Subnostr

Curious on people's thoughts on this.

I was thinking about multisig vs single sig and I think I came to the conclusion that multisig protects best against THEFT and not necessarily LOSS.

Let me explain.

If you are considering single sig vs multi sig, consider if you think you are more prone to losing things or if you are more likely to be robbed or targeted.

If you are more prone to losing things, then you are probably also more likely to lose 2 things before you realise you lost anything.

You also burden yourself with finding multiple safe spaces, ideally geographically disperse. Either you don't disperse them well enough and a house fire destroys 2 of 3 keys, or you do, but it is difficult to monitor them and they are MORE prone to losses without your knowledge.

This has always bugged me about multisig, this idea that we just turn one problem into three (or two in case of collaborative custody)

If you are worried more about theft or being targeted, then multisig has a meaningful benefit.

Why might theft be an issue?

- Maybe you insist on a digital key (hot)

- Maybe you are a public figure

- Maybe you live in a bad neighborhood

This doesn't guarantee protection against a $5 wrench attack, but if you have to travel across town with a gun to your back to spend the funds, maybe they'll move on considering it a waste of their time and maybe that leads to more deadly outcomes, but we'll ignore that.

I'm thinking more along the lines of a digital data leak or a home invasion while you are away.

In this case, if you used a single key, your funds are gone. At best you and the attacker are racing or raising fees, just to prevent the other from getting the money.

In a multi sig setup, assuming you are not loss prone and are likely to learn of a copied or stolen key in a reasonable time, you know how to get to 2 keys to recover the funds quickly while the attacker is still looking for another valid key.

If you use collaborative custody, chances are that there are identity checks or time constraints for the attacker and you still have 2 keys to immediately recover.

At the very worst, a sophisticated attacker might steal one key to trigger you to start recovery and then follow you and $5 wrench attack you once they have all the pieces. But this starts to reach into the what if category. Well, you basically have to be a VIP public figure or a dick who boasts about their wealth most likely and also not have hired security.

I'm curious if I hit the nail on the head here or if you have a different opinion. Let me know.

#asknostr

Reply to this note

Please Login to reply.

Discussion

Nostralia 1y ago

Yep pretty much how I see it. Most ppl might not initially agree with this statement but splitting a 24 word seed into 2 halves (splitting into 3 or splitting a 12 word seed is obviously dumb) is a great option for long term cold storage

Brute forcing 12 or 11 words w/ checksum is equally as pointless as trying to brute force 24 words.

Eliminating single point of failure & capture requires 4 geographical locations.

Wallet restore is simple, potential for error is reduced & less education required for inheritance planning.

Could apply same logic to 12 word seed encrypted w/ passphrase….

Hww set up w/ encrypted seed in location 1, passphrase at location 2, 1-12 words in location 3 with passphrase again location 4

Big Barry Bitcoin 1y ago

If you haven't had a look at SEEDXOR, definitely do. It allows you to take an existing key and turn it into 2, 3, 4, 10 if you want.

You just generate 9 new keys (for 10, just to be extra here) and combine them, and then combine them with the real key. That will give you the 11th key and you can safely discard of the real key and geo disperse the 10 keys.

Okay, don't do 10 remaining keys.

Nostralia 1y ago

Heard of it but haven’t looked into it yet, will suss it out.

As far as geographically distributed while eliminating single point of failure & capture, for me 4 locations is a good number.

When going above that, say creating additional redundancies, it seems to me the chances of something going wrong increase…

ppl / places you trust that much, will they remain there long or be moving soon, can you access without too much trouble or is encrypted/ coded comms required to discuss something, when a bull market pushes price up so much do you feel the need to ask them to check if it’s still there & or let them know the spot at their place you’ve hidden it, has the place / person attack vector for theft increased to a point of actually being less secure etc etc

For me 4 spots w/ the smallest possible circle of ppl who know those spots is the sweet spot.

And single sig being much easier & less error prone compared to multi sig when considering inheritance planning & who might be restoring 24 words into a hww is the real game changer for multi vs single.

The one thing multi sig offers over single sig, as far as additional practical security, is it allows you to spread out your trust in the hww manufacturers security trade-offs chips etc, eg cold card & a Jade in the set up.

Wondering if SEEDXOR adds any additional practical security to that single sig set up?

Big Barry Bitcoin 1y ago

Yeah, multisig offers the ability to spread trust across multiple hww, but conversely, it kind of mandates it too. If you are gonna use a single device, with MAYBE the exception of seed signers.

If you were gonna do it all on one device, then what's the pojnt of it? You're bringing the keys into one place, and even if not, you're bringing the keys onto one device.

The main benefit to seedxor for me is that you never lose entropy, or better said, the entropy is only ever as low as the lowest entropy key.

As an example, if I have a random key and xor it wjth 11111.... then if you find the random key, then you are way more than half way there. Conversely if all keys are properly generated, then even if you have 2 of 3 of the 128bit keys, you still are 0% of the way to finding the final answer.

Get me? Like if you have a 256bit 24 word phrase, and split it into 2, 12, and I find the first 12 words, I'm half way there. I only need to brute force 128bits.

If you have 3 128 bit keys, and you find 1 of them, you have nothing, you still need to brute 128 bits... if you find 2 of 3, same, brute 128 bits. If you had 0, brute 128 bits.

Plus each key is valid, checksum and all. So you never even have any clue how many parts there are.

Nostralia 1y ago

Yeah ok I got ya. I find the functionality of say the cold card q practically the same level of security for entropy, for me anyways. Dice rolling your own hex then relying on the device to convert that & add on its own additional layer of entropy on top to get to the 24 words.

I can see the attraction though for additional methods / devices / security trade offs in generating separate seeds.

Good entropy should be a given in any set up. I guess in comparing the single sig vs multi sig set up I should have stipulated the entropy better

Big Barry Bitcoin 1y ago

I wasn't critiquing the 24 word split, just trying to answer the "does it give extra security hit" 🫂

No need to stipulate 👍

Nostralia 1y ago

Yeah got ya, thanks for the run down, had SEEDXOR on my list of things to read up on one day 🙏🏽