Open in app

Sign in

Write

Sign in

Bitcoin Keys and How to Store Them

Vyryn
Coinmonks

--

Recently I was talking with a group about bitcoin, and key storage came up. One professional in the industry mentioned that the head of security of a major exchange taught him to split his key into thirds and store those thirds in separate places. Is this the best way to store your bitcoin?

It got me thinking. There are a lot of different ways to keep your keys safe, and many of them carry risks that newcomers to cryptocurrency may not fully appreciate.

If you’re only after recommendations, click here to jump to that section. For a visual comparison of options, click here.

Update 1/19/2021: The ‘advanced cold storage’ section originally described a generic advanced cold storage generation method. The Glacier protocol replaces it as a more thoroughly researched and effective advanced cold storage methodology.

Disclaimer: I hold bitcoin and multiple altcoins. This article was not sponsored by anyone. Contents are entirely based on my own research and opinions. If you are storing a substantial amount of funds, always obtain advice from multiple sources; this article is intended as general advice only.

What is a key and why do you need to keep it safe?

Bitcoin uses cryptography to prove ownership and secure transactions. Every fraction of a bitcoin in existence is assigned to a private key. A private key is a 256-bit number usually represented as 64 characters (0–9 and A-F). Private keys are usually derived from seeds, which are also very long numbers but are more commonly represented as 12-24 words to aid in human readability and backup. When you first receive bitcoin you’ll need to set up a wallet and will be asked to backup your seed (seed phrase, master seed, private key, recovery phrase — all of these are equivalent for our purposes), most commonly as 24 words. If you have a hardware device for storing your bitcoin, it is actually just a secure shell for protecting these 24 words from leaking out online or to a computer virus. Your recovery phrase is your seed, and put into a software wallet it would allow you access to those very same bitcoin.

So how secure is a bitcoin seed? If this one phrase is all my security depends on, it better be secure.

Yes, these seeds provide solid protection.

Cryptographers use ‘bits of security’ as a rough indication of how difficult it would be to brute force attack (randomly guess until you find the right answer) a cryptographic scheme. 64 bits of security means an attacker would have to try approximately 2⁶⁴ different seeds before they stumbled on the right one. 128 bits of security is widely considered the minimum for 2020–2030, and 256 bits is recommended for any application after 2030. Because these bits are a worst-case scenario for the attacker and attackers quite often have ways of slightly reducing it, the security needs to stay well ahead of currently achieved hacks. This Stack Exchange answer gives an idea of how long an attack would take on the world’s supercomputers. Basically, a decent home computer could crack 50 bits in an hour, anything less than 70 bits of security can be broken by a supercomputer in under a day, while the world’s computing resources could probably crack 100 bits in a year. If it seems implausible that massive computing resources might crack your key, consider multi-collision attacks; someone can crack every bitcoin addresses with less than 70 bits of security with one day on a supercomputer, about the same amount of time as to crack a single bitcoin address that secure. You really don’t want to use anything less than 100 bits because remember, this is a best case scenario.

A bitcoin seed is 256 bits of entropy, encoded using elliptic curve cryptography. This has roughly 128 bits of security. Great! It’s secure…when the attack knows nothing about your key. If an attack knows the first third — i.e. eight words — of your 24 word key, the unknown bit only represents 85 bits of security. If they know half your key, the unknown half only represents 64 bits of security. Its clearly important your *whole* key stays secret if you want to keep your bitcoin safe.

What if I lose my seed?

Your bitcoin is not stored in your wallet, be it hardware or software. Your bitcoin is stored on the ledger, and your seed provides ownership-level access to it. This provides an intuitive way of understanding why it is so important to back up your seed and not share it with anyone:

  • If you lose your seed and access to any wallet that’s already “logged in” with it, no one can recover your bitcoin. No one. There’s no “forgot password” link or recovery tool. It’s gone.
  • If you share your seed with anyone, they now own your bitcoin just as much as you do. You’ve effectively opened up a joint bank account with them that only requires one signature, and there’s no way to ever remove them from it unless you move all your bitcoin to a new account.

Now that we know why its so very important not to share your seed with anyone, we can go over some common ways to store your bitcoin and what advantages and disadvantages each offers.

Storing Bitcoin on an Exchange

You bought your first bitcoin, and its on the exchange. It would cost quite a pretty penny in transaction fee to move it to your own wallet, and besides that sounds complicated. It’s much cheaper and simpler to keep it on the exchange where it already is, right?

Sure, but it isn’t safe. An exchange is the least safe place to store your cryptocurrency. When you purchase bitcoin, you should immediately move it off of the exchange and into your own account.

Advantages to storing bitcoin on an exchange:

  • Quick access to your funds.
  • No need to pay a transaction or withdrawal fee to move it elsewhere.
  • Simple.
  • Little need to worry about losing your seed.

Disadvantages to storing bitcoin on an exchange:

  • Not your keys, not your coin. You’ve probably heard this phrase a lot, but it can’t be said enough. Whoever controls the seed we talked about before is the owner of your bitcoin as far as the world is concerned, and they can decide to lock you out at any time. Cryptocurrency is so new and unregulated that exchanges actually do steal customer funds and exit scam quite regularly.
  • Many exchanges use a fractional reserve system, meaning they don’t even keep all of your bitcoin, only some of it. If everyone tried to withdraw their bitcoin from the exchange, the exchange would not be able to pay up.
  • Exchanges are regularly hacked. Hundreds of millions of dollars in cryptocurrency are stolen from major exchanges every year. Some exchanges are able to recover much of the funds, and some are not. Following a hack, there is roughly coinflip odds that you’ll never see any bitcoin you had stored on the exchange again.
  • If your email is hacked or identity stolen, your bitcoin can potentially be compromised as well.

Do not keep your bitcoin on an exchange.

Furthermore, some “exchanges” do not allow you to withdraw at all. At the time of writing, this includes PayPal and Wealthsimple and likely others. I do not recommend ever purchasing cryptocurrencies on platforms like this, as there is no way to take ownership of your coins or know for certain if the “exchange” actually is actually even holding them for you. Some exchanges allegedly don’t hold hold some coins on behalf of their customers at all (Such as Crypto.com with all coins other than Bitcoin, Etherium, Litecoin, Bitcoin Cash and XRP).

Great. But where? how? How do I keep my seed safe?

The first option is a paper wallet. Remember how I said your bitcoin is stored on the ledger, and your seed provides ownership-level access to it? If you just write down a random seed, do some math to figure out its public address, and write that down too, you’ve created a paper wallet. To make sure you get the math right and get a truly random seed, you can and usually should use an application designed for the purpose. I’m not recommending any specific sources, but this website and this website both appear to be in good repute and straightforward to use. (Treat anyone who only recommends one specific source for something cryptographic with a grain of salt) You should be aware that paper wallets are not user friendly, and the first time you want spend your bitcoin you need to import it into a wallet, most likely compromising the offline security. Paper wallets are great for security, but are not for frequent use; they are for long term holding.

The number one priority with a paper wallet is to ensure you do not lose it. Make multiple copies and store them in separate, secure locations. Also consider getting a metal backup that is designed for this purpose; some backups are fire-resistant and corrosion proof, or offer other fancy features.

Basic Cold Storage

To generate a paper wallet with reasonable security, go to a generator website. Let the website load, then turn off your computer’s internet connection and wait a few seconds. Wiggle your mouse around until you fill up the entropy bar. It will generate a random seed from your mouse movements, make a QR code for it, calculate the public address, and make a QR code for that. Print the resultant page, clear your browser cache, and then turn your computer’s internet back on. If you do this, and as long as your computer is virus-free, you ensure your paper wallet was “generated offline” and never touched the internet. This is the simplest “cold storage” method and the minimum measures I would recommend taking, so we’ll call it Basic Cold Storage. Basic Cold Storage is likely fine for a very large, even life-changing amount of bitcoin, but I do recommend Intermediate Cold Storage if you have the technical knowhow and time. Note that cold storage entails a substantial risk of losing your key that should not be underestimated or dismissed.

Intermediate Cold Storage

For more secure paper wallet generation on windows without needing an air-gapped computer, download the website’s HTML by right-clicking and saving, reboot your computer into safe mode (without networking) or use a Linux boot drive, open the webpage you downloaded and generate your key, then remove temporary files and do a computer refresh. You should verify the source code of the key generation program you use, for example here or here. If you had up to date antivirus on your computer beforehand, you can generally trust this method with a life-changing amount of bitcoin. We’ll call this Intermediate Cold Storage. Note that cold storage entails a substantial risk of losing your key that should not be underestimated or dismissed.

Advanced Cold Storage (Glacier)

The highest level of cold wallet security you can achieve at home without advanced programming knowledge requires significantly more time and inconvenience. There is a specific protocol called Glacier that has been developed for storing very high amounts of bitcoin safely and eliminating single points of failure. If you want the maximum amount of security, follow it precisely. The only shortcut I would suggest considering is to use one set of quarantined hardware instead of two. Time commitment: at least 8 hours, likely 10. In practice, Glacier is a more extensive and thorough protocol than the measures many real exchanges and custodial wallets take; the giants of the industry who rely on their cold wallet security for hundreds of millions of dollars worth of cryptocurrency. Note that cold storage entails a substantial risk of losing your key that should not be underestimated or dismissed. Assuming you either personally inspect or do not use the Glacier script, Glacier is more secure than a hardware wallet (below) because it considers additional attack vectors including social engineering and coercion far more thoroughly. Note that cold storage entails a substantial risk of losing your key that should not be underestimated or dismissed.

I would offer an alternative to Glacier, but the best alternative protocol I found, Cerberus, doesn’t come close to the same thoroughness.

Tangentially, if you are an enterprise or hold thousands of bitcoin, Glacier should be where it begins, not ends. But at this point you really shouldn’t be taking key security advice from a pseudonymous person on the internet.

If even the basic paper wallet sounds too inconvenient. it’s okay. There are friendlier options.

Web/App Wallets and Desktop Wallets

Phone apps and websites for storing your bitcoin are a great step up from storing it on an exchange. They are usually very easy to use and not very inconvenient. Non-custodial wallets also provide a very large security jump from storing your bitcoin on an exchange. Be absolutely sure to back up your seed, as unlike a password there is absolutely no way to recover it if it is lost. That means that if your phone is bricked or stolen, your kid throws it in the toilet, you reformat your computer, or you forget an encryption password you have no way of ever getting your bitcoin back if you haven’t backed it up elsewhere.

There are a variety of apps for storing your bitcoin.

The first class of options are Custodial Wallets such as freewallet.org. These are like exchanges in how they store your bitcoin; instead of you having the keys, they keep the keys and you have a login username and password though their website or app. Custodial wallets come with few benefits and most of the same risks as exchanges, although they do usually have more auditing and/or transparency in how they hold your funds. I do not recommend a custodial wallet for anyone unless you, in your own personal assessment, do not think you can be trusted to keep your seed safe. Remember the adage, not your keys not your crypto.

The second class of options are Non-Custodial Wallets, also often called software wallets or hot wallets. Some of these are much more reputable than others. Some are open source, some are not. Some have great and sleek interfaces, some don’t. Some only store one cryptocurrency, some can store hundreds of different cryptocurrencies. They are simple to set up — just download an app on your phone or a program on your computer or navigate to a website, write down your seed, and deposit some bitcoin with a few taps. A great step up in security over leaving your coins on an exchange or a custodial wallet, these apps are great as long as you backup your seed safely and choose a reputable one. Desktop apps generally provide somewhat superior security to phone and web apps because they are usually under more scrutiny and the veracity of the build is easier to verify, but this is not a very large difference. Web apps are comparable to desktop apps in the level of scrutiny they receive but could potentially be running different code every time you load the website and are much more likely to require re-entering your seed for one reason or another, so on the whole are also slightly less secure than desktop apps. Reputable phone apps, web apps and desktop apps, collectively software wallets, are where the majority of people should keep their bitcoin for minimum hassle with decent security.

Popular software wallets which I am not recommending, but appear to be reputable options include:

Exodus — A popular Android, Apple store, and desktop app

Coinbase Wallet — A popular Apple store app (distinct from Coinbase exchange)

Mycelium — A popular shared source Android app

Electrum — An old and popular free software desktop app

Shared source means you can read the full source code and compile it yourself, but the license does not permit you to modify and distribute yourself. Free software means you can read and contribute to the full source code, as well as modify and distribute it. Open source is an imprecise term that could mean anything from free software to shared source, and so I avoid using it here for clarity. I use it elsewhere in this article to denote software that is at least shared source.

Hardware Wallets

The final option, and the one most often recommended for long term holders of large amounts of bitcoin, is a hardware wallet. These are small computers that store your seed securely and allow you to sign transactions offline without ever exposing your seed to the internet. They are somewhat inconvenient and you still need to make absolutely sure you back up your seed, but they are easier to use than paper wallets. They also generally cost $100-$200. Popular hardware wallets that I am not recommending but which appear to be reputable options include:

Coldcard — An old and reputable bitcoin-only hardware wallet with many advanced security features

Trezor — A hardware wallet compatible with a wide variety of cryptocurrencies

Comparison

Below is a chart that compares each storage option discussed above, as well as when I would recommend using them.

Comparison of cryptocurrency storage methods. Time commitment refers to initial set-up time, while inconvenience refers to ongoing inconvenience of using this storage method.

As you can see, I recommend app/desktop/web wallets for storing coin worth less than $10,000, and a paper wallet or a hardware device for more than that. I have marked hardware devices as less secure than Glacier because there are several social engineering and coercion based attack vectors Glacier mitigates that are not considered by a hardware device.

Also note that there is no compromise on the “risk of forget” — the risk of losing access to your seed because your backup is destroyed, inaccurate or inaccessible. Either it is low because you are storing your coins on an exchange or custodial wallet that has a “reset password” link, or it is high because your coins are truly your own. This is the biggest learning curve for cryptocurrency, and there are plenty of horror stories of even highly technically savvy people losing access to their seeds. If you are using a method on the list above which has at least “high” security, it is more likely that you will lose your seed than that your seed will be compromised. As such, the importance of backups can not be overstated.

Backups. How Many, Where, and How?

Generally, a good baseline is that you should have a full unencrypted backup of your seed in a safe.

Many people prefer a digital backup, storing their seeds in an encrypted file on a cloud storage provider or, more recklessly, only locally on their computer. This is not the best practice, but it is an option. If you choose to store your seed digitally, it should always be encrypted with a highly secure password… which, unfortunately, is therefore hard to remember. This is the problem, and even people who are very careful and tech savvy can forget their encryption password which, like the seed itself, can not be reset. Overall, an encrypted cloud backup is in theory a great way to protect against destruction, but it simply moves the risk to remembering a unique, strong password that can not be reset.

For similar reasons, it is not considered best practice to encode your paper backups in any way; you can forget the encoding, or even die suddenly and your heirs would be unable to ever access your bitcoin fortune. Best practice is that backups should be in plain text and offline.

Keep multiple backups. What would happen in the event of a housefire? What if your lawyer misplaces that envelope you entrusted to them? If you are storing a very large amount of bitcoin, a bank safe deposit box is a good option. However, the annual fee of a safety deposit box is likely to dissuade holders of only moderate sums.

If you want increased security, and don’t want just anyone who finds a backup of yours to be able to steal your funds, consider a multisig account. Multi-signature accounts require more than one private key to transfer funds. You can set up a two of three, three of five, or a four of seven multisig account, requiring two, three or four different keys used together to transfer funds. These specific configurations also provide redundancy, letting you lose one, two, or three of your keys respectively. A highly secure multisig backup would actually be as simple as giving seven keys to seven close friends or family members as “very important envelopes” for safekeeping. Should you wish to transfer funds, ask four of them for the envelopes back. No single one of them, or even three working together, could transfer your funds. And no single one, or even three of them, losing their envelope would render your funds permanently inaccessible.

Sometimes, people recommend splitting up your key into multiple chunks as a “simpler” multisig. However, as we discussed way back in What is a key and why do you need to keep it safe, this reduces the security of your key, and even one third compromised potentially opens you up to a brute force attack by a sufficiently determined attacker. On the other hand, compromising one key for a multisig account does not make a brute force any easier for the attacker. Additionally, if you do not have multiple backups of each chunk, the loss of any single chunk would make your bitcoin extremely difficult to recover; you would need to brute force attack it yourself. Overall, this method is not best-practice and if you are determined to split your key up then you should use a multi-signature account instead.

Recommendations

At this point you’ve heard a lot of don’ts and it is time for how I do recommend storing your bitcoin.

If you are seeking to store less than $10,000 worth of bitcoin:

Move your bitcoin to a reputable and open/shared source non-custodial wallet app like Electrum or Mycelium. Do not keep more than 2% of your holdings on an exchange for longer than 24 hours. Make at least three complete, printed backup copies of your paper wallet, and store them in three different physical locations.

If you are seeking to store more than $10,000 worth of bitcoin and plan to frequently access it:

Consider a hardware wallet. The $100-$200 investment may be worthwhile for its added security. If you choose not to use a hardware wallet, use a paper wallet for the majority of your funds and a reputable, open/shared source non-custodial wallet for the funds you use frequently. For backups, strongly consider metal backups that are resistant to fire and other threats, such as Billfodl or Cryptosteel — though you can likely save $100 and carve your seed into something metal yourself with a project knife and gain most of the benefits. Finally, if you do not feel comfortable leaving your full key in one place, use a three of five or a four of seven multi-signature wallet and back up the keys accordingly.

If you are seeking to store more than $10,000 worth of bitcoin and plan to access it very infrequently:

Use a paper wallet. Pick the highest security method described above that you feel comfortable with and have the time for. If you do not feel comfortable leaving your full key in one place, use a three of five or a four of seven multi-signature wallet and back up the keys accordingly.

If you are seeking to store other cryptocurrencies:

Nearly all the recommendations as above apply. However, you may have a hard time finding an open source multi-currency wallet as those are usually only created by profitable companies for whom releasing their software open source would substantially hurt their bottom line. Therefore, it is likely easier to achieve the desired level of security with dedicated wallets for each currency you wish to store large amounts of.

Final take-away:

There are a lot of different ways of storing cryptocurrency and a lot of specific considerations. But if you are reasonably diligent then the most likely reason for loss of funds is overwhelmingly going to be losing your keys. It is therefore a good idea to make multiple backups in multiple different places. If you want to avoid the multiple single points of failure this causes, use a multi-signature wallet.

Join Coinmonks Telegram group and learn about crypto trading and investing

Also, Read

Get Best Software Deals Directly In Your Inbox

--

--

Vyryn
Coinmonks

Written by Vyryn

12 Followers
Writer for

Vyryn is a software engineer in emerging technologies research, and Director of cryptomonKeys, freely distributed NFTs on Wax (Volunteer).