Multi-vendor Multi-sig + Sparrow Wallet: One of, if not the best, self-sovereign solutions to self-custody
There is a lot of fear around setting up a multi-sig wallet. Whether it’s the setup itself or the fear of restoring the wallet from scratch, it can be intimidating to move from single sig into the wonderful world of multi-sig.
But it’s worth it.
As your stack grows to be a more and more substantial part of your wealth, so will the fear of losing your stack via a single point of failure with single sig.
I know that there are ways to create redundancy and security with single sig (e.g. SD card wallet backups, multiple seedphrase locations, passphrases). But I would argue that if you are willing to create redundancy and extra security with single sig, you already have the motivation (and likely the technical expertise) to move to multi-sig.
So enter multi-vendor multi-sig + sparrow.
First, why multi-sig in general? There are two major compelling reasons for multi-sig 1.Redundancy from single key loss or theft (this one is obvious). 2. Plausible deniability in a $5 wrench attack. This second one was the main one that made me move to multi-sig. In the ever increasing world of data leaks and KYC, it has become almost impossible to stay incognito as a bitcoiner. Having multi-sig makes the effort to physically coerce you so much more difficult if an attacker has to transport you to another location (especially if it’s a public place, like a bank security deposit box). And as multi-sig becomes the norm, then physically coercive attacks become less tempting as a whole in the space.
Second, Sparrow wallet makes multi-sig setup a breeze. To start, it’s open-source. The UI is so much more user friendly than electrum and it automatically prompts super important steps (like downloading the backup script to restore the wallet). It has been formatted to work seamlessly with almost all the major hardware wallets.
Finally, why multi-vendor multi-sig? Why not just 3 coldcards in a 2-of-3 setup or 5 trezors in a 3-of-5 setup? By creating a setup where no vendor has a quorum of keys (e.g. 2 coldcards, 2 bitboxes, 1 trezor), you remove that tiny little worry that one of the companies could be malicious and has somehow gotten your keys (either via a USB connection or incomplete entropy at key generation). Or that you’ve been the target of a supply chain attack. Technically, you should even be able to trust closed source hardware wallets (e.g. ledger) in a setup like this. Still recommending open source though, as a matter of principle in the bitcoin space.
However, if you go down this route, these are the absolute imperatives to setting up a multi-sig wallet:
1. YOU MUST BACKUP YOUR WALLET AND STORE A COPY OF ALL THE XPUBS (preferably in both electronic and physical form). If you need to restore your wallet from scratch, you will need the xpubs of ALL the keys, not just a quorum. This is by far the biggest pitfall of multi-sig. Luckily, Sparrow prompts you to create this backup at the time of wallet creation.
2. At least 1 (preferably all) of your hardware wallets needs to be able to verify the multi-sig wallet (including the XPUBs) of ALL signers ON THE DEVICE. I won’t go into too much detail, but malware could insert additional cosigners at the time of wallet creation, so you need an external validation of the wallet setup. Hardware wallets that I know can do this from personal experience are bitbox, coldcard, and foundation passport. I’m sure there are others but I can’t speak to those.
3. This applies to both single and multi-sig, but you should always verify send and receive addresses on the hardware device itself. I will plug for foundation passport on this one. They make receive address verification via QR code very streamlined.
There’s a lot more to the actual use of multisig, including using PSBTs with certain hardware wallets, but these actually don’t differ from single-sig, other than having to do it multiple times rather than just once per transaction.
I could go on and on about other aspects (2-of-3 vs 3-of 5, storage location of keys, seedless setups), but this post is getting long. If you are interested in seeing sparrow in action with multi-sig, here’s a great video that finally prompted me to go with Sparrow: [https://www.youtube.com/watch?v=qJ_SpQX_YKw](https://www.youtube.com/watch?v=qJ_SpQX_YKw) (Multisig starts at 25:04).
This is what I use. For hardware wallets, I use coldcard and bitbox. And I also have a node running.
Complexity is the enemy of security.
I was just talking about this yesterday with someone on here in a different sub. I’m really liking sparrow. I’m leaning towards multi with unchained at this point.
How many pairs of eyes are reviewing the Sparrow code?
Seems like only 1 guy is writing it…