Guy Swann hosts “Zero to Multi Sig” with BTC Sessions, Seth for Privacy, Trey Sellers. We talk about the best way to learn about self custody, the benefits of multi-sig and how to store your bitcoin safely. From the Swan Dome at the Pacific Bitcoin conference. Filmed on November 11th, 2022.
Full transcript
Guy Swann: Alright, welcome guys. So, we have From Zero to Multi-sig. Everybody, again, introduce yourselves. I’m sure a lot of people know these are amazing people in the space, but let’s go ahead and start off.
BTC Sessions: I’m BTC Sessions, Ben. I run a YouTube channel on how to learn how to do pretty much anything in bitcoin
Seth for Privacy: I’m Seth for Privacy, or Seth. I’m Head of Content for Foundation and a privacy educator in the space.
Guy: “Mr. for Privacy”
Trey Sellers: My name is Trey Sellers. I’m a VP of Client Solutions at Unchained Capital. We help people hold their own keys to their bitcoin in a way that has no counterparty risk to us or anybody else, and in a way that has no single points of failure, and we do that with multi-sig.
Guy: As a customer during these trying times with crypto casino collapses by the week, feels very, very good to be a multi-sig customer.
Trey: Sleeping well at night.
Guy: So speaking of actually this is a good way to start off, and I got this question from a couple other people, actually, was just when and why do you use multi-sig? Like, you know, when is it beneficial, when is it a drawback, like what’s the purpose? What’s the major use from your perspective?
Ben: So I tend to look at things from evaluating risk and maybe allocating bitcoin in different buckets depending on what the risk is. So on one side of things if if you have a hardware wallet and you’re holding your your own keys…Fantastic, you’ve already avoided the the counterparty risk. However, you then have a single device and a single backup, which could be, you know, five-dollar wrench attacked. Somebody could kick in your door and get a hold of your coins. So when you go into something like a multi-sig, you’re hedging against that risk. You’re taking your coins, you’re putting them into a vault that requires multiple keys to unlock, and then if you’re thinking well about your multi-sig, it’s geographically dispersed, so somebody kicks in your door, they have a key, well they get nothing, and they may not even realize that that key is associated with the multi-sig, because it’s not inherent to the device. However, with multisig, you also have to think about, I’d say, two other buckets of risk. One is user error. So if you’re doing your own multi-sig, then I’d say that would be in the bucket of something like state attack, where if you know the government wants to ask providers, hey, does this person have multi-sig, and then they can kick in your door, take your key, and then ask the provider to give out the other key. So in running your own multisig, you’re hedging against that risk. In using a collaborative custody like Unchained, the risk bucket there is user error. If something happens to me and I’ve got my own multi-sig, well I feel like even though I teach people for a living, my family might be [@#%$#%]. So in this instance, with the collaborative thing, my family maybe has two devices and a backup to each device. They can lose 75% of the stuff they’re supposed to take care of, they can go to Unchained and say we’ve got this one thing left, we’re very irresponsible, and we have proof that we’re next of kin, and you’ll be okay. So you’ve got to evaluate your risk and maybe allocate to buckets based on that.
Seth: Yeah I think Ben hit that nail on the head. It’s really all about threat model and what are you trying to protect against, and a threat model is really just where you look at, what am I trying to protect? Who am I trying to protect it from? And then what lengths am I willing to go to to protect it? And I think for most people, honestly, multi-sig is adding in complexity and not really adding a lot of value if you’re just trying to do the multi-sig setup yourself, because it does introduce all that complexity and the extra risk of either user error or losing something because you have to back up more than just seeds. There’s a lot more involved, but it does provide a lot of use when you want to be able to share custody with someone you don’t trust or share custody with a company like Unchained or you can do it in a way that doesn’t give them the ability to spend funds, but they’re able to help you with that setup process and help to ease things there.
Trey: Yeah I think it’s important to just buttress the idea that Ben is talking about. Most people lose their bitcoin through mistakes. They don’t lose it because somebody kicks in their door.
Guy: You are the worst attack vector.
Trey: That’s exactly right. People shoot themselves in the foot, and so, you know, that collaborative custody model does solve that problem for a lot of people, because they’re getting help, they’re getting guidance throughout that setup process. They’re getting guidance and support as they go forward and as their situation changes. And if something happens to one of those keys that they’re controlling, because we are a partner in that custody model, we can step in and help them. So for the vast majority of people, if we’re answering the question of why do you need multi-sig, or who needs multi-sig, I think the answer is, anybody who is securing a large amount, or a material amount, of bitcoin, that they want to hold on to for a very long time and then want to make sure they don’t have a single point of failure, multi-sig is a great solution for that. Certainly if you’re going to be walking around spending bitcoin, you’re probably going to want to use a mobile wallet or something like that, that has different trade-offs. Your keys are hot, and there is a single point of failure there, but it’s like cash that you would be keeping in your wallet that you’d be spending on coffee or whatever you’re doing in the economy. That’s where we’re going. We’re going to a circular economy, so there are different levels of risk that can be addressed with different solutions. Multi-sig is there for your multi-generational wealth that you need to pass on to your kids and to your grandkids.
Guy: You know there’s an interesting…One of the things that fascinates me most about multi-sig…I think it’s hugely underappreciated, and it’s one of those things, too, that as a tool in bitcoin, I still like even with Lightning and so much of what’s going on in the space is, we’re constantly still trying to chase, like, how do we add the next thing, where we’ve totally missed truly expanding and taking advantage of the stuff that we already have. You know, one of the things that interests me most, like from the context of Unchained being such a good example of it, is non-custodial financial services, like something that’s truly just infeasible, like it’s axiomatically not possible in the fiat world, is that you could provide a financial service, you could create a collateralized relationship without ever actually giving your money to another person, and that’s a huge deal from like a service perspective and a financial infrastructure perspective in a world where the culture is so disgusting. And crypto lately is such a great example of it, of seeing the fiat culture come into…
Ben: Just lately?
Guy: Just lately…come into the space and be like, “oh, we’re just going to re-hypothecate and we’re just going to fractional reserve and margin everything just like fiat, because it works great in fiat. Why would we have to change how we do or how we think about anything?” And then it all blows up in everybody’s face, and multi-sig is like…Unchained, you guys don’t have to have a proof of reserve scheme or like a third-party audit.
Trey: It’s all on chain.
Guy: It’s crazy, and I just want to get y’all’s thoughts on that idea of financial tools and infrastructure that are provided without actual custodianship.
Seth: Yeah and I think a lot of people don’t even realize how much multi-sig helps us to build out an actual like decentralized finance system within bitcoin. I mean, if you’ve ever used Bisq, you’ve used 2-of-2 multi-sig. If you’ve ever used Lightning and actually run your own node and use channels, you’re using multi-sig, and that’s really the foundation of many of these kind of peer-to-peer decentralized swap protocols. They leverage multi-sig so that you can not trust someone and yet be able to swap funds with them in a secure way, and I think a lot of the use cases for multi-sig are ones that people actually don’t even realize they’re using multi-sig in, because it enables these things that can be made seamless using really impressive user experience and UI, but actually use multi-sig under the hood, like you said, to actually just remove that custodial risk entirely and help us to build out a better system that doesn’t require KYC, that doesn’t require trusting a custodian or trusting a third party.
Ben: I think you’re seeing right now, again in the context of everything that’s happening the past few days here as an example, you’re seeing two worlds collide that are incompatible with each other, and you’re seeing the results of the the remnants of the fiat worlds trying to leverage this new kind of bitcoin universe that is happening before our eyes, and they’re trying to use the same tools that were used that would be fine in a situation where you can screw up so monumentally, to the point where the the money spigot will make you whole again, despite siphoning wealth out of the populace as a whole. It’s with that backstop was always still there.
Guy: Great way to cover that up.
Ben: Yeah, exactly. Because people don’t realize that the percentage of your purchasing power in an economy has just been cut by 40% in the past two years. I mean, most people in this room probably do recognize that, and that’s why you’re here and you’re pissed about it, but there was that backstop. There was always that, “oops, hit that button…”
Guy: Let’s just issue a whole bunch more finance and print some money and we’re good.
Ben: Yeah, but the bitcoin world is incompatible with that, because at the end of the day, you can’t hit that button and print more bitcoin, and even though you do have the backstop potentially, and I think this is eventually where we see banks trying to, again, where regular banks that are now issuing bitcoin custody services, and I think we’re going to see FTX in those institutions eventually because they’re using the same mindset they’ve had for decades on a fiat standard, and it’s not going to work. It’s going to be, “oh, well now the banks are doing it and they’re the responsible ones.” That’s what people just said about SBF and FTX. He was the shining example of how the industry has matured, and now we’re here, and now we’ve got better options, and everybody was patting him on the back. Well guess what…it’s the same story at a bigger scale, and it’s going to happen again. And so I think the people that are recognizing, hey, this is a different system. We need to think about it differently, and we need to build tools that are built in a way that doesn’t have counterparty risk. I think that’s amazing, and those are the people that will come out of this unscathed.
Trey: So I want to make one other tangential point and just highlight the fact that multisig is actually novel. It’s new. It’s not something that we’ve ever had before, to be able to custody an asset that does not have a single point of failure while you’re holding it, and importantly, you don’t have to create a single point of failure when you need to move that asset, when you need to spend it. You can’t do that with some of the old…you can see…
Guy: It’s so crazy to think about, you can change the relationship without it still ever dropping back to like a singular control…
Trey: That’s right. So if you think about, you know, you’ll see pictures of these old vaults, and they’ve got some complicated contraptions and multiple keys and people are holding them in different places, but those keys have to all come together to actually open that vault to get whatever gold or valuables are inside. With multi-sig, you don’t have to do that, because you can create a transaction, you can sign it in one location, and then you can leave that key in that location that you’ve got it secured, and you can go to your second location and sign that same transaction and then broadcast it from there, and you never have to bring those keys together. That’s completely novel, right? Our buddy, I think his name is Jimmy Zhang, the the guy who got his 50,000 bitcoin confiscated a little bit ago…he created this complicated setup and then neglected using multi-sig, when he could have had those keys and…
Guy: If there was anybody who needed multisig!
Trey: Yeah, so why is this guy going to so much trouble concealing his tracks but then not just taking the extra step of storing his bitcoin in multi-sig and then having those keys in different jurisdictions so that there’s no single point of failure while he’s storing it. Or if he needs to spend the bitcoin he can just go to those different locations.
Seth: I will just touch on quickly that is one of the threats that you actually can’t prevent with multi-sig, is that if your government puts you in jail and asks you to provide the bitcoin, most people are gonna give it and provide that bitcoin, even if it is a multi-sig. I mean there’s cases of old… there’s a centralized mixer and he did have multi-sig spread across multiple geographic locations, but they just threw him in jail and said, “until you give us this, you’re in contempt of court”, and eventually he just turned it over. That is one of the few that you can’t fix, because ultimately, you might not be pressured into doing things, and that can be the the government or a five dollar wrench is a lot harder and multisig does help against that of just a random attacker, but a government throwing you in jail is a little bit more consequential.
Guy: Well just the five dollar wrench, I just think of it like, “they’re just going to attack me,” so, being put in jail is, in my opinion, the five dollar wrench attack I think of it like that.
Seth: It could help if you’re part of a company who are in multiple jurisdictions and the government put one person in jail and they didn’t have the possibility to turn it over. There are still advantages, but there there’s just some there’s some threats where you may just want to turn over your bitcoin and be forced to do so.
Trey: We shouldn’t make it easy for them, though.
Seth: Absolutely.
Trey: We should make it as hard as possible.
Seth: They shouldn’t find it in a popcorn tin under some blankets.
Trey: Yeah, exactly.
Guy: Okay so actually on that, in taking advantage of multi-sig, one of the things that is, and I know this is a big thing for you, just because like we’ve used Nunchuck and some of these things, but just how far in the last year, year and a half, really, the user experience of multi-sig has come. It used to be a pain, and man, it’s changed drastically.
Ben: Compatibility was my number one concern out the gate, because you’d set up a multi-sig, and you would think, “okay, but what if this wallet breaks, like this interface that I’m using breaks, and I need to use it with something else?” And the answer initially was “you’re [%$#$%^].” Not entirely, I mean, but it was very technical to try and figure it out.
Guy: It’s not gonna be fun.
Ben: Yeah. And then maybe you had a multi-sig using a certain interface and you were using certain devices and then you want to move over to a different one and you realize, oh, this device isn’t supported, this one isn’t supported, or I can’t port my wallet over and even see the balance… it’s a complicated process to do. So now we’re seeing, what I’ve personally seen, is this proliferation of all these interfaces saying, we’re gonna work as hard as we can, and actually, at the actual devices themselves, they’re working together to say, we want to have as much support as possible for as many options as possible, and the ability to port that setup over to any other interface that you choose to use. So you know you’re, for example…again Unchained, you can you can take out your your wallet file and you can use it with Caravan, but you can also use it with tons of other…Specter, Sparrow. You can do what you want with it and use it how you want, right? So, just the compatibility of it all. And also the sleekness of the user interface has improved a lot. You’re getting these nice setups where you see a little image of the device that you’re using and and you can, oh, I want to create a new multi-sig wallet. Great, what devices would you like to use? And you check them off and then you hit create and it’s just there. So it’s becoming much simpler, much easier. There’s plenty of work to do. Again, it’s still going to be complicated for the average person doing their own multi-sig if they choose to do so, but it’s getting much, much better and it’s happening quickly, and I’m happy for that.
Guy: Yeah for sure. Actually y’all have thoughts on that?
Trey: Yeah, so I started using multi-sig with Specter Desktop and, yeah, it made it easy. It was like I had never considered it before that tool was available to me. I got that all set up feeling really good about things, got some sats in there. I realized my wife would have zero idea how to figure that out, and the collaborative custody model that Unchained does…that becomes immediately apparent when you start thinking about that inheritance planning scenario. But the fact that multisig is easy and is available, it allows bitcoin to scale as a store of value for the long term and for a massive amount of capital to be able to come in there without people feeling like they’ve got their entire life savings on a thumb drive that they could just lose.
Ben: To your point, too, and what Seth was saying earlier, you mentioned companies, like, oh, this might be useful for companies. Absolutely, this should be the default for companies. And countries. Now we have examples of countries that are holding bitcoin and that should be how it’s done, but we don’t use it.
Guy: Are you just going to take the short route and hold it on Coinbase?
Ben: I hope it wasn’t on FTX.
Guy: Good God. So there’s actually something interesting there when you bring that up: jurisdictional arbitrage. So the trucker convoy and the donations that were sent to them were such a great example. And, just expand on that. What’s the value and use of multisig in that sort of a situation?
Ben: So I’m gonna caveat this by saying out the gate the initial expectation was, oh, this will continue to be legal and this will be maybe a small amount of donations, a few thousand dollars. And so because of that, I take full responsibility. I made just terrible assumptions and terrible best practices out the gate in creating that initial page to accept donations, and unfortunately that’s just, hindsight is 20/20. So I I learned a lot in that in that moment. That said, out of all of that, 70% of the funds were handed directly to people. Unfortunately there was a bug in Nunchuck and so 30% of the funds, prior to being able to be moved out were basically frozen, and so that resulted in an instance where multiple keys were in a single place at one time. As that bug is trying to be worked out and…kick in the door and that was easy apparently. So those are now sitting in a legal escrow awaiting the result of a lawsuit. That said, on the multi-sig front…so again, with the with the initial thoughts of, hey, this will continue to be legal, the thought was, we just don’t want the keys in a single place. But the assumption was, okay, well, let’s get Canadian bitcoiners to be key holders, and we’ll just have them dispersed so that, you know, there’s just not a single point of failure. The state attack vector was not thought of. And so all of a sudden, having publicly identifiable Canadian bitcoiners as key holders in a multi-sig quorum became a problem, because then it’s, oh, we know who these people are. We could just go to them, and so then it was a race against time to rearrange the quorum. Also, it was a 3-of-5 multi-sig quorum, which if you’ve ever tried to wrangle bitcoiners into getting [@#$%] done, it’s very difficult. And so I would say, also the fact that the quorum was larger instead of just a 2-of-3 was actually a detriment, and it cost us time. And in the end, that wasn’t a great thing. So had I looked at this differently…looking at it now, I would say, perhaps a good way of looking at it is having identifiable trust…., because there’s the “don’t trust, verify”, right? People wanted to donate, but who the hell are you? And so having public faces resulted in more donations, which is good, but it also was an attack vector. So perhaps having publicly identifiable bitcoiners know the key holders, and say I vet this key holder, but I’m not a single point of failure, they can kick in my door and say give us the keys. Well I know the key holder. He’s not in Canada. So you could have a model like that. You’d have to flesh it out more, but that’s my initial thought. Maybe a smaller quorum and you gotta take into account the different attack vectors.
Trey: Yeah I think there’s a reason that SBF is in the Bahamas, or where is he where is he at? And and that’s because extradition is a little harder there. And so if you are able to distribute those keys in multiple jurisdictions, you can prevent, at least to some degree, some of that state attack. Now, for the vast majority of everybody here, that’s not necessarily your threat model. For the Canadian trucker thing, it’s a different game theory that’s playing out in that scenario. But for the majority of us, we just need to make sure that we’re not shooting ourselves in the foot and not losing the bitcoin that we need to be passing down to future generations.
Guy: Yeah, inheritance. One of the things about multi-sig…You know, there’s a feature or a build out of multisig that I’m still waiting for. I’ve been thinking about it since 2013 and 2014 when there was a vault wallet, I can’t remember what the hell it was, but started to talk about it. It was the first multi-sig thing that I’d ever used.
Ben: Copay?
Guy: No, not Copay. I did use Copay. It was after Copay, though… excuse me, before Copay. Is the idea of cascading wallet access, of essentially taking advantage of time lock, of relative and then absolute time lock, and having it so that, right now it’s a 5-of-7, but if, let’s say, three or four of those keys are lost, well after some subset of a first publishing, six months later it’s now a 2-of-3, and if there’s a key loss there, another year later it’s a one key or a 2-of-2 or a 1-of-2 or something like that. And it essentially allows a service provider to be a fallback. You can have, like, a lawyer in a situation that’s not…you can have so many different levels of exposure and give, essentially, the time to claim your valid ownership of it, but never actually lose it in the case of fallen part keys or people who have no idea what the hell is going on and all that sort of stuff.
Ben: So this was actually the default, and continues to be an option with Blockstream Green. So it’s actually a 2-of-2 multi-sig as a regular phone wallet. The way that it works is Blockstream Green holds a key themselves, and you have a key, and the key that they hold is on their server, and when you do a transaction, you sign with your key. Then Blockstream sends you a code. Either you have it through, like, a Google Authenticator or, a 2FA type thing, or an SMS, or an email; however you want to set it up. And then that is the second sign. But after a year, if Blockstream went tits up and they couldn’t sign for you, well, after a year, it reverts to 1-of-1, and that only applies to the key that you have on your phone. And it it happens from the point of the last transaction that you did.
Guy: So it just refreshes at every transaction.
Ben: Yeah, exactly. But it’s 2-of-2 multi-sig, and then it becomes 1-of-1 with only your key.
Guy: I don’t think I even knew that there was a time lock.
Trey: I didn’t know that either. I knew it was 2-of-2.
Guy: I’ve been using Green for so long.
Seth: Yeah, I think you hit on a really interesting use case for multi-sig, and it’s actually also specifically enabled by Taproot. It’s one of the things that we actually can do with Taproot, and somebody presented at HTTP in Prague. One of the devs behind BDK was talking about how you could use Taproot to create that kind of a decaying multi-sig, where, let’s say, you don’t trust your family members to be able to spend your funds right now, and you don’t want to give them access to your bitcoin, but like you said, if you die, you don’t want your bitcoin to just disappear into the ether. It’s a way that you can set up this multi-sig so you can give all of these family members, maybe seven different family members, a key, and none of them can spend funds. You could even do it in a way that’s privacy preserving, though that’s more advanced. But like you said, after time passes, you can have it decay so it’s easier and easier to recover, because many people lose things, like we talked about. That’s the biggest risk, you losing your own bitcoin. So if multiple family members lose it, you can have it decay after that thousand blocks or ten thousand blocks or whatever, and you refresh that with every transaction. So it’s kind of a combination of the Green model with some fancy scripting. You can do a Taproot that enables that as a way to pass down inheritance when you don’t trust every person involved and you don’t want to give them just the ability to spend funds freely, which I think is an important one. I think thinking more deeply about how we can enable inheritance with bitcoin in a way that’s detached from the legal system is really important, because I don’t think we want to be bound by lawyers and by the fiat system when we’re trying to do inheritance. So coming up with ways that we can do that at a programmatic way that’s bitcoin only and that lets us do it without the involvement of lawyers or third parties is really important.
Trey: I’m just going to make one quick comment on the time lock thing, which is that you got to be really careful that you haven’t added, like, an extra zero or something at the end of that.
Guy: There have been coins lost!
Trey: Yes, you might be waiting a long time for that bitcoin if you [#$#%] that up.
Guy: It’s like, “no, it’s 10 years.” “No, no, dude, that’s a thousand! You did a thousand years.”
Ben: My children’s children’s children are gonna be so rich!
Guy: There’s something interesting, too. You talk about not having financial third parties and not having lawyers and stuff involved is that…and this is something that I’ve thought for a long time…with what bitcoin is actually going to bring, and I see this a lot in my personal life, is the decentralization of the ability to provide services and provide assistance. I feel like we’re in this interesting place where essentially your tech friend…you know, every family group has The Tech Guy, and they’re always fixing everybody’s computer and router and all their problems. Well now they can essentially be a beneficial trust model. We can actually go back to one of the dominant models in, like, the late 1800s, was more of a kind of family trust, like fraternity sort of relationship, where money wasn’t built on these giant, centralized, distant institutions. It was built on your community unity in the people around you, and we can kind of bring it back to that Uncle Jim model of…I know a lot of people will actually keep backups of family keys and, you know, grandparents and brothers and sisters and stuff, but how much better would it be if it was actually just a key that’s not even active for six months? Only if something went wrong, rather than a second point of failure for somebody kicking in the door and finding keys? Or whatever it is…What’s your perspective on…maybe the best secondary use case in that regard…what do you see as the Uncle Jim model being relevant to the multi-sig setup and how could it be best applied.
Seth: I think it’s tricky with the Uncle Jim model. There’s so many things that is brilliant and applicable and really important for us with. It’s tricky with something like multi-sig, because in that Uncle Jim model, normally you’re giving up custody to that person, even if you’re doing a multi-sig Uncle Jim where it’s these people in the community that you theoretically trust. You’re still giving up custody, so there’s always going to be a trade-off there, and, I mean, that’s one of the things with something like Fedimint. You give over custody and you do gain these advantages, but you have to understand that then there is counterparty risk. So the Uncle Jim model gets tricky there. I think that’s where the Unchained approach, where you’re trusting Unchained as the Uncle Jim which I don’t know if that term…
Trey: Let us be your Uncle Jim.
Seth: Yeah, the new tagline. I think that’s the more applicable one when you have multi-sig, because they are at least a reputable company and there’s some more reasons to trust them. But also in that scenario, they don’t have access to your funds and they can’t spend them.
Trey: And as an institution, as a company, we have a longer lineage or, you know, we can be around for longer than your real Uncle Jim might be. If he gets hit by a bus and there’s nobody else that can fill that gap of knowledge and understand how to recover from that scenario, you might be in trouble. So, you know, the fact that in this collaborative custody model we’re there as experts, helping guide you along the way and there are multiple of us and you can get in touch with us at any time and we’re going to help you not only recover from mistakes, but also help you manage UTXOs and all the other maintenance aspects of it…that’s really important, really beneficial. So having us be your Uncle Jim solves for that problem.
Seth: One quick note to add on that is just that there are interesting ways where you can do not multi-sig, but actually share your seed phrase, called Shamir’s Secret Sharing. It’s very advanced. It’s not something that’s common now, but I think that’s something that I would love to see more organizations and projects look into, because it’s a way where you could essentially offload storage of your seed to maybe 20 friends and family that you don’t want to have your seed phrase. You don’t have funds, but they can help in the recovery process, and if you have some lower threshold of them that are around, they can text you that key secret that you give them or if there’s some other way to hand that off. That’s an interesting way where you can not give over custody to any one of them unless they all collaborate, but you can still do some sort of a social recovery, which I think is something that has been under-explored in the in the bitcoin space.
Guy: Yeah, Shamir’s Secret Sharing is something that I’ve always been interested in, but I’ve found…Hexa Wallet did that for a while before they switched over to, I think, they’re now in like a multi-sig setup if I’m not mistaken. I can’t remember exactly.
Trey: It also doesn’t have the advantage of being able to keep the key separated for signing transactions and moving the bitcoin. You do have to bring that together.
Guy: Different threat model for sure. And one of the big issues, too, is the out-of-band communication that you have to have with secret sharing, whereas with multi-sig they just have their key. You don’t have to communicate each other’s keys to each other. Everybody just needs a a joint place to sign like Nunchuck or Specter or something.
Trey: Yeah, I would suggest that if you need to eliminate single points of failure, just use multi-sig. I don’t see the reason to use Shamir’s or…you know, another thing people bring up to us a lot is a passphrase. If you’re using a passphrase, you’re essentially using a 2-of-2 multi-sig. You’ve got two single points of failure there. If you lose your seed phrase, your funds are gone. If you lose your passphrase, your funds are gone. And you’re adding complexity. You’re not necessarily adding security there. If you’re using 2-of-3 multi-sig, you don’t have that single point of failure. You’re eliminating that, and it’s a similar level of complexity.
Guy: A PSA to anybody who uses a passphrase wallet: use something that you can remember. There is no reason to do a 13 character, random generated password, and the difference between a 10 character and a 13 character is like 20,000 years. So if you’re trying to get back into it, you’ve already got an incredible level of security, and you’ve got an extra thing. As someone who has lost money this way, please just make it so it’s easy to remember.
Trey: But Guy, you may be able to remember it today and tomorrow, but next week you might fall off your bike and hit your head and the bitcoin’s gone, because you can’t remember it.
Guy: Sure, it’s not the best mechanism in the world, but simple is better because it’s extra security for just the sake.
Trey: If you’re going to degrade your security level by using a passphrase, make it a simple passphrase.
Guy: I don’t know if we have time. I wanted to hit a little on privacy, and the idea of…first Taproot, and then also, blinded X-pubs, like the ability to sign and just kind of have some degree of privacy from even the members you are with. So maybe quick thoughts on that before we close this out.
Seth: Yeah, I mean, just the quick call out is that when you do any sort of multi-sig, every other participant has visibility into every transaction that happens. I mean, that’s true of Unchained, that’s true of a multi-sig you do with yourself, obviously, with you with friends, do with family. So that is the big privacy concern with that is, they know how much money you have, when you spend it, when you receive funds, etc. So there there are some interesting ways, and you mentioned blinded X-pubs, which introduces more complexity, but it’s a way that you can do custodial or custodianship through multi-sig without actually revealing any of the addresses that you’ve received funds to, without revealing how much you own, or without revealing when you spend. So I would love to see like Unchained and other companies like that explore how you could integrate blinded X-pubs, maybe as a separate service. But I think that’s a very important one because that’s one of the big downfalls with doing some sort of collaborative multi-sig is you do give over all of your on chain privacy when you do that. And that’s just kind of how multi-sig works but it’s an important caveat for people to be aware of.
Trey: Yeah I’ll just say that, there is a privacy trade-off there. The benefit that you’re getting is what we’ve already talked about, which is that we’re there to help make sure that you can actually access your bitcoin if something happens to one of the keys that you’re controlling. And so there is that determination of, okay, what are the trade-offs? What do I value more for this bitcoin that I’m planning on passing down to my kids. I think a lot of people will opt for, hey, I’d much rather have this service provider here, this partner in custody, to be able to make sure that I actually can hold on to my bitcoin for the long term, and I’m willing to give up a little bit of that privacy in that scenario.
Ben: I know we’re pretty much out of time here, but I just want to finish by saying, if you haven’t tried multi-sig, I think even if you’re not gonna use it, it’s worth learning a little bit. I think it’s always worth learning about what your options are, and so, I mean, there’s plenty of easy options out there where you can just start playing.
Seth: On testnet, not mainnet. Do testnet.
Ben: Yeah, sure. Or very small amounts if you’re unsure. But again, Sparrow, Specter.
Guy: What’s your favorite tool right now?
Ben: I always use Sparrow for everything.
Seth: 100% Sparrow.
Trey: Yeah, I use Sparrow as well. I use Unchained, but we’re we’re able to build our vaults in something like Sparrow, connected to my own node, and I can manage it from there and not have to trust Unchained’s node. So everything that we do is in a bitcoin-native way and true to those those principles of being fully self-sovereign.
Ben: Yeah, and even if you’re just here and you’re playing with somebody and you’re just curious about multisig, you can literally, in the parking lot right now, just as a test, download Blue Wallet and create a vault together in like two minutes between three different phones. It’s kind of cool. So if you’re playing around later, try that.
Guy: That’s actually a good idea. We should do that with somebody. But, anyway I just want to say thank you guys so much, very much, for joining me. I think multisig is one of those things that you talk about is just that…Lightning is multi-sig. And a lot of people kind of forget how powerful of a tool this thing is, and it’s exciting to see a lot of it get much more user-friendly and see some of the things that we get to build with this. And so it’s awesome. Thank you guys for joining me.