Let’s say that you no longer trust your currency exchange to host your Bitcoin wallet and you don’t trust a Trezor or Nano hardware wallet. You don’t trust your memory and you don’t trust your kids. And you certainly know better than to keep your wealth in your PC or phone. That would be downright crazy—right? What can you do?!
A growing number of people are printing paper wallets. It is the ultimate form of security. Some individuals even delete their cloud wallet, leaving everything to a string of hex characters or a QR code printed onto a slip of paper. (NB. You had better be certain that you and a few trusted individuals know how to find that piece of paper!)
But here’s an interesting mystery. If you print the paper wallet off-line and delete your other wallets, then how can the blockchain ‘know’ that you have changed wallets? The short answer: It doesn’t and you haven’t!
Let’s explore a bit deeper…
- The deed to your house is stored and maintained by a registry. It is housed in a court house or other government building.
- With a bearer bond, a certificate in your possession is the actual item of value.
But, in both cases, the fact that you made a photocopy of your deed or corporate bond is not of any consequence to others. It is the same with a Bitcoin wallet. In this case, the ownership record is neither in a government warehouse nor in your possession. It is crowd-sourced.
Printing out a paper wallet does not change your wallet ID. The paper wallet is simply another method of storing and retrieving the proof that you own a part of a mathematical solution set—That is, you know the solution to a problem.
Your paper wallet is just a copy of the keys to your wealth. You may choose to destroy the other keys, that’s your business. No one knows or verifies that you still have access to your stored secret or how you stored it. It’s up to you to maintain access to the keys. The blockchain only records a transfer of ownership from one wallet to another at the time of a payment transaction.
Got it? I hope you like the metaphors. I am fairly proud of myself for this explanation.
Ellery Davies co-chairs CRYPSA, publishes A Wild Duck and hosts the New York Bitcoin Event. Last month, he kicked off the Cryptocurrency Expo in Dubai. Click Here to inquire about a live presentation or consulting engagement.
Got it! So….. would one want to keep this paper wallet in a bank safe deposit box? Or, some other safe place? How much of a decentralized purist would you recommend for effective bitcoin security measures? Since we are required to travel extensively for business which leave the home empty… any suggestions other than a bank safe deposit?
Actually, I am not a “decentralized purist”. I have endorsed and used a custodian for both my wallet and, I currently don’t even have the private keys to my coins.
Of course, with a paper wallet, a custodial relationship makes no sense. After all, a paper wallet is the embodiment of taking your keys into your home and making them into something physical. So, your question is certainly valid.
I suggest this process:
1) Print out your public & private key pair. Put that slip of paper with the documents that your heirs will receive at the time of your demise. If you are not absolutely certain that the box cannot be invaded before your incapacitation and that it will be discovered, then SKIP this first step. In either case, this is only the beginning of protecting your assets!…
2) Use Veracrypt, OpenPGP or 7-Zip to encrypt the hex strings (or a photo of the wallet QR codes). Use a password that you can never forget, but that no one else can guess.
3. Upload the encrypted file to every cloud service you use. Don’t worry about cloud account security. Your security is end-to-end and baked into the encryption method that you choose. Be sure that you have no remnant of the file on your PC or mobile devices (plain or encrypted). If you created them on a device, you must be certain that there is no online cache, image or ghost.
4. Here comes the fun part. I call this “Poor Man’s Multisig”
Encrypt the file with every “x” permutation of “y” signatures, where x is the minimum number of friends required to unlock the file and y is the total number of friends that you will give access. For example, you might want to give your heirs the ability to access your wallet if any 3 of 7 people collude.
With PGP, you can roll this into one encrypted file. With Veracrypt, WinZIP or 7-Zip, it requires a bit more creativity on your part.
I won’t get into fancier/more complex access algorithms here, but with Smart Contracts, they are certainly possible. For example, you could permit access to wealth if the following conditions are met:
3 of 7 friends combine their passwords
—or— only 2 people, if one of them is your daughter, Susan
BUT ONLY IF: You have not accessed your assets for 6 months
AND ONLY IF: It is later than March 2025
BUT NOT IF: The amount of money in your wallet has a value less than $1,000.
(In that case, the value is divided between your daughter and your favorite charity)
5. Finally, leave additional notes with your valuables, insurance documents and other personal papers that point your executor or heirs to the encrypted files.
The above series of steps is only a summary. It does not convey the very serious process of ensuring that your wallet can never be hacked by a Trojan or key-logger. It leaves many questions unanswered. It is only a discussion point and a starting point.
Ultimately, the entire process must be baked into trusted, open source products and services built upon a core of best practices. In my opinion, that day is not yet here—but it will arrive soon.
~Ellery