 JP asks, my wife and I are currently working on a multi-signature setup to avoid the $5 wrench problem, but also make it available for our potential heirs. We've been thinking a lot, and the setup is almost overwhelming. It feels like our heirs will have to go on a Robert Langdon treasure hunt to get our savings. In order to also keep it secure while we're still alive, what would you suggest for people trying to set these up? Corvimos adds that, I like to add this question. I have a treasure on a ledger, I see that an electron client has the ability to do multi-signature setup with hardware wallets. Is it possible and or more secure to use both of these devices with that client? Would this simplify things for JP's scenario? First of all, a quick explanation. The $5 wrench problem comes from a XKCD and a Randall Monroe's comic. Instead of using a multi-million dollar supercomputer to break an encryption code, you take the $5 wrench and hit the person who has the password until they tell you what the password is. The basic idea is that security can be broken very cheaply through coercion in many cases, and you have to take that into consideration. One of the ways to protect yourself against coercion is to remove control over the keys from your own access. Basically, remove yourself so you don't have access to your cryptocurrency. Multi-signature is one way to do that if there's a two or three scenario. Another way to do that is to use cold storage that you don't have access to. In order to access the cold storage, you'd have to travel to another country and go into a heavily protected fold. Obviously, this depends on how much cryptocurrency you have and what risks you're taking, but there are all kinds of scenarios there. I think multi-signature is a good solution, but you have to be careful not to overly complicate things. As Corbimoss, the second commenter on that question, said, multi-signature works very well with hardware wallets, so you can use hardware wallets to generate seeds. You can then write the backups down on paper and store those somewhere safely, and use the hardware wallets to compose a multi-signature address. A two of three is a common standard. If you want to keep as close as possible to the standard using Bip39 for your mnemonic phrase, Bip32 for your hierarchical deterministic wallet, that's exactly what Electrum will do with the multi-signature address. I would recommend in that scenario that you don't add past phrases to the mnemonic phrase, because it's unnecessary to add that extra layer of security when you already have a two or three scheme. Whereas if you had a mnemonic phrase that in itself gave you full access to the funds, a single key solution, I would probably add a past phrase. In a multi-signature address, I would probably not add a past phrase. I would also suggest that one thing you can do is, if you can't afford to buy three hardware wallets, you can generate a mnemonic phrase on a hardware wallet, wipe it, and then generate another mnemonic phrase. You could create a two of three scheme where two of the keys were on hardware wallets and live, effectively, where you can do transactions easily. The third key was only stored as a mnemonic phrase and kept offline at all times. You could even do that where all three of the keys are in cold storage. All three of the mnemonic phrases only exist on paper. In order to access this multi-signature address, you have to initialize a hardware wallet, create a transaction, and sign it. Then re-initialize the hardware wallet with a second phrase, and counter-sign that transaction. For further reading, my business partner, Pamela Morgan, has written a book called Crypto-Assets Inheritance Planning. One of the challenges with balancing security with inheritance for heirs has to do with a lot of the practical issues of aligning your legal and technical plan and keeping things very pragmatic and very straightforward. That's a useful guide, a very practical guide, to how you actually get that done. You may find that useful. Can you give us some of your thoughts on Rubber-Hose Crypt Analysis? Yes, absolutely. Rubber-Hose Crypt Analysis, or the $5 wrench problem, as it's known, is the fact that it comes from a cartoon from XKCD, Randall Monroe. If you haven't seen XKCD, it's fantastic, very insightful, hilariously funny. It's a two-panel cartoon, and the first panel is, he's using 128-bit encryption. How are we going to break it? Do you have a quantum computer? The second panel is, no, I have a $5 wrench. The implication is, you just beat the person until you get their password. This is a problem in cryptography. This is a problem in digital currencies. The problem is that if you actually control your money fully, and you're walking around with access to enormous amounts of money on a bearer instrument that has irreversible transactions, that makes a very appealing target. The first thing you can do is reduce your control. The way you can do that, probably one of my favourite approaches, is to use multi-signature technology to diversify the control to the point where you, individually at any point in time, have a minority control stake that cannot be used to transfer money, unless some other people who are very suspicious of urgent requests are involved. The correct answer is, listen, here's a key, you're going to hold this. If I ever call you, and I tell you I need you to sign within 24 hours, call the FBI, I've been kidnapped. You do not sign any request without a 30-day cool-off period. That's a better security mechanism. Now, you also need something to sweeten the pot. The thing you do to sweeten the pot is, you do carry a small amount of cryptocurrency on you anyway, petty cash, your wallet, in order to run a business or do some operational spending. You sacrifice that, and you present the attacker with a very simple, greedy solution, which is, sure, you could try and go that route, where they will call the FBI, because I don't really have control or access to that money, or there's this nice little pot right here that you can walk away with right now, and hope that that works. And it has to be real. You have to really not be able to transfer the money, otherwise you will be coerced. It's not an easy problem to solve, which is why I said the concept of be-your-own-bank has a level of audacity in it. Inheritance problems and possible multi-sig solutions. Regarding inheritance problems and multi-sig solutions, is there a way to be fully in control of your Bitcoin without having to trust any possible heir, and still give your heirs full control of your Bitcoin after you died? I'm thinking the best inheritance solution would be a setup that fulfills these requisites, that the money can be moved either by a one-of-one simple signature, or by some kind of multi-signature scheme. And the only way to move the multi-signature is to move to a second address, also controlled by the one-of-one simple signature, with a time lock, etc. The scheme you're describing, Camille, is a combination of what's called time locks and covenants. The problem is, covenants don't exist yet on Bitcoin. A covenant is a type of Bitcoin script that restricts where you can spend the money to, as in where is the next transaction going to. It allows you to have a template that says, you can spend this, but only if you pay it to this kind of address with this kind of signature scheme. Lookup covenants, very interesting developments, mostly used for vaults, but you can imagine them being used for this kind of inheritance scheme that you're talking about. Essentially, the idea is you can have the heirs spend with a multi-signature, but the way they spend it gives the actual owner an opportunity to take the money back within a period of time. There are different constructs that can look a bit like payment channels, effectively, that allow you to create a refund transaction that comes back to you, if the money is spent by your heirs before you actually die. You can also create other scenarios like this, like a dead man switch. The truth is that today's scripting capabilities, even more complicated and flexible models like Ethereum smart contracts, are not ready to be tested with inheritance-level smart contracts. The reason for that is multi-fold. First of all, even if you could implement such a scheme, you would have to implement such a scheme without any bugs, without any possibility of vulnerabilities in the underlying protocol, in the mechanism of multi-signature, of covenants, of smart contracts, etc., allowing someone to attack that scheme. As we've seen, even as recently as the parity multi-sig hack, the technology is not yet mature. Secondly, this technology would not only need to be mature today, it would need to remain secure for the kind of time frame we're talking about, an inheritance. An inheritance, you're not looking at a six-month, one-year horizon. You're looking potentially at decades, so putting a solution in place that lasts for decades. Third, it requires a very high technical burden of knowledge by the heirs. The heirs need to not only understand key management and how to generate and secure keys, but also how to recover these keys and these complex scripts you've created, and how to manage these smart contracts and deal with the life cycle issues, all of which is far beyond the capability of 99.99% of heirs, even holders, with today's technology. You're asking the heirs to do this, especially since the heirs just lost the one person they relied on to be the expert who is you. The owner invariably is the greatest expert that all of the heirs know. What do they do? They go on Reddit and start shopping for an expert to help them unravel the scheme you've created, at which point they get massively defrauded by some scammer. At the moment, inheritance and cryptocurrency is much more an issue of human-based processes and controls. You can use some technology, absolutely need to have a technical plan. If you only have a legal plan and you have processes to control access, physical access to vaults and keys, perhaps legal access through executors and lawyers, you have that legal plan in place, but you don't have a technical plan, your cryptocurrency is going to be lost. If you have a technical plan, but you don't have a legal plan, there's a good chance that there will be a contradiction between what you built and what the law allows in your jurisdiction, which will lead to lawsuits after you die, and protracted legal fights between your heirs. At that point, the lawyers get all the money, so you've effectively created a smart will that turns all of your inheritance over to the lawyers because of a fight that breaks out after you die. That careful balance between legal and technical plan and the much more simple practical measures you need to take in order to ensure inheritance are actually the topic of a book written recently by Pamela Morgan, who is my partner at Third Key Solutions. I was the technical advisor on that book. If you're interested in exactly covering these scenarios, why you should and shouldn't use smart contracts, how you combine multi-sig storage locations, legal and technical plans, and how you balance all of these things to create a pragmatic solution. There's a lot of resources on her website anyway. I'm not going to promote her book, but the bottom line is that this is a topic that is much more complex than you can simply solve with technology, because it has that nasty factor that we cannot avoid. That's the human factor. When it comes to inheritance, the human factor becomes almost as ugly as when it comes to divorce. People get greedy, they get petty, and fights break out. You can't know how your errors are going to respond if they suddenly inherit a large amount of money. Keep it simple, my friend. I think that's the best answer I can give you, and look for practical solutions. This may be crossing boundaries a little bit, but I want to ask a little bit about what Pamela was thinking. One of the system killers that I see that prefers me every day, holding cryptos, is caring about my family. The inheritance issue is a big, big deal. We have no idea what happens if there's forking, initial state divergence, creation of coins. What happens at the end of our generation, and when do we start thinking about it at this time to secure this being more than a single generation effort? Yes, that's a great question. I won't speak for Pamela's work on this space. She's done her own work, and it's great. I think the bigger picture here is the responsibility and burden that comes with owning your own keys. I did talk about this recently. The very concept of being your own bank is terrifying to most people. Arguably, most people will choose to keep at least one intermediary. That doesn't mean we failed. Even if we eradicate most intermediaries and only keep one, if we need to have some custodians to help us with some functions, that's not a complete failure. But to me, it's somewhat of a failure, so I want to find ways to improve that experience. We have to do a lot more work. Part of that work is education, like Pamela Morgan's are doing, or by many other authors today, but also people who are working on wallets, user experience, and making technology better. Keep in mind, we're making tremendous progress. When I first got into this, in order to be able to hold my bitcoin, I had a stack of 150 paper wallets that I had to carefully back up and curate, because each one had a separate, unique generated key. Now that's replaced by one mnemonic phrase of 24 words, and I'm done, and not only that, but it's holding ten different cryptocurrencies, not just one. So we're making progress, but it's still not easy. Here's the other thing that I'm going to throw in there, just as a little somewhat cheeky response. Part of the reason that cryptocurrencies are undervalued today is because it's so hard to do this stuff. So the reason I was able to buy cryptocurrencies at $10 in 2013 or 2012 was because it was even harder. As it got easier, more people can do it. It's more expensive. Meaning that, effectively, the effort you put in to overcome the very difficult barriers of adoption, which at that point were, I'm going to send a wire transfer to a company in Japan through a 7-11 money order in order to get some magic internet beans that then I have to store on a number made of 58 alphanumeric characters that I probably have to print out, because if I don't have a physical copy, it's probably going to melt away with my computer during the next Windows upgrade. What was that worth? $3 bitcoin is what that was worth. So the question you have to ask yourself is, when it gets easier, how much did you miss out on? One way to look at it is that, which is a bit greedy, of course. It's like, okay, so I put in the extra effort, and this is really very unfair, because it tilts the Gini coefficient. It means that we are already building a massive imbalance in the ownership of wealth in these cryptocurrencies based on who has the technical literacy, numeracy, and access to technology to do these things, and that's a problem. Another way to look at it, however, I think is a bit more optimistic, and that is that the creators of the technology that improves that experience can be funded by that difference in price. Meaning that if it's the mid-2000s, or if it's the mid-90s, and no one can find anything on the internet, and then a company comes along and builds a search engine that's better than the 21 search engines that came before it, that company can then continue to improve that technology and benefit to the order of almost a trillion dollars. So they get funded by solving a pain point. So if you're an entrepreneur, you look at these problems in Bitcoin. How do we inherit? How do we store? How do we securely transfer? How do we explain? How do we hold? And you think, okay, how much is it worth to solve that problem? And it's not because I'm going to gain that and become silly rich. It's because if I know how much it's worth to solve that problem, I can front-load that as the present cost of value, and say, therefore, it is worth me investing this much at this risk premium today to solve that problem. And so I'm going to take an entrepreneurial risk. I'm not going to take a nice comfy job with a law firm that pays me a six- or seven-figure salary with a bonus, so I can kiss ass with some asshole in a suit for a year. Instead, I'm going to live frugally and write a book on how to do crypto inheritance planning. Thank you, Pamela.