Multisig options and their security implications?

I'm considering upping my opsec. Currently holding in hw cold storage, single sig + passphrase.

I get the gist of how multisig works and already did a couple of test runs, everything fine in practice. But I'm not able to answer one question that I have. Assume I want to make use of 5 other locations/parties to store the fragments. I could accomplish that in different ways, here are some examples:

Option 1: 2 out of 2 Multisig. Keep #1 and give a copy of #2 to each of the other parties.

Option 2: 6 out of 10 multisig. I keep 5 fragments, each of the other parties receives a dedicated fragment.

Option 3: anything in between the two (or use even more fragments.

Option 4: Any of the above, but use a different passphrase with the fragments for each of the parties. (Have not tried this yet, but if I understand correctly its possible)

Please let me know of other viable alternatives.

2/2 is obviously the least hassle to work with over 6/10 in the event of recovery. Initial setup as well, but I consider the setup time less important. 6/10 would allow recovery even if I lose up to 4 fragments while the other parties have not lost their parts.

Any combination where the other parties can get enough fragments without me is not acceptable (3/6 for example).

Are there any security aspects to consider between these options? Are there significant differences? If yes, what are they? If not, why not?

2/2 seems to be effectively what I have now. I could give everyone the seed but keep the passphrase for myself. Am I missing something here?

I'm a techie but not deep enough into the cryptography field to judge this myself (yet) but would like to understand this, also on a technical level.

Any links to sources outlining the differences are welcome.

Thanks in advance

submitted by /u/Pasukaru0
[link] [comments]

Leave a Reply

Your email address will not be published. Required fields are marked *