Bitcoin Q&A: Key management and inheritance planning
Articles Blog

Bitcoin Q&A: Key management and inheritance planning

J.P. asks, “My wife and I are currently working on a
multi-signature setup to avoid the ‘$5 wrench problem,’ but also make it available for our potential heirs.” “We have been thinking a lot and the setup is almost
overwhelming; it feels like our heirs will [be] going on… a Robert Langdon treasure hunt to [access] our savings,
and also keep it secure while we are still alive.” “What would you suggest for
people trying to set these up?” [Someone] adds, “I have a Trezor and a Ledger. I see the
Electrum client has the ability to do multi-sig setups… with hardware wallets; is it possible and / or more
secure to use both of these devices with that client?” “Would this simplify things for the for J.P.’s scenario?” First, a quick explanation: the ‘$5 wrench problem’ is
from Randall Munroe’s XKCD comic: [“538: Security”]. [He] said that instead of using a multi-million
dollar supercomputer to break encryption, [a villain would] take a five dollar wrench and hit
the person until they tell you what the password is. The basic idea is that security can be broken
very cheaply through coercion in many cases, and you have to take that into consideration. One of the ways to protect yourself against coercion
is to remove control over the keys from yourself, so you [alone] don’t have access to your cryptocurrency. Multi-signature is one way, in a 2-of-3 scenario. Another way is to use cold storage that
you don’t have [immediate] access to. where you [must] travel to another country,
go into a protected vault, or something like that. Obviously, this depends on how much cryptocurrency
you [own] and what risks you [are willing to take], but there are all kinds of [key management] scenarios. I think multi-signature is a good solution, but you
[must] be careful not to over-complicate things. As the second commenter on that question said,
multi-signature works very well with hardware wallets. You could use hardware wallets to generate seeds, write
the backups on paper, and store those somewhere safe. Use the hardware wallets [with a client like Electrum]
to compose a multi-signature address. A 2-of-3 is a common standard. You [should
stay] as close as possible to the standard: using BIP-39 for your mnemonic phrase,
BIP-32 for your hierarchical deterministic wallet. That is exactly what Electrum
will do with a multi-sig address. In that scenario, I would recommend that you
don’t add a passphrase to the mnemonic [seed], because it is unnecessary to add that extra layer
of security when you already have a 2-of-3 scheme. If you have a mnemonic [seed] that, [by] itself, gave you
full access to the funds, I would add a passphrase. In a multi-sig [scenario], I would
probably not add a passphrase. I would also suggest that, if you can’t afford to buy
three hardware wallets, you can generate the [first]… mnemonic phrase on [one] hardware wallet, wipe [the
device], then generate [the second] mnemonic phrase. You could create a 2-of-3 scheme where one or two
of the keys are on hardware wallets, effectively live… where you can do transactions easily, and the third key
was only stored [on paper] as a mnemonic seed, kept offline at all times, [not instantiated on any device] You could even [keep] all three of the keys in cold
storage [as] mnemonic [seeds that] only exist on paper. In order to [spend from] this multi-sig, you [must]
initialize a hardware wallet, create a transaction, sign it, then re-initialize the hardware wallet [with]
the second [seed] and countersign that transaction. For further reading, if you want to look into this:
my business partner, Pamela Morgan, has written… a book called “Cryptoasset Inheritance
Planning: A Simple Guide for Owners.” One of the challenges with balancing security and
inheritance for heirs, [involves] practical issues… [with] aligning your legal and technical plan,
keeping things very pragmatic and straightforward. That [book] is a useful guide on how you actually
get that done, and you may find it useful. [AUDIENCE] Can you give us some of your
thoughts on rubber-hose cryptanalysis? [ANDREAS] Yes, absolutely. Rubber-hose cryptanalysis,
or ‘the $5 wrench problem’ as it is known from… the XKCD comic [by] Randall Munroe — if you haven’t
seen XKCD, it is fantastic, insightful, and hilarious. [“538: Security”] is a two-panel cartoon. In the first panel, [Cueball and a friend want to
access a laptop] using [4096-bit] encryption. [“Let’s build a million-dollar cluster to crack it.”] In the next panel, [Cueball says, “Drug him and hit him
with this $5 wrench until he tells us the password.”] The implication is that, [instead of using expensive
tools], you just beat the person [to] get their password. This is a problem in cryptography and digital currencies. If you fully control your money and walk around with
access to enormous amounts of money [in the form of] a] digital bearer instrument [with] irreversible
transactions, that makes for a very appealing target. The first thing you can do is reduce your control. Probably one of my favorite approaches is using multi-
signature [schemes], diversifying control to the point… where you individually have a minority control stake
that cannot be used to [unilaterally] transfer money. Other people, who [would be] very suspicious of
urgent requests [to do transfers], are involved. “Listen, here is a key. You will hold this. If I ever call
you and say that I need you to sign [a transaction]… within twenty-four hours, call the FBI —
because I have probably been kidnapped.” “You do not sign any request [for a transfer]
without a thirty-day cooling-off period.” That is a better security mechanism.
[But] you also need something to sweeten the pot. You [probably] carry a small amount of cryptocurrency
(petty cash) on you anyway, to run a business… or do some spending; [be able to] sacrifice that and
present an attacker with a very simple, greedy solution. Sure, [they] could try [accessing more, but] they will call
the FBI, because I don’t have access to that money. Or there is this nice little pot right here,
that [they] can walk away with right now. Hope that [offer works] works. It has to be real and
you [must] really not be able to transfer the money. Otherwise, you will be coerced [more].
It is not an easy problem to solve, which is why I said that the concept of
“be your own bank” has a level of audacity in it. “Inheritance problems and possible multi-sig solutions.” “Regarding inheritance problems and multi-sig solutions,
is there a way to be fully in control of your bitcoin… without having to trust any possible heir, yet still give
your heirs full control of your bitcoin after you die?” “I am thinking the best inheritance solution
would be a setup that fulfills these requisites: the money can be moved either by a 1-of-1 signature,
and / or by some kind of multi signature scheme.” “The only way to move the multi-signature [funds] is to
[transfer them] to a second address, controlled by… the 1-of-1 simple signature with a time lock etc.” The scheme you’re describing is a combination
of timelocks and covenance [scripts]. The problem is, covenants don’t exist yet on Bitcoin.
A covenant is a type of script that restricts… where you can spend money; as in
[what the destination address is]. It [is] a template that says: ‘You can spend this, but only if you [send] it to this kind
of address, or with this kind of signature scheme.” Look up “Bitcoin Covenants”, a very interesting
development [that will] mostly be used for vaults, but you can imagine them being used for this
kind of inheritance scheme you’re talking about. The idea is, you can have the heirs spend within a
multi-signature, but the owner has an opportunity… to take the money back within a
period of time [if they are still alive]. There are different constructs that can do that,
which effectively look like payment channels, [where] you create a refund transaction
[that transfers the funds] back to you… if the [heirs try to spend] the money
before you actually die. You can create other scenarios, like ‘dead man’s switch.’ Today’s scripting capabilities, even with more
complicated and flexible models like Ethereum, are not ready to be [used] with
inheritance-level smart contracts. The reason for that is multi-fold. Even if you could implement such a scheme,
you would [need] to do it without any bugs, without any possibility of [serious]
vulnerabilities — in the underlying protocol, in the multi-signature mechanism, or for covenants —
that would allow someone to attack that scheme. As we have seen recently with the Parity multi-sig hack,
the technology is not yet mature [enough]. This technology would not only need to be mature today,
but would need to remain secure for a [long] time frame. We are talking about an inheritance; you are
not looking at six months or one year horizon. You are potentially looking at building a
solution that [needs to last] for decades. It requires a very high burden of technical knowledge
by the heirs, who need to understand key management, how to generate, secure, and recover keys [within]
these complex scripts that you have [set up], how to manage smart contracts,
and deal with the lifecycle issues. All of which is far beyond the capability of 99.99%
of heirs and even holders, with today’s technology. You [would be] asking heirs to do this especially
[when those heirs] just lost the one person… who they were [probably] relying on to be
the expert [in cryptocurrency matters]: you. The owner, invariably, is the greatest expert that
these heirs know. What [will] they do [when you die]? They go on Reddit and start shopping for an expert
to help them unravel the scheme you have created; they [could] get massively defrauded by some scammer. At the moment, inheritance and cryptocurrency is
more of a human-based issue, with [legal] processes. You can [and] need to have a technical plan. If you only have a legal plan in place [for access to]
vaults and keys through executors and lawyers, but you don’t have a technical plan,
your cryptocurrency [will] be lost. If you have a technical plan, but you don’t
have a legal plan, there is a good chance… there will be a contradiction between what you built
and what the law allows in your jurisdiction. [Contradictions] will lead to lawsuits after you die, even protracted legal fights between your heirs,
which means lawyers [will] get [most of] the money. You effectively created a smart will that turns
all of your inheritance over to the lawyers, because a fight breaks out after you die. That careful balance between legal and technical plans, the simple and practical measures
you need to take to ensure inheritance, are the topic of a book written by Pamela Morgan,
who is my [business] partner at Third Key Solutions. I was the technical adviser on that [book].
If you are interested, it covers these scenarios: why you should or shouldn’t use smart contracts;
how you [can utilize] multi-sig; storage locations; how you balance legal and technical
plans to create a pragmatic solution. There are a lot of resources on her website.
I will not promote her book [any further now]. The bottom line is, this topic is much more complex
than [what] you can simply solve with technology. It has that factor we cannot avoid, the human factor;
in inheritance, [that can] become as ugly as a divorce. People get greedy and petty, fights break out. You can’t know how heirs will respond [when]
they suddenly inherit large amounts of money. Keep it simple, my friend. I think that is the best answer
I can give you. Look for practical solutions. [AUDIENCE] This may be crossing boundaries
a little bit, but I want to ask about Pamela’s work. One of the systemic [problems] that I see, that occurs
to me every day while holding cryptocurrencies, is caring for my family and the
inheritance issue, which is a big deal. We have no idea what [will] happen [to our coins]
if there is forking or nation state [attacks]. What happens at the end of our generation?
What do we need to start thinking about, at this time, to secure [these assets], in a [multi-generational] effort? [ANDREAS] That is a great question. I won’t speak
for Pamela’s own work in this space, which is great. The bigger picture here is [a sense of] responsibility
and burden that comes with owning your own keys. I did a talk about this recently. The very concept
of “be your own bank” is terrifying to most people. Arguably, most people will choose to keep at least one
intermediary. That doesn’t [necessarily] mean we failed. Even if we eradicate most intermediaries and only
keep some custodians to help with some functions, that is not a complete failure to me,
but that is somewhat of a failure. I want to find ways to improve that experience.
We [must] do a lot more work. Part of that work is education, with books like
Pamela Morgan’s and many other authors today. Also, people who are working on wallets
and making user experience better. Keep in mind, we’re making tremendous progress. When I first got into [Bitcoin], in order to hold my bitcoin,
I had a stack of a hundred and fifty paper wallets… that I [needed] to carefully backup and curate
because each one had a separate, unique key. Now, that has been replaced by one mnemonic
phrase of twenty-four words, and I’m done. Not only that, but it can hold ten different
cryptocurrencies instead of one. We are making progress, but it’s still not easy. Here is a little, somewhat cheeky
response that I will throw in there. Part of the reason that cryptocurrency is undervalued
today is because it is so hard to do this stuff [right]. I was able to buy [bitcoin] at [less than] $10
in 2012 because it was even harder [back then]. As it [became] easier and more people [could buy
and use] it, [bitcoin] became more expensive. Meaning that, effectively, the more effort you put in to
overcoming these very difficult barriers to adoption… [In 2012, they] were, ‘I must send a wire transfer
to a company in Japan in order to [buy] some… magic internet beans, and then I have to store them
on a number made of 58 alphanumeric characters.’ ‘I probably have to print out [the private key],
because if I don’t have a physical copy, it will probably melt way with my computer
during the next Windows update.’ [Laughter] What was that worth? A $3 bitcoin
is what that was worth. [Laughter] The question you [must] ask yourself is: when it
gets easier, how much did you miss out on? That is one way to look at it, which is a bit
greedy of course. I put in the extra effort. It [seems] very unfair, because it tilts the Gini coefficient. It means we already have an imbalance in wealth. Ownership in these cryptocurrencies is [very much]
based on who has the technical literacy, numeracy, and access to do these things. That is a problem. However, another way to look
at it is a bit more optimistic: the creators of technology which improve [user]
experience can be funded by that difference in price. [Imagine] it is the mid ’90s or the mid-2000s.
No one can find anything on the internet. Then a company comes along and builds a search
engine better than [all] the other search engines… that came before it; they can then continue to improve
and benefit to the order of almost a trillion dollars. They get funded by solving a pain point. If you’re an entrepreneur, look at these problems
in Bitcoin: how do we store [it], how do we inherit [it]? How do we explain [it]? How do we hold [it]? Then you think, ‘How much is it worth to solve
these problems?’ It is not about becoming silly-rich. If I know how much it is worth to solve that problem,
I can front-load the present cost on its [future] value. [I can say], “Therefore it is worth [it for] me to
invest this much at this risk premium today… to solve that problem [tomorrow].” “I [will] take an entrepreneurial risk, not a nice comfy job
with a law firm that pays a six-figure salary and a bonus, just so I can kiss the ass of
some asshole in a suit for a year.” “Instead, I [will] live frugally and write a book
on how to do crypto inheritance planning.” Thank you, Pamela. [Laughter] [Applause] You

22 thoughts on “Bitcoin Q&A: Key management and inheritance planning

  1. For inheritance, why not just using a time lock transaction? If the tx is timelocked of a year, or two, you just have to double spend it every year (before it becomes valid) and update the will transaction every year while you are still alive. When you die, they just need to wait for the timelock expire and broadcast the tx. You can be sure that each heir will receive exacly how much you wanted. And the best part is: you get 80 characters for you last words to be recorded on the blockchain, forever.

  2. If there is a way for YOU to get the money, there is a way for the WRENCH to get the money. No way around it. You moved your control to 2 parties? Good, we'll buy 2 wrenches.
    The inheritance problem is also really easy; cryptocurrencies will be long dead before you are. So don't worry about it ;).

  3. Brother. It's not unfair in a free world. Nothing will ever be even. That's communism, and unless it's a "benevolent" robot, then it ain't possible, even if money disappears

  4. The $5 wrench problem may be the thing that prevents truly widespread adoption of crypto. It has to be solved before people will feel safe. There are just too many ratfuck bastards out there with wrenches. I guess everyone will need to carry a wrench, or a Glock.

  5. Please talk about bitfinex and tether manipulating market. If you believe in bitcoin that much, talk about scammers. Everyone listen to you Andreas, make a statement. Please.

  6. A digital trust fund scenario could provide a simple approach to many of the inheritance issues noted here. Access could be granted while all parties are alive. The amount of funds controlled by the inheritor would be ramped up programmatically.

  7. Hi Andreas, thank you for all your work in this space but i have lost $100K of my cash not some silly profit but hard earned pennies.
    I can not see this market recovering due to self interested parties have sucked it dryer than a crisp. It's Empty.

  8. Pryvate are adding a "Smart-Will" to their platform and a simplified free version to their wallet called a "Dead-man-switch".

  9. I gave my sister a picture of half my 24 word seed phrase and told her if I die, come search my house for the other half of the seed to come claim my money and use it for funeral expenses and whatever else.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top