Multi-Signature – Setting Up Multi-Signature Correctly
I’m looking into setting up a multisig using Sparrow and wanted to know if anyone could find a flaw in my setup and potentially access my funds if I lose my keys.
Settings = 2 out of 3
Keystore 1 = Passport HWW
Keystore 2 = Cold Card HWW
Keystore 3 = Gordian Seed Tool (Mobile Hot Wallet)
We will set up a cold card and passport following the instructions in the video below.
Seeds for this are recorded on seed plates (one seed phrase per plate).
I’ll set up the Gordian Seed Tool, import it into Sparrow/export it back to the seed tool, and then deposit (the smallest amount possible) into my multisig wallet.
You will then use all three seeds to restore the wallet to another cold card and passport device and import that wallet into your new wallet on Sparrow.
If you have funds in your wallet, your seed phrases have all been saved correctly. Wipe off the original cold card and passport HWW.
The seed plates of the two HWWs are rigidly stored in different physical locations.
I will destroy my copy of the seed text from the Gordian seed tool.
You then test the BTC in your wallet in three separate transactions (signing all three possible combinations of two of the three major stores). If I can complete these three transactions, I am satisfied. I have access to my BTC. If any of the three key stores are compromised,
my question is
- Are there any obvious flaws with this kind of storage setup?
And more importantly
- If one of the keys is physically compromised, the only other information you’ll need is the xpub/zpub for each of the three keys?
Also, wouldn’t storing these xpub/zpubs together (which may pose a privacy risk) pose a security risk? For example, store xpub/zpub for all 3 keys on an encrypted SD card using each of the 2 seed plates. If someone can somehow gain access to the seed plate (very unlikely, given the strong physical setup, but worst case), would they have access to 1 of the 3 seed phrases and also access the 3 xpubs/zpubs? This will prevent those people from accessing my BTC, but I can still access it and use it (transfer it to another wallet) when it becomes clear that one of my seed phrases may be compromised.
You want to make sure you’re not shooting yourself in the foot by using a more elaborate setup than standard refrigeration. In fact, I think the chances of making a mistake setting up a multi-signature solution and having standard cold storage compromised are exponentially higher.