi-sig, all five need to have all public master key to get the wallet created first. Or you are saying I create a 3-of-5 wallet and carefully give them the public key and public master key?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I am interested to learn how you are handling your crypto.
Part of my OPSEC is not sharing the exact details. It feels better that way.

My wife knows about all my back ups.
It's one of the perks of being married Wink
newbie
Activity: 7
Merit: 0
I feel engraving on metal is better option
legendary
Activity: 2268
Merit: 18771
I am interested to learn how you are handling your crypto.
I have multiple back ups. My wife knows about all my back ups.

I really do not want other people except my wife to know how much bitcoin I have. With the x of y multi-sig wallet I can not hide my numbers LOL
Sure you can.

Let's take 3-of-5 as an example since that's what we've been using so far.

Back up 1: Seed A, xpub B, xpub C
Back up 2: Seed B, xpub C, xpub D
Back up 3: Seed C, xpub D, xpub E
Back up 4: Seed D, xpub E, xpub A
Back up 5: Seed E, xpub A, xpub B

Any 3 of those 5 back ups gives you 3 seeds and the other 2 xpubs, allowing you to fully recover the wallet, while preventing any person from viewing the contents of the multi-sig wallet.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
This sounds overly complicated.
overly complicated to me
I am interested to learn how you are handling your crypto.

Your suggested set up is better because you now have some redundancy in the system, but it still seems overly complicated to me and if it were me I would still prefer to use a 3-of-5 multi-sig set up.
I really do not want other people except my wife to know how much bitcoin I have. With the x of y multi-sig wallet I can not hide my numbers LOL
legendary
Activity: 3472
Merit: 10611
I second the suggestion to use multisig. People take it for granted here in bitcoin but some cryptos can't do it for example ethereum. multisig can increase transaction fees slightly but ... it's no big problem.
You can technically create a Tapscript where you use multiple keys to sign but only publish one using OP_CHECKSIGADD which is a new OP code added in Taproot soft-fork. That way the cost of multi sig is the same as any other single sig transaction.
The problem is that there still isn't any user friendly way of doing it since wallet developers are behind in their implementations.
sr. member
Activity: 1190
Merit: 469

Your suggested set up is better because you now have some redundancy in the system, but it still seems overly complicated to me and if it were me I would still prefer to use a 3-of-5 multi-sig set up.

I second the suggestion to use multisig. People take it for granted here in bitcoin but some cryptos can't do it for example ethereum. multisig can increase transaction fees slightly but ... it's no big problem.
legendary
Activity: 2268
Merit: 18771
Need to study the Shamir's Secret Sharing Scheme.
Don't waste your time. As has been explained above, it is a poor choice with significant flaws and should not be used.

Your suggested set up is better because you now have some redundancy in the system, but it still seems overly complicated to me and if it were me I would still prefer to use a 3-of-5 multi-sig set up.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Need to study the Shamir's Secret Sharing Scheme. I was thinking it was good enough only to split the seed to two person but then I had to involve another person to answer the twisted words. The only thing I am lacking here is one of the person lives with me who is holding half of the seed. Means if in our house by any chance if we both become a victim of a sudden accident then the one who has other half of the seed will not find anything. He can not access the fund.
Have you considered Split mnemonic cards?
Example:
Code:
Card 1: under stomach XXXX XXXX XXXX XXXX dust struggle ugly XXXX rocket XXXX hedgehog sponsor produce hello border limb appear mixture XXXX peanut live XXXX
Card 2: under XXXX peace humble weather flip XXXX struggle ugly dinosaur XXXX voyage hedgehog sponsor XXXX hello XXXX limb XXXX XXXX ladder XXXX live normal
Card 3: XXXX stomach peace humble weather flip dust XXXX XXXX dinosaur rocket voyage XXXX XXXX produce XXXX border XXXX appear mixture ladder peanut XXXX normal
This shouldn't be used with less than 24 words, and I've read more reasons not to use it, but it's a lot easier to understand than Shamir's Secrets. Either 2 out of 3 Cards are enough to restore the seed.

Quote
It is now involving 5 people.
This sounds overly complicated.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
From my understanding, this is a 3 out of 3 setup.  I see this as yet another problem.  If the connection between THREE persons is necessary in order to find the full combination, have you considered other possible issues they could encounter in the event of you losing your life?  It is not very rare that after the loss of a loved one relatives start arguing about what the deceased has left behind for the living ones.  Some are more greedy than others.  The trust you have in your relatives may not be equal to the trust these relatives have for each other.  What if you die together with one of these three persons that are NEEDED for the recovery of the seed?  What if the third person will request a premium for sharing their key part of the puzzle?  You have ensured the recovery if an accident happens to YOU, but you have not taken into account the possibility of an accident also happening to one or more of them.

As others have pointed out, I would keep the seed phrase backup as simple yet safe as possible without reinventing the wheel.  I would definitely not rely on humans for the recovery.  There is maybe more vulnerability to three humans having to connect for the combination than there is for an improperly stored paper wallet.  It is enough for one of the three to say 'no' and now everything goes wrong.

I remember Trezor offered a backup method that requires 'x out of y' backup sheets with a variable x or y based on your needs.  I can not remember the name of this method however, although I do think the name was something similar to 'Schnorr'.  Maybe someone with more knowledge can help me with the confirmation that this method is safer and less vulnerable than a 3 out of 3 sheets setup?

-
Regards,
PrivacyG
Need to study the Shamir's Secret Sharing Scheme. I was thinking it was good enough only to split the seed to two person but then I had to involve another person to answer the twisted words. The only thing I am lacking here is one of the person lives with me who is holding half of the seed. Means if in our house by any chance if we both become a victim of a sudden accident then the one who has other half of the seed will not find anything. He can not access the fund.

Not yet going to apply but this is what I am thinking now.
First half of the seed goes with 1. The person who lives with me together (my wife) 2. One in-law I have.
2nd half of the seed is going to 1. The person who currently have the half (my sibling) 2. A cousin from my side
The person who is responsible to break the twist is close to me but not close or better say very much known to any of the person who have part of the seeds.

It is now involving 5 people. Two of the one half know each others but they have same words, the other two of the other half also know each others but again they have same words. The 5th one will only trigger if something happen to me or even something happen to me and my wife together.
legendary
Activity: 2212
Merit: 7064
I remember Trezor offered a backup method that requires 'x out of y' backup sheets with a variable x or y based on your needs.  I can not remember the name of this method however, although I do think the name was something similar to 'Schnorr'.  Maybe someone with more knowledge can help me with the confirmation that this method is safer and less vulnerable than a 3 out of 3 sheets setup?
This is called Shamir Secret Sharing scheme and it is used by Trezor Model T, Keystone hardware wallets and I think Airgap wallet is using something similar.
I consider this to be poor man alternative to multisig setup, and this is not safer in any way compared to multisig, with one big flaw single point of failure.
You can see comparison for this two methods with more details in my topic Multisig VS Shamir Secret Sharing.


legendary
Activity: 2268
Merit: 18771
I remember Trezor offered a backup method that requires 'x out of y' backup sheets with a variable x or y based on your needs.  I can not remember the name of this method however, although I do think the name was something similar to 'Schnorr'.  Maybe someone with more knowledge can help me with the confirmation that this method is safer and less vulnerable than a 3 out of 3 sheets setup?
Are you maybe thinking of Shamir's Secret Sharing Scheme? It essentially splits your seed phrase in to encoded shares (which can also be expressed as a series of words if you desire), which you then share among your friends or relatives. As you say, you can choose any x-of-y set up, provided that y is equal or greater than x. So I could do a 3-of-5 for example, where any 3 shares out of the 5 I generate is sufficient to recover my seed phrase, and the knowledge of any number of shares less than 3 provides no information about my seed phrase.

It sounds great on paper, but in reality there are a number of significant security risks with it, such as flawed implementations, no universal standard, and a single point of failure. There is a good article about why you shouldn't use it here: https://en.bitcoin.it/wiki/Shamir_Secret_Snakeoil

In reality, if you want an x-of-y set up, then you should just use a multi-sig wallet.
Pages:
Jump to: