Why 2-of-3 is the right multisig setup for most individuals and businesses

When balancing all security and accessibility considerations, we believe 2-of-3 is the optimal multisig setup for most individuals and businesses holding material amounts of bitcoin. We assessed many multisig quorum configurations, including 3-of-5, but we continue to offer 2-of-3 because we are confident it strikes the right balance between security and complexity.

We’ve written a comprehensive analysis of the trade-offs between 2-of-3 and 3-of-5, but here we’ll summarize the key points for why 2-of-3 is most suitable for collaborative custody and Unchained clients:

1. You should always secure your seed phrases
2. Focus on optimizing security for each key
3. Security also involves availability of access
4. Avoid mobile device keys to minimize re-key events

1. You should always secure your seed phrases

In bitcoin custody, seeds (or their human-readable representation as seed phrases) are the secret that needs to be secured. You can think of hardware wallets as user interfaces for your seed phrase; you use them to sign transactions with private keys derived from your seed. But hardware devices are not keys themselves—to keep your keys secure, you must secure seed phrases!

Hardware wallets can fail

Hardware wallets can fail unexpectedly for various reasons—things like bitrot, failed firmware upgrades, and forgotten PINs are always a risk. Each wallet manufacturer can itself become a point of failure if it goes out of business and firmware is no longer maintained or no longer compatible with signing software. Seed phrases, on the other hand, can always be restored to any BIP39-compatible device.

Seed phrases add redundancy to individual keys

By increasing your redundancy of individual keys, seed phrases reduce dependency on individual hardware providers and on trusted third-party collaborative custody partners like Unchained.

In a 2-of-3 with seed phrases, Unchained clients are responsible for securing four important pieces of private key material. Due to the redundancy of seed phrase backups, three of these four items could become lost or compromised for non-adversarial reasons and clients can still work with Unchained to recover funds, creating a balance between the security of physically separate keys and significantly increasing redundancy.

3-of-5 seedless or partial seed backup is not more secure

By adding keys through a 3-of-5 and not maintaining any or only a certain number of seed phrases (which happens often, as described in the next section), you can end up with less redundancy than 2-of-3 with seed phrase backups, and more complexity. It also exposes you to potential catastrophic technical faults with hardware devices—less rare than you’d expect.

As close to sovereign as possible

In the bitcoin-native economy, there’s no reason any single company should become a point of failure or prevent you from accessing your bitcoin at any time. Securing your seed phrases gets you closest to being truly sovereign over your wealth, and it’s an important consideration when comparing the trade-offs between multisig quorums.

2. Focus on optimizing security for each key

Multisig eliminates any given key, whether in the form of a hardware device or seed phrase, as a single point of failure. Adding more keys can often compromise security instead of enhancing it by creating a significant additional operational security burden while not necessarily increasing fault tolerance. For this reason, we believe clients should focus on fewer keys with seed phrases backed up and greater security around individual storage locations of all key items.

2-of-3 done properly is already a high bar

For practically all individuals and small/medium-sized businesses, properly securing four critically important items (two hardware devices + two seed phrases) in separate physically secure locations plus a configuration file is already a very high bar. Hence, securing more than four items almost always results in individuals and businesses sacrificing the security of individual key locations or co-locating keys.

Security is about balance. The most common way that people lose bitcoin when self-custodying is by introducing too much complexity. It’s easy to overweight adversarial attack vectors and introduce great complexity such that the complexity itself becomes the primary risk factor.

2-of-3 offers resistance to malicious attacks while minimizing complexity

2-of-3 allows you to keep your keys secure while not introducing so much complexity that you become your own worst enemy. However, you are still highly fault-tolerant and resistant to malicious attacks in 2-of-3 collaborative custody, with each critical item properly secured.

• Without an Unchained signature, an attacker would have to physically compromise at least two physical locations without your knowledge and have specific knowledge that the discovered keys are used in multisig and compromise your multisig configuration information.
• If an attacker compromises one location and somehow got access to your Unchained account (which will ideally be protected by your login credentials and two-factor authentication) to request a signature to spend, we have a rigorous validation process to identify intent and identity.

3-of-5 requires too many secure locations

The risk of a malicious attacker compromising two physically secure key locations and a wallet configuration file is so low that introducing greater complexity by adding keys most often reduces security. With 3-of-5 collaborative custody, with proper seed phrase backups for each key, you would need to secure eight secure locations. Even if you only secured a seed phrase for the minimum to create a quorum (three), you would still need six secure locations.

You are your own worst enemy

Remember, your greatest threat is most often the complexity that you yourself create, not a malicious attack. The fewer items you need to secure with greater security of each key, the more you can take your time to optimize the security of each location and ensure the worst-case adversarial scenarios and the need for re-keys (see below) are minimally likely.

3. Security also involves availability of access

By using multisig and geographically distributing keys, you are functionally making it more difficult for you to access funds such that it becomes practically impossible for someone else (e.g., a malicious actor) to compromise your funds. Still, bitcoin is a savings vehicle, and it’s important that savings are available to you when you need them.

2-of-3 lets you spend with access to just one key

With 2-of-3 collaborative custody, you only need access to one key to be able to spend and can rely on Unchained to verify your identity and intent before countersigning a transaction. For example, you could travel with a single key, while not exposing your funds to loss, and still be able to complete a transfer of funds by relying on Unchained.

Going bigger than 2-of-3 requires trade-offs

With multisig setups larger than 2-of-3, security trade-offs are typically necessary to regain some reasonable availability of access. While introducing more keys, if any of them have marginally reduced security, whether by including a mobile device key in the quorum, multiple keys stored in the same location, or otherwise, the entire setup can more easily become exposed and require a re-key as explained below.

With 3-of-5 in a collaborative custody context, you need access to a minimum of two, which could make things difficult if properly distributed. And when traveling, it is both inconvenient and non-ideal from a security perspective to carry two keys on your person.

4. Avoid mobile device keys to minimize re-key events

Every time a key is lost or compromised with a multisig setup, you must immediately go through an arduous re-key process, which requires setting up a new key, creating a new wallet, and transferring all bitcoin to the new wallet. In a crisis situation, traveling to secure locations to access keys and make transfers is the last thing you want to be doing and can expose you to further vulnerabilities.

Mobile devices are exposed to remote threats and are easily lost

Mobile devices, commonly used to hold keys in multisig setups, are always online, exposed to remote threats. They also get lost all the time. For this reason, the better trade-off for most holders of material bitcoin wealth is properly securing hardware devices and seed phrases and keeping a smaller percentage of holdings on a mobile device if needed for easy access.

2-of-3 minimizes re-keys by minimizing your need to access

Our core 2-of-3 vault product is designed for dedicated cold-stored hardware devices and seed phrases. We recommend keys be stored in physically secure locations and only accessed when needing to sign a transaction or traveling with a single key should you potentially need to access a significant amount of wealth. With such an approach, you will minimize the need for re-keys and create the right balance of security, complexity, and accessibility.

3-of-5 is particularly troublesome for re-keys

Re-keys will happen more often if you’re relying on a 3-of-5 with any mobile keys or improperly securing any of the key items in your setup (mobile keys are generally accepted to have reduced marginal security and are constantly on the move with you). Re-keys also involve an on-chain spend, which could be particularly problematic for miners and DCA fans who use 3-of-5, where a large number of UTXOs can make spends exorbitantly expensive.

2-of-3 is the right balance for your generational wealth

In summary, while our system could support larger quorums like 3-of-5 on a technical level (Caravan already does), we offer 2-of-3 collaborative custody for very intentional reasons, namely that it:

• maximizes security while minimizing complexity and increasing redundancy,
• strikes the correct balance between eliminating all single points of failure, including key locations and third parties (hardware wallet manufacturers or collaborative custody partners),
• reduces the burden of operational security,
• maintains availability of access to funds, and
• minimizes the security threats and inconvenience associated with re-keys.

If you have any questions or you’re interested in learning more, please schedule a consultation to set up your Unchained vault today.