SafeBits

Bitcoin Safe & Self-Custody Tips

SafeBits, MultiSig for Self-Custody Protocol

Introduction

This protocol provides a comprehensive guidelines and framework for organizations of any size to establish secure multisignature Bitcoin self-custody solutions using Bitcoin-Safe. Based on best practices from established protocols like Cerberus, BTCGuide, and Glacier Protocol, this framework has been adapted to leverage Bitcoin-Safe’s desktop wallet and Nostr-based remote signing capabilities.

This protocol currently combines the strongest security practices from three established Bitcoin security protocols:

  • Glacier Protocol: Known for its mathematical verification and high security for large holdings
  • Cerberus Protocol: Focuses on hardware security with modern tooling
  • BTC Guide: Emphasizes accessibility and integration with current Bitcoin ecosystem

Throughout this document, steps are marked with:

  • [ALL]: Common to all three protocols
  • [G]: Specific to or emphasized in Glacier Protocol
  • [C]: Specific to or emphasized in Cerberus Protocol
  • [B]: Specific to or emphasized in BTC Guide
  • [NEW]: New recommendations based on current best practices

Phase 1: Preparation

1.1 Environment Setup

1.1.1 Secure Location [ALL]

  • Choose a private location free from electronic surveillance
  • Ensure the location has no cameras or listening devices
  • [G] Consider electromagnetic shielding if handling extremely high-value wallets

1.1.2 Hardware Acquisition [ALL]

  • Purchase new computing hardware from reputable vendors
    • [G] Two laptops or computers for quarantined operations
    • [C] At least one computer for air-gapped operations
    • [B] Computer sufficient to run wallet software
  • Purchase hardware wallets:
    • [C/B] Minimum 3 hardware wallets, ideally from different manufacturers
    • [ALL] Verify hardware wallet authenticity upon receipt

1.1.3 Software Preparation [ALL]

  • Download required software from official sources:
    • Operating systems:
      • [G/B] Tails OS
      • [C] Ubuntu LTS
    • Bitcoin-specific software:
      • [G] Bitcoin Core
      • [C/B] Electrum, Specter Desktop, or Sparrow Wallet
  • [ALL] Verify software authenticity:
    • Check PGP signatures
    • Verify checksums from multiple sources
    • [G] Compare checksums on multiple devices

1.1.4 Air-gapped Environment Creation [ALL]

  • [G] Physically remove wireless cards from quarantined laptops
  • [G/B] Boot operating system with networking disabled
  • [ALL] Verify network disconnection:
    • Confirm no network interfaces are active
    • [G] Use external verification tool to confirm no signals

1.2 Essential Supplies

1.2.1 Key Material Recording [ALL]

  • [G] Acid-free archival paper
  • [G/B] BIP39 seed phrase recording cards
  • [C] Metal backup solutions (Cryptosteel, Billfodl, etc.)
  • [ALL] Permanent ink pens (archival quality)

1.2.2 Physical Security [ALL]

  • Tamper-evident bags or security seals
  • Waterproof and fireproof storage containers
  • [G/C] Faraday bags for device storage
  • [ALL] Safes or secure storage locations

1.2.3 Entropy Sources [ALL]

  • [G] Casino-grade dice (at least 5)
  • [C] Hardware random number generator (optional)
  • [B] Hardware wallet built-in entropy

Phase 2: Key Generation

2.1 Entropy Generation

2.1.1 Entropy Method Selection

  • [G] Dice rolling procedure (100+ dice rolls recorded)
  • [C/B] Hardware wallet internal entropy
  • [NEW] Combined entropy sources for maximum security

2.1.2 Entropy Documentation [G]

  • Record entropy generation process
  • Verify entropy quality (statistical tests)
  • Protect entropy records from observation

2.2 Key Creation

2.2.1 Key Generation Approach

  • [G] Software-based key generation using recorded entropy
  • [C/B] Hardware wallet key generation
  • [NEW] Consider hybrid approach for highest security needs

2.2.2 Verification of Key Material [ALL]

  • [G] Mathematical verification of private key validity
  • [C/B] Test signatures with generated keys
  • [ALL] Record public keys and verification data

2.3 Multisignature Setup

2.3.1 Multisig Structure Definition [ALL]

  • Determine M-of-N threshold requirements:
    • [G] Default 2-of-4 configuration
    • [C] Default 2-of-3 configuration
    • [B] Flexible based on user needs
  • [ALL] Document the chosen multisig structure

2.3.2 Multisig Script Creation

  • [G] Manual creation and verification of redeem script
  • [C/B] Software-assisted multisig wallet creation
  • [ALL] Record multisig wallet details (redeem script, derivation paths)

2.3.3 Receiving Address Verification [ALL]

  • Generate test receiving address
  • Verify address derivation on multiple devices
  • [G] Perform mathematical verification of address correctness

Phase 3: Backup Creation

3.1 Primary Backups

3.1.1 Seed Phrase Recording [C/B]

  • Write down BIP39 seed phrases
  • [C/B] Add optional passphrase protection
  • Verify seed phrase accuracy through reading back

3.1.2 Raw Private Key Backup [G]

  • Create QR codes for private keys
  • Print private keys with redundant encoding
  • Verify printouts are scannable and accurate

3.1.3 Metal Backups [ALL]

  • [C] Primary backup method using metal storage
  • [G/B] Secondary backup for disaster protection
  • [ALL] Verify metal backup accuracy

3.2 Secondary Backups

3.2.1 Distribution Package Creation [ALL]

  • Prepare instructions for each backup location
  • Include only necessary information for each location
  • [ALL] Create recovery instructions

3.2.2 Digital Public Key Backup [C/B]

  • Export wallet files containing only public keys
  • Create digital backup of wallet configuration
  • [C/B] Back up multisig coordination files

3.2.3 Emergency Access Documentation [G]

  • Create detailed inheritance instructions
  • Set up emergency recovery procedures
  • Document contact information for trusted parties

Phase 4: Security Implementation

4.1 Verification Testing

4.1.1 Test Transaction [ALL]

  • Send small amount to multisig wallet
  • Verify receipt on watch-only wallet
  • [ALL] Document the verification result

4.1.2 Recovery Testing [ALL]

  • Practice recovery procedures from backup materials
  • Verify ability to sign transactions with each key combination
  • [G] Document detailed recovery process

4.2 Physical Security

4.2.1 Backup Distribution [ALL]

  • Implement geographic distribution plan:
    • [G] Distribute backups to separate physical locations
    • [C] Use bank vaults and personal secure storage
    • [B] Balance security with accessibility

4.2.2 Tamper Protection [ALL]

  • Seal all physical materials in tamper-evident packaging
  • Record serial numbers of security seals
  • [G/C] Photograph packaged materials before storage

4.3 Access Control

4.3.1 Access Procedures [ALL]

  • Document who has access to each storage location
  • Implement dual control for critical storage locations
  • [G] Create comprehensive access logs

4.3.2 Emergency Access Protocol [G/C]

  • Define conditions for emergency access
  • Create verifiable authentication procedures
  • Document emergency contact sequence

Phase 5: Operational Procedures

5.1 Transaction Creation

5.1.1 Transaction Initiation [ALL]

  • Prepare transaction details in watch-only wallet
  • [G] Use cold storage calculator to determine appropriate security measures
  • Verify transaction details on multiple devices

5.1.2 Air-gapped Signing

  • [G] Transfer unsigned transaction via QR codes
  • [C/B] Sign transaction with hardware wallets
  • [ALL] Verify signed transaction before broadcasting

5.1.3 Broadcasting [ALL]

  • Broadcast signed transaction to Bitcoin network
  • Verify transaction inclusion in blockchain
  • Document transaction details for records

5.2 Security Maintenance

5.2.1 Regular Verification [ALL]

  • Schedule periodic checks of backup integrity
  • [G] Test recovery procedures annually
  • [C/B] Update firmware and software as needed

5.2.2 Protocol Updates [ALL]

  • Monitor for security vulnerability announcements
  • Update security procedures as best practices evolve
  • [G] Track protocol version used for each operation

5.2.3 Key Rotation Considerations [G/C]

  • [G] Define conditions requiring key rotation
  • Document key rotation procedures
  • Implement key rotation schedule for highest security

Phase 6: Advanced Procedures

6.1 Inheritance Planning

  • Create legal framework for Bitcoin inheritance
  • Document Bitcoin assets in estate planning
  • Ensure legal recognition of digital asset instructions

6.1.2 Inheritance Instructions [ALL]

  • Create simplified recovery instructions for heirs
  • [G] Implement dead man’s switch mechanism
  • [C/B] Consider assisted recovery services

6.2 Adversarial Considerations

6.2.1 Duress Protection [G]

  • Implement duress codes and procedures
  • Create decoy wallets if warranted
  • Document response to physical security threats

6.2.2 Plausible Deniability [G/C]

  • Consider hidden wallet capabilities
  • Implement information compartmentalization
  • [G] Create multi-level security access

Phase 7: Recovery Procedures

7.1 Standard Recovery

7.1.1 Key Reconstruction [ALL]

  • Procedures to recover from seed phrases/private keys
  • Wallet reconstruction steps
  • [ALL] Verification steps for recovered wallet

7.1.2 Transaction Creation Post-Recovery [ALL]

  • How to create transactions after recovery
  • Verification procedures for recovered wallet
  • [G] Full mathematical verification of wallet state

7.2 Emergency Recovery

7.2.1 Lost Key Procedures [ALL]

  • Document steps for accessing funds when one or more keys are lost
  • Implement recovery using remaining keys to meet multisig threshold
  • [C/B] Calculate security implications of reduced key threshold
  • [B] Transfer to new wallet setup with full key complement as soon as practical

7.2.2 Disaster Recovery [ALL]

  • Steps for recovery after natural disasters
  • [G] Waterproof/fireproof recovery materials utilization
  • [C] Metal backup recovery procedure
  • [ALL] Site-specific recovery considerations for each backup location

7.2.3 Compromised Key Response [ALL]

  • Immediate actions upon suspected key compromise
  • [G/C] Temporary funds-freezing procedures
  • [ALL] Emergency funds transfer to pre-established secure address
  • [G] Post-incident analysis documentation requirements

7.3 Inheritance Execution

7.3.1 Death or Incapacitation Protocol [ALL]

  • Heir notification procedures
  • [G] Authentication procedures for heirs
  • [C/B] Graduated access based on circumstances
  • [ALL] Legal documentation requirements for heirs

7.3.2 Multi-party Recovery [G/C]

  • Coordination procedures for distributed recovery teams
  • [G] Time-locked recovery options
  • [C] Trusted party verification protocol
  • [ALL] Communication security during recovery operations

Phase 8: Key Transfer Procedures

8.1 Planned Key Transfer

8.1.1 Transfer Triggers and Authorization [NEW]

  • Define conditions warranting key transfer (retirement, role change, security update)
  • Establish authorization chain for approving key transfers
  • Document verification procedures for transfer authorization
  • [ALL] Create transfer approval documentation template

8.1.2 Peaceful Transfer Protocol [NEW]

  • Pre-Transfer Preparation:
    • Schedule key transfer during low-risk operational periods
    • Verify availability of all required parties
    • Prepare new hardware and backup materials
    • [G/C] Pre-verify identities of all participants
  • Execution Process:
    • Gather required signatories in secure location
    • Generate new keys following Phase 2 procedures
    • Create new multisig wallet with both old and new keys
    • Transfer funds with M+1 signatures (where M is threshold)
    • [G] Mathematically verify successful transfer
    • [C/B] Confirm transaction on multiple devices
  • Post-Transfer Verification:
    • Test new wallet configuration with small transaction
    • Verify all backup materials are functional
    • Document completed transfer with signatures from all parties
    • [G] Securely destroy obsolete key material

8.1.3 Custodian Training [NEW]

  • Comprehensive knowledge transfer to new key custodians
  • [ALL] Protocol familiarization requirements
  • Hands-on emergency simulation with new key holders
  • [G/C] Security awareness training for new custodians
  • [ALL] Documentation review and acknowledgment

8.2 Emergency Key Transfer

8.2.1 Non-Peaceful Transfer Contingencies [NEW]

  • Scenarios Requiring Emergency Transfer:
    • Custodian becoming uncooperative or unreachable
    • Suspected insider threat or coercion
    • Legal disputes affecting custodian reliability
    • Unexpected custodian incapacitation or termination
    • [G] Response to potential duress situations
  • Emergency Authorization Procedure:
    • Define emergency approval threshold (e.g., board vote, designated security team)
    • Document evidence requirements for emergency transfer
    • [G/C] Third-party verification requirements
    • [ALL] Legal consultation requirements

8.2.2 Adversarial Transfer Protocol [NEW]

  • Custodian Exclusion Procedure:
    • [ALL] Transfer funds to pre-established contingency wallet
    • [G] Time-locked security measures activation
    • [C/B] Rapid key rotation with remaining custodians
    • [ALL] Legal documentation of uncooperative party exclusion
  • Security Containment:
    • Immediate revocation of access to all backup locations
    • [C/B] Physical security enhancement at storage sites
    • Change of access credentials for all related systems
    • [B] Temporary monitoring increase for affected addresses

8.2.3 Post-Adversarial Reconstruction [NEW]

  • Complete security review of all affected systems
  • [G] Full key-material replacement protocol
  • [C] Hardware replacement considerations
  • [ALL] Legal and compliance documentation
  • [ALL] Incident analysis and protocol improvement

8.3 Organizational Transition Management

8.3.1 Governance Structure Changes [NEW]

  • Procedures for adapting key custody during:
    • Mergers and acquisitions
    • Major organizational restructuring
    • Regulatory status changes
    • [G/C] Change in security posture or threat model
  • Transition Planning:
    • Security continuity requirements during transition
    • Staged transfer approach for minimal operational impact
    • [G] Mathematical verification of security maintenance
    • [C/B] Hardware and software upgrade coordination

8.3.2 Documentation Transfer [NEW]

  • Secure transfer of all protocol documentation
  • [ALL] Update authorized personnel listings
  • Transfer history and incident logs
  • [G] Protocol version control and update history
  • [ALL] Updated contact information and procedures

8.3.3 External Verification [NEW]

  • [G/C] Third-party security audit after major transitions
  • [ALL] Regulatory notification requirements if applicable
  • Attestation procedure for completed transition
  • [ALL] Update succession planning documentation

Phase 9: Protocol Maintenance and Evolution

9.1 Regular Review Procedures

9.1.1 Scheduled Protocol Audits [NEW]

  • Annual security review of entire protocol
  • [ALL] Update procedures based on evolving best practices
  • [C/B] Technology upgrade assessment
  • [G] Mathematical verification review

9.1.2 Threat Model Updates [NEW]

  • Regular reassessment of threat landscape
  • [G/C] Quantum computing readiness assessment
  • [ALL] Update security measures based on new threats
  • Protocol version control and changelog maintenance

9.2 Technological Adaptation

9.2.1 Bitcoin Protocol Updates [ALL]

  • Procedure for assessing relevance of Bitcoin upgrades
  • [C/B] Soft fork adaptation procedures
  • [G] Hard fork contingency planning
  • [ALL] Testing environment for protocol changes

9.2.2 Hardware and Software Evolution [ALL]

  • Criteria for hardware wallet replacement
  • [C/B] Software update verification procedures
  • [G] Legacy system maintenance considerations
  • [ALL] Cross-compatibility testing requirements

9.3 Knowledge Preservation

9.3.1 Documentation Standards [ALL]

  • Procedures for maintaining and updating all documentation
  • [G] Version control for all protocol documents
  • [C/B] Plain language summaries for key procedures
  • [ALL] Accessibility considerations for all documentation

9.3.2 Training and Succession [NEW]

  • Regular training schedule for all custodians
  • [ALL] Cross-training requirements to prevent single points of failure
  • [G/C] Security awareness updates
  • [ALL] Succession planning requirements for all key roles

Appendices

Appendix A: Key Transfer Checklists

A.1 Planned Transfer Checklist

  • Authorization documentation requirements
  • Pre-transfer security verification steps
  • Transfer execution procedure
  • Post-transfer verification requirements
  • Documentation and cleanup procedures

A.2 Emergency Transfer Checklist

  • Emergency authorization procedure
  • Security containment steps
  • Fund security measures
  • Documentation requirements
  • Post-emergency review procedure

Appendix B: Transfer Authorization Templates

B.1 Planned Transfer Authorization

  • Authorization request template
  • Approval documentation template
  • Custodian acknowledgment forms
  • Transfer completion certification

B.2 Emergency Transfer Authorization

  • Emergency declaration template
  • Expedited approval procedure
  • Evidence documentation requirements
  • Post-emergency reporting template