How Beginners Can Swim in the Deep End
Cold storage is the practice of keeping crypto assets in offline, yet accessible locations. Deep cold storage takes this concept to the next level for assets you plan on leaving untouched indefinitely — possibly until they’re passed down to your heirs. Because all you need for deep cold storage is a recovery phrase, what you’re left with if you don’t add some level of redundancy is an extremely important single point of failure. What deep cold storage does is protect the backup of your assets by helping you avoid having all your eggs in one basket.
Deep Cold Storage Practices
Deep cold storage is popular among Bitcoin maximalists who put a fixed amount of money into bitcoin every month, depositing it at an address and never transferring out. This kind of investor only needs to keep their address on-hand, while the wallet app used to generate the address can be deleted.
There are numerous methods you can use to store your recovery phrase. In general, redundancy is crucial to the security of your assets, but the more complex a storage scheme becomes, the more prominent the factor of human error gets. It’s important to choose a method that strikes the right balance for you.
It’s common practice to copy mnemonic phrases onto a piece of paper. However, paper can be easily lost or destroyed, so using metal storage products is a much safer way to store recovery phrases.
If you only store your recovery phrase in one place, it’s more likely to be lost in a disaster such as a fire or flood. However, if it’s stored multiple locations separated by distance, it’s much less likely to fall victim to unforeseen events beyond your control.
Suppose that a recovery phrase stored in a single location has a 1% probability of being stolen and a 1% probability of being lost in a natural disaster. If this phrase is instead stored in five separate locations, the chances of it being stolen increase to the probability of theft at any of the five locations. However, in order for the recovery phrase to be lost to a natural disaster, all five locations would have to be affected simultaneously. The following table demonstrates how these probabilities play out:
So while putting the recovery phrase in five separate locations almost guarantees your phrase will not be lost to natural disaster, it makes it 5 times easier for someone to steal.
Shamir’s Secret Sharing Scheme (SSSS) gets around the issue of increased vulnerability to theft with each redundancy by dividing secret information into n parts. Because a threshold of k out of n parts are needed to reconstruct the secret information, no single location is vulnerable on its own. For example, using SSSS to separate a backup into 5 separate parts located in 5 different locations, a threshold of information from 3 out of the 5 locations is needed to recover the keys. This practice results in a drastic reduction of the probability of loss due to theft:
While in theory the chances of destruction from a natural disaster notably increase, SSSS gives you very good practical odds against both loss from theft and disaster.
One fallacy of SSSS is its reliance on the assumption that if a backup is somehow compromised, the owner of the recovery phrase will be immediately aware and able to respond by transferring their assets. If the owner of the recovery phrase has no knowledge of the condition of their backups, the probability of total loss drastically increases due to situations in which parts are quietly lost one by one.
Since neglecting parts generated by SSSS after they have been hidden is risky business, they are best entrusted to professional services such as safe deposit boxes or even repurposed military bunkers. It’s rumored the idea of deep cold storage originated when a London bank began offering offline key storage solutions in multiple locations — presumably their vaults. However, these professional services charge a lot of money, with the London bank wanting 2% annually to underwrite any loss of assets. Meanwhile, distributing them among friends runs the risk of those friends colluding and stringing together the mnemonic to divide up the assets.
An solution to these pitfalls we came across through a friend in the industry consisted of the following:
- AES encrypting the recovery phrase
- SSSS dividing the AES decryption key into yubikeys distributed amongst several trusted friends in separate legal jurisdictions around the globe
- Surgically implanting AES encryption result under skin
Security expert Lance R. Vick (Twitter: @lrvick) uses AES encryption for his recovery phrase because it requires a two-factor process consisting of both the decryption key divided with SSSS and the encryption result to obtain the recovery phrase. So even if his SSSS parts collude against him to constitute the AES decryption key, they still need the AES encryption result that’s implanted under his skin. This solution is impressive not only because it avoids having a single point of failure, but because it makes it very difficult for the shared holders to collude against him because they also need the encryption result imbedded under the owner’s skin. Needless to say, surgically implanting an encryption result under one’s skin and involving trusted friends around the world in SSSS isn’t for everyone, and few have the resources or expertise to do it.
How Can the Average User Take Advantage of SSS?
Anyone without programming experience can do SSSS by making use of online tools such as this one. Like other SSSS tools, the n parts the secret information is split into and the threshold k required to reconstruct the information are at the discretion of the user. Be aware that it’s best practice to download such tools onto an offline computer rather than use their web-based versions.
However, using SSSS to divide a recovery phrase offline and distributing random strings geographically to several locations is a difficult approach to backing up your assets. For the average user, this level of difficulty makes it far more likely something will go wrong. Instead, what might be considered is to manually divide a 24-word mnemonic phrase into three parts containing 16 words, so that each part lacks 8 words that the others have. The 16-word mnemonics can be simply written on paper, but we advise storing them on metal tablets for a higher degree of permanence. Parts can be kept with your grandma, or put in secure locations you find reliable.
If a malicious actor gets ahold of one part, it’s hypothetically possible for them to brute force the remaining 8 words they need to complete the recovery phrase. But what would this look like in practical terms of how much they would have to invest?
The latest Antminer S17+ mining equipment has a hashing power of 73 TH/s and power consumption of 2920 W. At dirt-cheap electricity rates of around 5 or 6 cents per kilowatt hour, it would cost around 200 million dollars to run the 2⁸⁸ hashes required to brute force the remaining 8 mnemonic words (2⁸⁸/73/1,000,000,000,000/3600*0.4*2.92). The calculation method used here is based on the hacker having the 24th word, which means they will have the checksum of the entropy. If the hacker happens upon one of the backup parts that doesn’t get the 24th word, the difficulty of brute forcing the remaining 8 words would increase exponentially, such that ASIC miners would not even be sufficient to accomplish it.
Unless you’re storing over 200 million dollars worth of assets, it’s not cost-efficient for a cybercriminal to do anything if they come across one of the backup parts. With this storage method, the probability chart looks like this:
The same method is not safe to use with 12-word mnemonic phrases. If a hacker gets one backup part consisting of 8 words, they only need to crack 4 words, which an Antminer S17+ is capable of doing in just 0.24 seconds (2⁴⁴/73/1,000,000,000,000).
Don’t Neglect the Recovery Phrase
Cold storage is great for keeping your assets safe from online threats, but you could still lose everything if you don’t pay attention to how your recovery phrase is kept. While deep cold storage is often thought of as a security solution for institutions, elite investors, or cybersecurity professionals like Lance, the methods we demonstrated above provide anyone with the means of realizing it for their own recovery seeds.