every Hodler needs to balance the risks of lose vs. theft…
- lose from user error
- theft from weak PKM (private-key management)
while there’s obviously a subtle spectrum, and differences based on individual threat-assessments,…
here’s the 4 levels of Methods :
4. custodial
some rich guy,… or a newbie
- big counter-party risk
exchanges, services, wallets
Zapo
other examples… — boring.
now, let’s get serious…
3. single-point-of-failure (SPoF)
a prepper w/ safes & guns & pass-phrases
- attackers can win big & steal your savings
- this is the sad norm today (summer 2018)
- the classic “$5 Wrench-Attack” highlights the key fault of this category
when HODLing isn’t safe, how can Bitcoin scale ?…
many Hodlers have reverted to a pre-bank, stone-age — where they have to defend their private-keys all by themselves…
Good News! — some people are building solutions!…
Jameson Lopp clearly leads our way!… educating and working to help increase personal security & enhance private-key management. From his horrible, personal ordeal — to inspiring firearm enthusiasm, to documenting physical-attacks, from his work at Casa , for the bitcoin resources and for all his work…
“thanks bro!…”
bad news…
currently, some community leaders, still encourage foolish strategies based on weak game-theory & faulty logic — which is putting people in danger!
to summarize “Duress” pass-phrases —
- BEFORE — they incentivize attacks !
- DURING — they incentivize torture !
- AFTER — you lose all your bitcoin !…
see terms/ topics/ techniques below…
and note — that while, the issues & techniques below may help,
You could still be a — Single-Point-of-Failure!…
pins
strong passwords
F2A
BIP39 — mnemonic seed-words
hidden vs locked (in a safe)
plain text vs encrypted
environmental protection
tamper-evident bags
faraday bags
bit-rot
decoys
“bug-out” & “bounty” bitcoin
back-ups in multiple locations
the Glacial Protocol
a thorough check-list made by the CCSS
*** Glacier & CCSS also examine other critical security topics — such as — Key / Seed Generation & Wallet Creation, — but — especially considering our community’s confidence in hardware wallets, — these issues, comparatively, hold minor importance for the average Joe Hodler today, and are thus unnecessary for our examination here…***
let’s review
- counter-party risk because of custodial storage (#4) // dumb
- physical-attack because of single-point-of-failure (#3) // dangerous
let’s look ahead
- Multi-Sig / Multi-Location (MS/ML) semi-skillfully utilizes counter-party risk (#2) // antiquated
- advanced Private-Key-Management (aPKM) minimizes counter-party risk to negligible levels with better strategy & software (#1) // the future
“Find a balance between the security of your Keys during life, and the importance of your Inheritance, after death.”
2. multi-sig / multi-location (MS/ML)
wealthy businessman flying to distant cities, security-boxes and bank vaults,…reading the “BTC Cold-Storage 4 Dummies” guidebook OR
a techy bitcoin-enthusiast slowly refining his method…
- commonly seen as the best method
- it’s good, basic security — just antiquated…
- the defining flaws of this level are — the necessity of meat-space travel & the centralization of signatories
Note — BOTH multi-sig AND multi-location are essential to NOT be a SPoF !
DIY
- Electrum Multi-Sig — Set-up Guide
- Copay: oh, no, wait ! — Bitpay sucks !…
expert services
shamir’s sharing secret
air-gapped hardware
review various Hardware Wallets :
Trezer 1 & Trezor T
Ledger Blue & Nano S
Coldcard
issue — multi-device— limit your exposure to hardware bugs & hacks by using multiple brands of hardware devises
issue— single OR multiple signatories— // discussed below
issue — quality of signatory-verification— // discussed below
Here’s Glacier’s critique of — Multi-Sig :
drawbacks of MS/ML
commenting on Glacier’s points (pictured above)
- Privacy— signatories see the wallet’s balance // aPKM would & CWAP does avoid this fault by only sharing 12 of the 24 seed-words // another solution is described below
- Signatory Collusion — it’s a risk until better aPKM // CWAP avoids this risk as well, by using the same method, described above
[m-of-n] configured multi-sig wallets have a contrary aspect, —
there are two (2) opposing-forces, —
- if, “m” is too small & one or two signatories fail — your keys are lost !
- if, “m” is too big — the chances of collusion increase — your keys are stolen!…
— so, you really must find the perfect sweet-spot… // not easy…
Conversely, CWAP uses a network of peers, where — the more signatories — the better!… // within reason, of course…
Here’s another interesting way
that aPKM can solve Signatory Collusion —
currently, multi-sig wallets use a [m-of-n] set-up, where “m” makes the function execute within the space of “n” possibilities…
let’s add “h”, so we get [ h+ (m-of-n) ], where “h” stands for the Hodler, so that every transaction requires h’s signature — thus eliminating the possibility of signatory collusion // also solving the above privacy concern…
- Signatory Reliability — advanced PKM will minimize risks…
for now, Education & Training is so Important !
the best are:
— properly-vetted
— trained
— personally-familiar
— & have skin-in-the-game // incentivized
see my crash-course letter for Signatories
- Signatory Safety — making their life more dangerous, — isn’t cool !…
but, attackers could — more easily— identify & target your loved-ones because they tend to be in closer physical proximity with you as opposed to your signatories…
Glacier also assumes that the Holder will not comply with demands, but this clearly is a possibility, as we’ll see in the example below…
Consider a classic ransom scenario —
someone’s threatening to hurt your loved-one. Under such emotionally distress, you agree to the attackers demands. so, you pretend everything is fine. you go to the airport and then to the bank… All goes smoothly and you retrieve all your keys… the attacker wins !
while, the Hodler, in the above example, was using multi-sig, — he was only using a single-signatory approach — which requires a lower-quality of verification…
now, imagine, instead — that he was also using multi-signatories…
could he have gotten those keys so easily ?…
then, imagine how different signatories would provide different quality work — some much better than others…
i reason that —
friends provide the best-quality verification
- they know you 100x better, than some pencil-pusher…
- they have skin in the game !
and, if they’re well-trained, they could even detect — if you’re trying to deceive them!…
MS/ML leverages traditional infrastructure, like the metal detectors & biometrics in airports, and security guards in banks.
that’s great!… but recognize —
- they don’t care about you !
- they have no skin-in-your-game…
Would they notice/care if you were intoxicated / unusually nervous / or upset ?… // maybe…
But! — if you have all your paperwork — the docs & IDs — the bank/ business/ airport will simply follow their protocols…
Even, imitation is possible, — when there’s poor-quality verification !…
Recall the amazing true story !…
- Kidnapping risk
also, Glacier only considers when the Holder gets kidnapped (and neglects to consider when a loved-one does, like in the above example), — thus painting the single-signatory approach as better than multi-signatory…
while, actually — the incentives are balanced, when recognizing that both Holder AND loved-one are equal targets…
so, we’ve returned to the issue of — single OR multiple signatories —
there are only a few scenarios where a single-signatory approach is better… one is when the Hodler doesn’t have enough close friends (for redundancy) to verify and/or would prefer to have a loved-one kidnapped, instead of himself // yes, you read that correctly…wait for it…
also, Glacier assumes signatories will comply with the attackers demands & also assumes — that the Holder will not comply with demands — again greatly distorting the possibilities and arriving at inaccurate conclusions…
we all need to recognize & make this choice, now!—
- single-signatory — incentivize a loved-one’s kidnapping
OR
- multiple-signatories — incentivize your-own kidnapping
// note — that, by default — you’re using a ‘single-signatory’ approach…
these are the crazy realities of programmable money,
but there is hope…
training & preparation ! —
if your signatory has prepared for this particular emergency, the emotional shock will be reduced. they will not feel desperate helplessness, but, instead — they’ll feel righteous, empowered wrath! — as they effectively execute pre-arranged counter-measures!…
fortunately — eventually — this risk will significantly decrease with aPKM…
for example — the skillful use of nTimeLock :
- a panic button
- a dead-man switch
- when a verification-request gets flagged as suspicious
- meat-space
the necessity of physically-traveling threw meat-space is kinda ridiculous in 2018, right…
- centralized-signatories
my last criticism of MS/ML concerns how private-key custody can scale…
1. advanced Private-Key Management (aPKM)
a cyberpunk — by the people — for the people!… a hard-core freedom-loving hacker!… writing open-source software!… bringing freedom, privacy, sound money… and — peace & happiness to the world…
ok, ok, maybe i’m exaggerating…
but, this category doesn’t have obvious examples…
Why?… because it’s rare !
it might help to examine the only known example — CWAP
& compare ( Casa vs CWAP )
CWAP is the only method of aPKM that —
- avoids SPoF
- avoids all the disadvantages of MS/ML
- has an inheritance protocol
- is executable by the average Joe Hodler, and
- can scale…
CWAP uses MS/ML, but differently…
- MS — by simple manipulation of the 24 nemonic seed-words
- ML — by separating the access information
- Inheritance — by the skillful use of pass-phrases to designate heir’s wallets
CWAP’s set-up is —
[(1-of-m) + (1-of-n)], where the 12 seed-words you hold are “m” and the 12 that your signatories hold are “n”
aPKM, and specifically CWAP, are better than MS/ML for all the previously described reasons,
so I differentiate the category with the term “advanced”
// because, of course, there are many methods of PKM…
developments in aPKM, will —
- solve the problems of MS/ML
- monetize cold-storage with the Lightning Network // maybe…
- add more great features // that we can only now imagine !…
watch-only wallets
nLockTime
an Inheritance protocol
call to action—
it’s my prayer that leaders like Samourai Wallet & GreenAddress & SatoshiLabs & nvk & nopara73 & Jameson Lopp & Jimmy Song & Andreas M. Antonopoulos & others—
- support the skillful use of Pass-phrases, so that — at least, we’re not incentivizing torture !
- help the average Joe Hodler move beyond single-point-of-failure !
- keep developing advanced PKM software !… thanks!…
in Conclusion
many Hodlers still think of bitcoin, in the traditional, binary way —
“you either have it or you don’t…”
but, bitcoin is programable money —
which blurs the lines of location, ownership, accessibility & functionality…
now, a new quality of money is emerging —
based on it’s intangible nature,…
what i’ve heard, colloquially expressed, as
“unconfiscatable”
// i can hear Adam Meister’s voice now…
and whereas 100% unconfiscatable is faaar from today…
it gets to the point, that—
our money is going to be much, much more secure…
especially for the average person !
bringing peace to the world !… // bear with me…
because if it’s very, very difficult to steal,—
attackers are much, much less likely to try…
bitcoin makes our money immutable.
advanced private-key management empowers the people,
— strengthening individuals with ‘unconfiscatable’ wealth!
