https://snort.social/e/nevent1qqsznkkhpc3exsucv0kpgqkcltrewsqv3vsl8pekppvzsk6k9zm3zqgpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsp80xy5
But here is a really nice description from valentinoz (npub1tal…kz4r)
cc NVK (npub1az9…m8y8)
https://twitter.com/vazertuche/status/1675905986391949312
C&P below for those without the bird app:
Leveraging BIP85 on the @Coldcard
to create a 2 of 2 multisig setup that's better than any 2of3 and you only need 2 HW wallets, 1 seed backup and no wallet files.
Here’s a novel multisig setup that checks all the security boxes and only requires 1 seed plate + passphrase and 2 hardware wallets, one being a @Coldcard
and the other one of your choice.
The heart of this setup requires a basic understanding of BIP85 however. While few people understand how the seed words we keep, break down simply to become a 256 bit number that we use as entropy into a system which can deterministically create billions of private keys for us to use, even fewer understand how that same process can be used to NOT just create private keys but other sets of seed words and even passwords. Coldcard is the only manufacturer who currently includes the ability to use BIP85 which is why it’s required. I’ll go over the setup first and then break down the game theory behind it.
First, use the coldcard to generate your seed entropy noting that coldcard uses the random number generator from the Microcontroller and both Secure Elements which are sourced by different manufacturers on different parts of the globe and combines all three values and then hashes them to “whiten” them and remove any potential bias contained within them. If you want, you can roll dice and add even more entropy yourself to create a super duper random value to use as your seed words. You save the words in the coldcard and etch those into a metal plate. You then enter a secure passphrase and record that separately as well.
Now you use the Coldcards BIP85 feature to derive a new set of 12/24 seed words at index 0. (or whatever index you want) You write these down on paper. Next you do the same thing again but derive a 12/24 seed word set at index 1 and record these on paper.
Next you destroy the seed on the coldcard and start over. This time you enter in the 12/24 words you wrote down on the piece of paper for index 0. Once you’re done, you do the same thing with your second hardware wallet, entering in the seed words you wrote down for index 1. You then burn both the pieces of paper destroying them. You aren’t worried since you know you can re-build them using the etched metal seed words and your passphrase.
You then can proceed to set up a multisig using both hardware wallets. You then drive over a state and store your metal plate in a secure, unknown, new geographic location. (for this example lets say its securely hidden in your Aunt Marges barn on her farm) As for the second hardware wallet, you store that in a safe deposit box in a bank at least 1 hour or more from your home. (or across the country or whatever, I’m just giving an example)
Now no wallet files are needed since you are basically just using a two of two and can re-build your wallet file from either the two hardware devices (assuming they both support showing the xpub. Coldcard does but others may not) or your seedplate/pass. If you want, you can easily create an encrypted backup of your wallet file using BIP85 to generate a password. You can store this encrypted file securely in multiple locations and you won’t need to worry about how to also backup your secure password since it was generated from your master seedwords/pass like everything else.
Now the 2 of 2 multisig exponentially increases your security in a variety of ways since your not trusting any 1 device. (Note: the BIP 85 functionality can easily be verified so no need to trust the coldcard) If someone tries to do a $5 wrench attack on you, you have the security of geographic key distribution which is crucial.
Game Theory: If your Coldcard at home is lost of damaged you can use your seedplate/pass to restore it. If the second hardware wallet at the bank is lost/stolen/co-opted by government you can rebuild that in the same way.
If your seed plate is lost/stolen you use your existing devices to move funds to a new seed plate following the same setup. If your metal seed plate is somehow discovered, your strong passphrase will protect that as well. I think this is a win/win over all. No multiple seed plates, no multiple wallet files.
Or course you can extend this further to do a 3 of 3 spread over 3 locations. Again, using BIP85, one seedplate/pass is all you need for backup.
Inheritance can also be done with this setup. Preferably, the use of miniscript and a decaying multisig would be a good place to start. Your two of two multisig could be set to decay to a single sig that is controlled by your loved ones and is accessible after a year. (just an idea) In addition you can use Coldcard’s XOR seed splitting in an inheritance scheme.
To do this would simply need to add a few extra steps to your restore instructions you leave to your loved ones. It would work as follows:
1. After your colcard is setup with your seed phrase and password you use BIP85 to generate a new seedword set at index 0. However, this time instead of writing the seed words down you press 2 on the coldcard which prompts the coldcard to set the new seeds words as an ephemeral master key, in effect until next power down. In other words, your coldcard is now using the new child seed word set as its master seed word set. (until it’s powered off)
2. From here you repeat the previous step and use BIP85 to generate another seedword set at index 0 again. You write this seedword set down to use later in your coldcard. So instead of using the child of our master seed at index 0, we are using the grandchild at the same index.
3. We reset the coldcard and do the same thing again to get the next grandchild at index 1. So
a. Login coldcard
b. Derive Seed B85 at index 0
c. Press 2 at seed word list to promp cold card to actively use this seedword set as it’s master seed until power down.
d. Goto Derive Seed B85 again and generate seedwords at index 1. (See picture for visual example)
Why do this? Well…because we want to split our seed words to use in an inheritance setup and XOR seed splitting doesn’t include the passphrase. If we split the master seed word set, then our loves ones would not only need all the seed word shares but they would need the passphrase as well and that isn’t something many people want to have to worry about passing on since it may compromise their security while they are alive. So, by taking the first child seed word set of the masterseed/pass and splitting that one up, we are removing the need for inheritance shares to need the passphrase.
Last we need to write down the split shares that we will use for inheritance and reset and set up our two primary hardware wallets.
1. Login to Coldcard
2. Derive Seed B85 at index 0
3. Do XOR seed split to split into 2 seed word sets. (Coldcard allows splits up to 4 but only recommends 2 since you need ALL the seed words set to rebuild master set. If you loose 1, then it’s game over)
4. Write down the two seed word sets on paper.
5. Destroy seedwords on coldcard and enter in grandchild seed word set 0 and save.
6. Enter in grandchild seedword set 1 into second hardware wallet that you will be storing in another geographic location.
7. Etch master seed words into metal and both inheritance XOR split words into metal.
8. Burn all papers with written seed words. They are no longer needed since they are all backed up via your master seed plate.
Now you can leave one inheritance seed word set at home locked in the safe and let your family know this is your seed word set and to use it via instructions you will give them in your will. The second inheritance seed word set can go in your sealed will which will only be read out upon your death. If lawyer turns evil and tries to steal your funds he will have nothing since he only has one set. If anyone in your family turns evil and tries to steal from you they won’t be able to either since they only have 1 set. If your worried about an FBI raid it would be best to have the family seed word set not stored in the home in any place a raid can find it. The gov can get access to the one in your will no doubt but it won’t do them much good. Having both your hardware wallets in their custody as well will give you plenty of times to move funds if need be since they would have to break past both hardware wallets security.
Again, these are just some ideas I’ve been running through my head. There are always tradeoffs. Here I have traded some extra complexity in setup for a streamlined setup of not having to have multiple seed plates backed up all over the place along with an extra hardware wallet along with backing up wallet files all over the place. Any constructive ideas people want to add I’m all ears lol.
