Prerequisites
This piece will give an overview of what is required for a Bitcoin multisignature (multisig) setup. It is recommended for readers to understand where they fall in the hierarchy of bitcoin storage levels from the 6 Levels for Storing Your Bitcoin post. Once you are comfortable with transferring funds from exchanges, setting up and storing funds in mobile wallets, desktop wallets, and hardware wallets, multisig will be much more straightforward.
What is a hardware wallet?
Before understanding what multisig is, we need to know what a hardware wallet is. A hardware wallet is a small plastic device (most of the time will include a small screen) made for the sole purpose of storing the keys or seed phrase to access your bitcoin. As a single function device, it is much less likely to have vulnerabilities that a multi-use device (computer or smartphone) are susceptible to. Many people use hardware wallets for the convenience of creating multiple accounts and generating new public wallet addresses for each transaction. Hardware wallets never connect to the internet and cannot be hacked remotely. An attacker would have to be physically present with the device in order to attempt a breach and even then it is highly unlikely they will be successful.
Types of hardware wallets to use for multisig
What is multisignature?
Multisignature (multisig) is a storage setup for accessing bitcoin funds that require multiple signatures to do so. It is possible to use software wallets and a 1-2 or 2-2 set up, but for our purposes, we will cover a 2-3 hardware wallet set up. Rather than have one seed or key to access funds, multisig requires multiple keys to execute a transaction. As an example, if we are to use a multisig setup with 3 signatures, we may use 2 of the 3 devices in order to access the funds within the account. You may think of this configuration as a contingency plan in case one device is lost or compromised. There are a number of combinations to consider but the other popular multisig ratio would be 5 devices with 3 keys needed to sign a transaction.
Setting up multisig
Step 1- Set up all three hardware wallets
You may use three hardware wallets from either the same or different manufacturers. As long as you are able to store each seed phrase in a safe and secure location, the multisig setup will work with any combination of hardware wallets you choose. Setup for all hardware wallets is generally the same:
- Make sure the hardware wallet packaging is not tampered with.
- Connect your hardware wallet device to a clean computer that is not compromised by viruses.
- Follow the prompts on the hardware wallet screen and computer. For some hardware wallets, you may have to download the manufacturer’s desktop app for setup. Other hardware wallets may only require you to use a web browser.
- You will be prompted to write down the seed phrase (at least twice). Never type your seed phrase onto a computer (unless you are using a verified desktop app to recover a wallet).
- Repeat the above process for each of the remaining devices.
Step 2- Download your chosen desktop wallet app for multisig
When configuring a hardware wallet, the manufacturer’s desktop app (bridge) or web browser is also needed for basic setup. These desktop interfaces generally do not have a multisig feature. For example, Trezor requires users to download other desktop wallets like Electrum for multisig. You may also use these desktop wallets with Ledger, Coldcard, and KeepKey rather than the standard desktop interface.
Why do I need a desktop wallet?
Although a desktop wallet is unnecessary for setting up multisig (BlueWallet may also be used), this guide will use a desktop wallet downloaded onto a computer. You may think of your desktop wallet as an interface to manage all of your devices (signatures). If you do not have access to or have not received your hardware wallet(s) yet, a desktop or mobile wallet is a convenient alternative. Be aware that there are various security drawbacks for using a desktop or mobile application as your main bitcoin wallet.
Steps for desktop wallet
- Download your chosen desktop wallet.
- There will usually be an option for what type of wallet you wish to create. Multisig should be one of the available options.
- Select the number of devices (3) and signatures (2) required for accessing funds.
- Initialize all three devices with the desktop app. This will essentially require you to connect each device to the computer and confirm that you have access to each one.
Types of desktop wallets to use with hardware wallets
Step 3- Using multisig
- After creating a backup of all three multisig master public keys (one for each device), it must be stored on an external storage device (SD card or hard drive). If any one of the devices are lost, the three backups will allow you to restore your multisig wallet. Be sure to keep them in a safe and secured location.
- Receiving funds are similar to using one hardware wallet. After generating a public address, you may then receive funds from an exchange or another wallet to this address.
- Sending funds are also similar except that you will need confirmation to send funds by signing with two devices instead of one. Any combination and order for signing the transaction will suffice.
Pros
- Total control over your funds.
- You have the ability to send and receive bitcoin any day or time because the Bitcoin network operates 24/7 while exchanges or custodians are down periodically for maintenance and other reasons.
- More secure than using a single device IF setup and managed properly.
- Chances of funds being compromised or devices being hacked are minimized to a greater degree.
- Need two signatures from two out of the three devices in order to send funds.
- If funds need to be stored for a group or business, multisig helps ensure trust is achieved between multiple parties. Funds cannot be sent or initiated without the knowledge of all parties involved.
- One can use a multisig wallet set up to store keys with trusted family members or trusted third parties such as ones lawyer so that they can work together to recover the wallet should
Cons
- May overcomplicate the storage process for some people.
- Learning curve is higher than storing funds with a single device or custodial platform.
- Process for transactions is slower than using a single device.
- Inflexible to change if multiple parties are involved. If one person or party in the arrangement must be replaced by another, not only does the device they control need to be wiped, but the configuration for multisig must be reset from scratch.
Risks
- Forgetting or losing the seed phrases to two or more of your devices is possible but less likely than with one device.
- If a person or party is removed from a multisig arrangement, they may have records of the addresses used for the funds. Even if these funds are moved, they are still able to track where those funds are sent and stored.
Best practices
- It is always best to have a dedicated computer specifically for using your Bitcoin wallets. Laptops are fairly inexpensive now and this method will reduce the chances of malware contaminating the machine. This is an option to consider once you are more comfortable with setting up and using multisig.
- Store your cold storage devices and seed phrases in separate and secure locations. Make sure they are accessible when needed.
Custodial services
For some people, it makes sense to have a multisig setup with custodial services so that the process is streamlined and in some cases, even safer than setting it up by yourself. Companies like Casa will provide multisig solutions for a monthly fee that is billed annually. Please be sure to read the terms of agreement if you are considering a custodial option.
Tip: Using multisig without hardware wallets
It is possible to have a multisig setup without having to use hardware wallets. With desktop wallets like Electrum or Specter, one would be able to create a seed phrase for wallet A and then store that seed phrase (ideally on paper or other non-digital materials). A master public key will then be generated for wallet A. This process will then have to be done two more times for wallets B and C. The three seed phrases must then be assigned for multisig to generate a receiving address.
Whichever method you decide to choose for storing your bitcoin, be sure to practice and give yourself enough time to become comfortable with the setup. Rushing the storage process could lead to losing funds and making mistakes. If you are able to, use the Bitcoin testnet network where you do not have to worry about losing funds during practice. If you decide to practice with real bitcoin, be sure that it is an amount that can be easily replaced.
Remember that it is still fairly early in the Bitcoin space. The number of people who own bitcoin is still very small while the amount of people who store their bitcoin in cold storage is even smaller. These skills will become very handy in the future when individuals and companies require Bitcoin storage methods for their own reserves.
FAQs
1. What are the costs to set up multisig?
This depends on which route you decide to go with your multisig set up. If you do not already have a computer, you will need one along with purchasing 3 hardware wallets. If you already have access to 3 computers, you may use those as your wallets and save money. Just be aware that it is much safer to wipe each computer before setting up your multisig.
2. Can I use multisig with three hardware wallets that are not from the same manufacturer?
Yes, you will be able to use multiple hardware wallets from different manufactures. For example, if you have 1 Trezor wallet and 2 Coldcard wallets, you will be able to set up multisig. You may do this in any combination that works best for you.
3. Is multisig safe?
Yes. Multisig is safe as long as you have the backups for your seed phrases and master public key stored in a secure location.
4. How does inheritance planning work with multisig/cold storage for Bitcoin?
This will also depend on your current situation. You may have to teach your next of kin the process for using your multisig and leave detailed instructions. The other option is to use a custody service like Casa to help with the logistics of transferring ownership.
5. Can I customize the number of hardware wallets?
Yes, you may customize the number of hardware wallets. Most multisig setups require 2 signatures from a total of 3 hardware wallets but you may also do a 3-5 ratio or another combination. Hardware wallet ratios may be configured in the desktop wallet.
6. Why should I use Testnet coins (TBTC)?
Testnet is an alternative Bitcoin block chain that is only used for testing. You are not required to use Testnet but it will help you become more comfortable with multisig features.
7. How do I get TBTC for testing?
https://testnet-faucet.mempool.co/
https://bitcoinfaucet.uo1.net/