Tyler Campbell
How does the bitcoin source code define its 21 million cap?
Many of bitcoin’s staunchest critics have expressed doubt about its 21 million cap, but perhaps the most mindless criticism relates…
,As technical director on the Concierge team here at Unchained, I’ve fielded countless client questions about bitcoin multisig. If you’re just beginning to understand the benefits of multisig and how it works in a collaborative custody context, I hope these ten tips will address some of your questions.
Bitcoin doesn’t live on your device
The phrase hardware wallet might make it seem like your bitcoin live inside the wallet itself, but that’s not the case—bitcoin is never in your device at all. In actuality, your wallet generates and stores your keys only. Your wallet also makes accessing the keys user-friendly by either plugging your device into a general-purpose computer or sharing information with your computer via a microSD card.
So where does bitcoin live, then? The bitcoin blockchain is a ledger that keeps track of every transaction that has ever occurred and the balances of every address on the network. Instead of storing your bitcoin, your hardware wallet protects and stores the keys used to unlock—or spend—bitcoin from those addresses.
You can restore your seed phrase to another hardware wallet
When you set up a bitcoin hardware wallet that respects best current practices, you should be prompted to back up your wallet using 12 or 24 words, typically on a slip of paper that the manufacturer suggests you protect in case something happens to your wallet. These 12 or 24 words are your seed phrase, as established in Bitcoin Improvement Proposal 39, or BIP39.
Your seed phrase is like the “key to the castle,” it contains everything you need to recover and use a key to all of the addresses protected by the seed phrase.
The nice thing about BIP39 seed phrases is that they are interoperable among hardware wallets that support the standard, which means you can recover your bitcoin wallet backup (seed phrase) to another brand of hardware wallet. If you initially set up your bitcoin wallet on a Trezor and want to move to a Coldcard, it’s as simple as importing those 12 or 24 words.
Read more: How to replace or upgrade a bitcoin hardware wallet
You don’t need your hardware wallet with you to receive
With physical cash, you have to be physically present to trustlessly and securely transact with another party. Bitcoin fixes this for the digital world. If you want to receive bitcoin but don’t have your hardware wallet at hand, you can still have a payment sent to the appropriate address.
As mentioned above, bitcoin does not live on your hardware wallet; it lives on the bitcoin blockchain. For that reason, as long as you or someone else sends bitcoin to an address that you hold the private keys to control, you’ll always be able to move those funds regardless of whether you have physical access to your device. If bitcoin is sent to an address you know you control, it will arrive perfectly fine in the background without your involvement.
What this means for you: If you create a multisig wallet and store your hardware wallets or seed phrases in secure locations, you don’t need to have physical access to them to deposit funds.
A device used as a key in multisig can still be used as a singlesig wallet
Multisig involves constructing a multisig wallet using the public keys of multiple devices, each of which could also serve as a standalone singlesig wallet without any issues. When you create a multisig wallet following the emerging standard processes, the preexisting singlesig counterparts have no idea the multisig wallet exists.
You could think of it as a group email address that forwards to multiple individual email addresses.
This means that, if you wanted, you could store smaller amounts of bitcoin on a singlesig wallet—all while keeping your primary wealth in a multisig wallet constructed using that device as one of the keys.
Confirm your multisig deposit address
Bitcoin transactions are completely irreversible, which means if you send your bitcoin to the wrong address, it can be lost permanently. Thankfully, you can use hardware wallets to check your multisig bitcoin address on the device before sending funds.
Checking your address on your device confirms three things:
- that the address was built correctly (i.e. that it’s 2-of-3 multisig, for example, and not 2-of-5 where an attacker has added two keys and actually controls the funds)
- that the computer you’re working on isn’t compromised with malware that finds and replaces bitcoin addresses with an attacker’s address, and
- that your device holds a key to the address.
Checking the address on your device should be done before sending meaningful amounts of funds to any address, whether singlesig or multisig. As of this writing, Trezor and Coldcard support checking multisig deposit addresses in the Unchained platform.
Read more: How do I verify the receiving/deposit address on my hardware wallet?
You don’t need your devices physically together to sign
With multisig, you don’t need to have all your keys in the same place at the same time to spend bitcoin. That means you can sign a transaction in Austin with one key and sign a day later in Dallas with the other. The transaction can only be broadcast after all the necessary signatures have been collected (two in a 2-of-3 multisig scheme, for example).
This is a significant advantage over other bitcoin custody models like Shamir’s Secret Sharing Scheme, which allows you to distribute control over your bitcoin private key by splitting it into multiple parts (secrets), but requires all parts to be present at the same time to recompile a single key and author a transaction.
You can make a mistake in multisig and still recover your funds
In all bitcoin multisig setups where m (the number of keys required to sign) is less than n (the total number of keys in the quorum), you are protected from single points of failure and can still recover your funds in the case that one or more critical items are lost, stolen or otherwise compromised.
There are scenarios in 2-of-3 multisig (with a collaborative custody partner like Unchained holding the third key), where as many as three items could be compromised before it becomes impossible to recover your funds.
Even though fault-tolerance in multisig provides peace of mind, all of these scenarios should still be protected against at all costs by following seed phrase and hardware wallet storage best practices, and you should always regain full control as soon as possible in the event that any of your critical items are lost or compromised. And that leads us to number eight…
Read more: The ultimate guide to storing your bitcoin seed phrase backups
You can replace a key in your multisig setup if needed
When using bitcoin multisig, if you ever lose a wallet or misplace a seed phrase, it’s important to replace this key in your multisig m-of-n scheme. You can do this with any of the popular multisig wallets.
Even if a single compromised key does not alone jeopardize your funds in most common multisig m-of-n schemes, replacing a compromised key will ensure that you regain complete control over your funds and eliminate the possibility that the key could ever be used against you in the future.
In a collaborative custody model like the one we use here at Unchained, replacing a key is straightforward. You can simply log in to our platform, choose the key that has been compromised, and quickly replace it with a new one. You can read the full process for replacing or upgrading a hardware wallet at the link below, and if you’re already an Unchained client, check out our Knowledge Base article.
Read more: How to replace or upgrade a bitcoin hardware wallet
You can construct multiple multisig wallets using the same devices
As we mentioned in number four on this list, using your hardware wallets/seed phrases for both a singlesig wallet and to construct a multisig wallet doesn’t cause any issues. Similarly, using your hardware wallets/seed phrases for more than one multisig wallet doesn’t cause a conflict among those wallets as long as you aren’t using the same extended public keys (xpubs). This is typically represented as a multiple accounts feature in most bitcoin wallets.
Hardware wallets allow you to use different xpubs from different derivation paths, which is a technical way of saying a different set of bitcoin keys on your hardware wallet generated by the same 12- or 24-word seed phrase. This means you can create multiple multisig wallets that stem from the same set of seed phrases/devices, like using the same devices for a personal vault and an IRA vault. Maybe even a loan vault as well!
Collaborative custody doesn’t introduce a single point of failure
When getting started with multisig collaborative custody at Unchained, one concern I hear a lot relates to dependence on our platform. If Unchained were to cease to exist or have significant downtime, how would you recover your funds if your wallets were constructed using our tools?
Our multisig platform is designed to eliminate all single points of failure, and that includes ourselves. As our platform is fully interoperable with established bitcoin standards, you can always recover access to your vault outside the Unchained platform with compatible software like our open-source multisig coordinator, Caravan, or bitcoin wallets like Sparrow or Electrum. Just make sure to safely back up your wallet configuration file!
Read more: How can I recover my vault funds using Caravan?
Follow us
To get the most out of Unchained and all of our products, be sure to subscribe to our channel on YouTube for regular educational information and Twitter for all the latest information about our products and services.