How does the bitcoin source code define its 21 million cap?
Many of bitcoin’s staunchest critics have expressed doubt about its 21 million cap, but perhaps the most mindless criticism relates…,
After a long time holding bitcoin using a hardware or software wallet, you may start wondering how you can get some additional security. The first step you take beyond standard singlesig self-custody is an important one. Two approaches people often consider are a passphrase, which adds a one-word secret to access your bitcoin, and multisig, which secures your bitcoin with multiple keys. Let’s see how these two approaches compare.
By adding a passphrase to your singlesig wallet, you add a 13th or 25th word of your choosing to your seed phrase, which generates a wholly separate and unique wallet from the default wallet generated without a passphrase.
For brevity, we’ll refer to a singlesig wallet with an added passphrase simply as “passphrase” or “a passphrase” throughout the rest of this comparison.
Before we dive into all the differences between using a passphrase and using multisig, it’s helpful to understand seed phrases. Typically, you back up your wallet by storing the list of words that make up your seed phrase. These words generate the keys that allow you to spend your funds.
One major difference between your seed phrase and your passphrase is that your wallet randomly generates your seed phrase words, while you create your passphrase. A passphrase can be any word, phrase, or sentence up to 50 characters, but it’s case-sensitive and must be entered precisely. (Using your dog’s name Henry as a passphrase, for example, will generate a completely different bitcoin wallet than if you use henry.)
Note: A passphrase and a PIN are two different things. A PIN is commonly used to protect hardware wallets with or without a passphrase. A PIN protects access to the device; it does not protect or change the seed phrase as a passphrase does.
You can create an infinite number of passphrase wallets associated with a single seed phrase backup and hardware wallet. This allows for a few nifty tricks—for example, you could create a wallet using a passphrase to store most of your bitcoin while keeping a small amount in the default wallet with no passphrase. This could help protect your funds from $5 wrench attacks.
Singlesig with a passphrase is a step up from singlesig; it’s a middle ground between using a seed phrase by itself and using more fault-resistant approaches like multisig. A passphrase adds some protection in that it distributes your risk across three critical items (your device, seed phrase backup, and your passphrase), but it still has a major single point of failure. If your passphrase is ever lost or forgotten, your bitcoin are gone forever because you no longer have the key to the bitcoin wallet.
Multisig is a bitcoin custody model where you construct a wallet using multiple bitcoin keys instead of just one. Multisig is very flexible, allowing wallet developers and even users to set the total number of keys used to construct the wallet (n) and the number of those keys required to spend (m). This creates what’s called an m-of-n quorum.
Choosing a higher m, lower n reduces the redundancy of your multisig quorum, making your bitcoin harder to compromise but easier to lose access to yourself. Choosing a ratio that is lower m, higher n increases the importance of protecting each key from access by third parties.
In other words, a 5-of-5 wallet is not fault-tolerant from the keyholder’s perspective, and you could lose your bitcoin if you lose just one key, even if there’s no attacker at all. A 1-of-5 wallet is very fault-tolerant but would allow an attacker to steal your funds with just one key (and knowledge about your multisig setup). The key (pun intended) to multisig is finding a proper balance between these two.
There are practically infinite ways to approach multisig, but the most popular approaches are 2-of-3 (three keys total, with any two keys required to spend) and 3-of-5 (five keys total, with any three needed to spend). If you want to learn more about the differences between 2-of-3 and 3-of-5 multisig, we’ve written an extensive analysis covering whether more keys are more secure for your bitcoin.
For our comparison of passphrases to multisig, we’ll primarily focus on the 2-of-3 multisig model. It’s the most popular multisig setup and, in our view, offers the best set of trade-offs for most bitcoin holders. We’ll also consider how collaborative custody multisig tilts the balance.
Collaborative custody is an option unique to multisig that allows you to share the responsibility of bitcoin key storage with a third party that can act as a backup if necessary—the third party still has no control over funds, as you hold the majority of the keys in the multisig quorum. The main trade-off of collaborative custody is sharing your data with a financial institution.
This stands in contrast to standard multisig, where you hold and control all the devices and keys yourself.
Since multisig uniquely allows you to deploy multisig quorums with collaborative custody partners holding one key in the quorum, this changes the dynamic of many of the below comparisons where standard multisig may not be as favorable.
Yes, you can add passphrases to one or more of the keys used in your multisig m-of-n scheme. But should you? Most bitcoin users set up multisig wallets without passphrases because multisig already eliminates a given hardware wallet or seed phrase as a single point of failure. Adding passphrases can add unnecessary complexity, and unnecessary complexity diminishes security rather than improves it.
A passphrase is undoubtedly more convenient than standard multisig—most software and hardware wallet manufacturers make it trivial to add a passphrase, and singlesig, in general, is still simply less daunting for most people. With a passphrase, you only need one device, one seed phrase, and your passphrase to benefit from an additional layer of security.
With multisig, you have to properly set up, back up, and store multiple devices and seed phrases as well as a wallet config file.
One twist: multisig collaborative custody is much more convenient than standard multisig. This is because collaborative custody partners have made setting up and securing your keys with multisig far easier with services that walk you through the process and teams of humans that make setting up and using multisig more painless than ever.
The convenience of a passphrase also comes at a cost: retaining some of the single points of failure of singlesig while introducing new ones (the passphrase). In light of that and how collaborative custody multisig has become far more accessible to everyday bitcoin users, we’ll call this one a draw.
It’s easier to back up a single hardware wallet, a seed phrase, and a passphrase than back up all the keys and seed phrases necessary to properly store your bitcoin in a standard multisig wallet.
When you use a passphrase, you should treat your passphrase similarly to your seed phrase in terms of backup—relying on your memory is almost never a good idea and makes your own physical body a single point of failure. Still, it’s only three items to take care of for a passphrase setup.
With multisig, you have to secure a key and a backup for each key. If you’re using standard 2-of-3, there are six items to secure (three keys, three seed phrases). You can reduce this to four items to secure if you use a collaborative custody partner. You also have to keep track of a multisig config file in both cases, without which you can’t reconstruct your wallet. With quorums larger than 2-of-3, backup for multisig gets far more complicated.
|Keys||Custody||Keys to secure||Seed phrases to secure||Passphrase to secure||Total items to secure||Maximum items lost while still retaining access to your bitcoin*|
|2-of-3 multisig||Collaborative custody||2||2||optional||4||3|
* Remaining items must belong to different key-backup pairs. You must also still retain your multisig config file backup. Losing any multisig keys or seed phrases is dangerous; you should arrange replacement keys as soon as you discover a loss/fault.
While collaborative custody multisig brings this category close to another draw, the addition of another item to secure and the need to properly secure wallet configuration information gives passphrase the win for ease of backup.
To understand the differences between passphrase and multisig for availability of access, you have to consider multiple possible scenarios: singlesig with and without properly secured passphrases, standard multisig, and collaborative custody multisig. Each of these has different availability of access profiles.
With a passphrase done in a secure way to maximize fault tolerance and attack resistance, you need to secure your hardware wallet, seed phrase, and passphrase. You could store these items in any three locations on your property (or wallet and seed phrase geographically distributed, depending on your risk tolerance). You could theoretically make these as difficult-to-reach as multisig e.g., needing to reach two separate locations to access your funds. However, a passphrase still requires you to bring all critical items together in one place, as noted in Resisting attacks below.
If you choose to use a passphrase that you can remember, you can maximize availability of access with a passphrase. At any time, you can grab your hardware wallet and take off with complete access to your funds. You don’t have to worry about being unable to access one location due to lockdowns or other unexpected travel restrictions.
There are major trade-offs to this approach. For one, your passphrase is more likely to be a weak one—making you more vulnerable to an attacker guessing or acquiring it through a social engineering attack. An attacker could also coerce you into sharing your passphrase if you memorize it. Finally, capitalizations, special characters, and spaces can affect your ability to recover the key, making memorization dangerous.
Multisig makes it harder for an attacker to get to your bitcoin, but that necessarily also means it can be inconvenient for you to access it yourself. This is especially true when you do multisig yourself; you must always access at least two locations to spend bitcoin.
We recommend our clients follow the best practice of geographically distributing all of their critical items (hardware wallets and seed phrases). If you use a larger quorum like 3-of-5, you may have to travel to three or more locations, depending on how you set it up.
Like with convenience and ease of backup above, collaborative custody multisig brings multisig closer to using a passphrase in terms of availability of access. In standard multisig, you must always access at least two locations, but multisig collaborative custody allows you greater access with just one hardware wallet. You can keep one hardware wallet on your person and request that your custody partner sign with one of the keys they secure on your behalf.
It might seem a passphrase has the advantage for ease of access, because you could remember a passphrase (although you should never depend on your memory for bitcoin custody!). You can’t easily memorize an entire seed phrase for a second multisig key. Passphrase memorization has serious fault-tolerance concerns, however, and collaborative custody multisig allows you access to your funds without needing to access multiple key locations. For that reason, we’ll call this one a draw.
Mining fees in periods of low demand for block space are very cheap, leaving this category often irrelevant. However, it remains true that multisig transactions are more expensive than singlesig transactions. Using a passphrase with singlesig doesn’t add anything additional to the mining fee above standard singlesig; the mining fees are directly correlated with the number of keys involved in the transaction.
Transaction costs are higher with 2-of-3 multisig compared to using a passphrase, but this comparison becomes more critical with larger multisig quorums, as we explained in our article comparing 2-of-3 with 3-of-5.
In times of high block space demand, any multisig transaction can become expensive, but this is especially the case with larger numbers of keys signing (the m in m-of-n) for transactions that are spending from larger numbers of deposits (UTXOs). This could change in the future with Taproot, however.
Fault tolerance is another place where multisig shines against singlesig with a passphrase and singlesig in general. That’s because the nature of multisig (and, again, proper key storage and seed phrase backups!) makes it very difficult to lose enough keys (and the necessary wallet configuration information) to lose access to your funds.
While still a dangerous scenario that you should seek to remediate as soon as possible were it to occur, a standard 2-of-3 multisig allows you to lose up to three hardware wallets and a seed phrase and still recover your bitcoin using your two remaining seed phrases.
Holding a key in 2-of-3 with a collaborative custody partner is slightly different: you only need to look after four items and can have only one remaining and still access funds with your financial partner’s help.
Comparing the fault-tolerance of passphrase (standard self-custody) to multisig 2-of-3 (collaborative custody).
As you can see above, using singlesig and a passphrase leaves you vulnerable in comparison to collaborative custody multisig. You will still be able to recover your funds if you lose one of either a wallet or a seed phrase, but losing (or forgetting) your passphrase is the single-point-of-failure endgame. A passphrase makes your singlesig wallet less fault-tolerant than a singlesig wallet without a passphrase because if you lose it, you lose the bitcoin completely.
Multisig provides significant resistance to both remote and physical attacks when hardware wallets and seed phrases are generated, secured, and maintained correctly. In properly-managed multisig, it’s very unlikely that an attacker will be able to steal or compromise all the necessary information (multiple devices/seed phrases and wallet configuration info) to sweep the funds in your wallet.
With a passphrase, while an attacker has far fewer hoops to jump through than multisig, they would still need to compromise either your hardware wallet or seed phrase and your passphrase. This could be easier than compromising two seed phrases (or wallets/PINs) and your wallet configuration information, but it’s still difficult.
There’s one notable way in which a passphrase is better for preventing attacks than multisig: privacy. A passphrase allows you to maintain the same signature footprint on the blockchain as singlesig, which helps to make you less identifiable. Using multisig reveals information about your bitcoin security model if someone manages to connect your identity to an address. The more someone knows about your security model, the more they will be able to craft a personalized plan of attack.
Because no one key in a 2-of-3 multisig quorum can compromise your funds, you have greater flexibility with storage—you can store single keys with trusted family members or in safe places like safe deposit boxes. Your ability to do this with a passphrase setup is limited; while the trusted partner can’t spend funds with just a hardware wallet or seed phrase, they can still mistreat a stored seed phrase, for example, and jeopardize your bitcoin entirely.
Another advantage for multisig: With a passphrase, you have to bring all sensitive items together in the same place for every spend. With multisig, each part can be signed separately and remotely. A newer standard called Partially Signed Bitcoin Transactions (PSBT) is becoming popular that facilitates multisig signatures for bitcoin transactions before they are ready to be broadcast.
Keyloggers are also an attack vector in some situations where you use a passphrase. Many software and hardware wallets prompt you to enter your passphrase on internet-connected devices. In these cases, the passphrase is vulnerable to keyloggers and doesn’t offer the same security as a multisig private key which is kept permanently offline. Anything that touches a device connected to the internet is vulnerable. In some cases, such as with the Trezor Model T, hardware wallets allow you to enter your passphrase offline on the device itself.
Both passphrase and multisig offer the opportunity for duress features. With a passphrase, you can easily set up a secondary passphrase that would give an attracker access to a decoy wallet. With multisig, as long as you can keep it a secret that any given hardware wallet or seed phrase is part of a multisig setup, you can protect yourself by using one of the keys in the quorum as a decoy as well.
Altogether, multisig has the slight upper hand for attack resistance. In 2-of-3, an attacker would have to physically compromise at least two physical locations without your knowledge and have specific knowledge that the discovered keys are used in multisig and compromise your multisig configuration information.
Collaborative custody is a key benefit to multisig over using a passphrase, but custody is just the beginning of what a partner can offer. Multisig opens the door to financial services done in a trust-minimized way, such as collateralized loans (where three parties can share custody of funds so that all parties have transparency as to the state of the funds on the blockchain). Other services like IRAs can take advantage of a custody partner’s legal structure while allowing you to hold the keys to bitcoin using the same devices you use for your personal custody.
Additionally, multisig collaborative custody uniquely solves for the problem of bitcoin inheritance. With a passphrase, you have to not only ensure that your bitcoin wealth is protected from user fault and malicious attacks, but educate loved ones as well on how to do those things in the event of your passing. With multisig and a collaborative custody partner, you can know your funds are secure while also leaning on a team of humans to help the executor of your estate pass ownership.
|Convenience||Ease of backup||Availability||Transaction costs||Fault tolerance||Resisting attacks||Financial services|
Among these seven categories, it’s clear that multisig has the edge over using a passphrase in most scenarios, mostly due to the options afforded by multisig collaborative custody. There are some advantages to custodying your bitcoin in a singlesig context. Still, multisig is a must if you want to get the benefits of self-custody without the anxiety of single points of failure.
Regardless of whether you use a passphrase, the reasons you would use singlesig over multisig are primarily about ease of backup and transaction costs. A singlesig wallet is easy to set up and spend from, they require just one seed phrase backup, and you always have physical access since your keys are not geographically distributed.
Taking the step of adding a passphrase has many benefits, most notably the layer of additional security it affords you. A passphrase protects from simple theft of bitcoin by way of a hardware wallet or seed phrase compromise and allows you to create additional wallets for duress scenarios. It also has privacy and convenience benefits over more complex setups like multisig. However, it is a risky approach if you don’t understand that your passphrase isn’t just a password—it gives you a new bitcoin wallet entirely, and if you forget it or lose it, your bitcoin is gone forever.
Long-term bitcoin holders often see their once-inconsequential holdings become a substantial percentage of their net worth in short order, and multisig is the final destination for most people who want to self-custody their generational bitcoin wealth. Standard multisig has greatly improved security and fault tolerance over singlesig with a passphrase, but it comes with the cost of convenience and access to funds.
Multisig, whether standard or collaborative, provides you with ample security and eliminates most, if not all, single points of failure. This is at the heart of all the things multisig provides: resistance to remote and physical attacks, protection from mistakes like losing keys, distribution of key control among spouses or business partners, and the option to partially share custody with a third party to eliminate yourself as a single point of failure.
Often, the risk of loss associated with making a setup too complex (mistakes due to difficulty of setup, forgetting key details, or losing access to keys) is greater than the risk of third-party attack. Collaborative custody drastically reduces all of those risk factors for multisig.
It’s true; every decision you make regarding bitcoin custody involves trade-offs. Perhaps multisig helps you sleep better at night, but you might have to drive several hours to get to that second key if you want to benefit from geographically-distributed keys. Or maybe you have to wait for your collaborative custody partner to verify your identity to sign with their key.
Choosing between singlesig (with or without a passphrase) and multisig isn’t an A or B choice; the answer for you might even be both! Maybe you want to secure the more significant portion of your net worth in a multisig collaborative context for peace of mind while keeping smaller amounts for easy access available in a software wallet on your phone.
It’s all about looking at your situation and finding a balance between the trade-offs we walked through in this article.
The difficulty of getting started with multisig tends to be overestimated, and the benefits you get from it—whether they be the peace of mind, flexibility with backups, or access to financial services—tend to be massively underestimated.
Sign up for an upcoming webinar if you want to learn more about bitcoin multisig, and check out Concierge Onboarding if you think you’re ready to jump in. You’ll receive an onboarding call with a vault specialist, training on using our open-source recovery tools, access to Continuing Education webinars, and more.
Many of bitcoin’s staunchest critics have expressed doubt about its 21 million cap, but perhaps the most mindless criticism relates…Ted Stevenot, Stephen Hall
When Satoshi Nakamoto created bitcoin, he established in its code a fixed number of bitcoin that will ever exist. Since…Ted Stevenot
Originally published in Parker’s dedicated Gradually, Then Suddenly publication. Bitcoin is often described as a hedge, or more specifically, a…Parker Lewis