A basic principle in understanding wallets for your digital assets is custody.
Before explaining custody let´s talk about private keys – read this great explainer.
A private key is a 256-bit number that can be represented in several ways like a hexadecimal number or 64 characters, but there are also smaller formats as seen in the explainer article.
When BIP-32, HD (Hierarchical-deterministic) wallets became a thing back in 2012, things became easier for the regular user instead of generating keys for transactions and not being able to have a watch-only wallet. HD wallets made it possible to generate unlimited private and public keys from an extended key. This meant you after the implementation could have more addresses connected to the same masterseed. Read more here BIP-32. There have been some problems but they got fixed, read BIP-44, BIP-49 and BIP-84.
You can make your own random private key, by tossing a coin or use a generator. Read more here
The private key is Important since it gives the owner complete control over their digital assets on a specific blockchain address. To execute crypto transactions, you need the private key.
A private key is needed to create a public key and hereafter a Bitcoin wallet address – see more here.
Public keys can be shared with others, so they can send BTC to your wallet or check your BTC balance. Private keys should NEVER be shared since they gain total control over the funds associated with them.
Note: You cannot derive the private key from the public key even though they are cryptographically linked – Read more here (remember that BTC have moved from ECDSA to Schnorr signatures):
Most people will deal with a seed phrase to access their BTC wallet. A seed phrase represents the private key in an easier-to-manage format. The seed phrase will access/restore a BTC wallet, the wallet can contain thousands of private keys.
You don´t need a seed phrase if you have the private key, but seed phrases often make things easier if you have BTC placed in different wallets under the same Masterseed or if you often need to move assets instead of using the 256-bit number.
Remember a seed phrase, a recovery phrase and a mnemonic phrase is considered the same thing.
A seed phrase is often 12-24 words. A 12-word seed phrase is often considered fine regarding security and is easy to remember. A 24-word seed phrase contains more combinations and therefore has a higher level of security.
With BIP-39 you can actually generate a mnemonic phrase. This is generated from these 2048 words. – Many wallets use this format for making a seed phrase to backup the private key/s.
Let´s talk custody.
In Bitcoin there is no customer service, no support team or online database, so this puts responsibility on users of the network. As an individual you are in total control of your private key/s and seed phrase and if you lose it, you have lost your funds, so you got to back it up.
Remember that: A seed phrase gives access to all private keys in a wallet. A private key only gives access to one crypto account. A private key is concealed inside your wallet, but your seed phrase is managed by you. If you lose your seed phrase to anyone they will have access to your assets and you should consider them gone (but the transactions can be tracked).
Some people don´t like this aspect, so they use a centralized custodian to help managing their private key/s.
See the differences in this table:
Custodial wallet | Non-custodial wallet |
A custodial wallet holds your private-key/s. | With a non-custodial wallet, you are in control of the keys. |
You don´t have full ownership and someone can move your digital assets. | You have full ownership, only you can move your digital assets. |
You depend on a third party. | You depend on yourself (self-custody) and your hopefully good backup strategy. |
Examples of what can go wrong with a custodial wallet:
- You put your Bitcoin in a Centralized exchange (CEX) and get interest for your Bitcoin or leverage the BTC. Many examples have shown this is often not a good idea. Centralized protocols have not used full reserve principles and often heavily leverage or mingle with peoples funds.
- You put your Bitcoin in a centralized Bank or exchange (CEX). If the bank or exchange collapse often your funds do as well. Many banks are still not working out of a full reserve principle and often leverage investments.
- You put your BTC in a browser or web-based wallet. You are not in control of your keys since they are hold by a third party + hackers easier can hack a wallet connected to the internet.
- You put your Bitcoin in a hardware wallet with a recovery email, so they have your private-keys/s and KYC data. You’re not in full control of your coins.
- When you buy into an ETF. A third party holds your key/s which make it less flexible and you have no direct control of your digital assets.
Not your private key/s, not your coins.
Non-custodial wallets
There are different forms of self-custody and wallets for this, but first of all – Start by not having your private keys or seed phrase online.
Having your keys online is a massive attack vector and security risk. The best way is to use cold storage in some form for bigger amounts of BTC aka decoupled from the internet and no keys stored in mails or in the cloud. Some go even further and have different levels of cold storage to increase security – Think about air-gapped devices and good old sneakernets.
Examples:
- The Best solution is to download a full node so you can verify all the rules of Bitcoin (All transactions, verifies transactions, accepts blocks and broadcasts), to check if you have received coins. – here you are directly linked to the bitcoin p2p network and download the full blockchain.
- A Lightweight wallet don´t verify all the rules of Bitcoin(Block headers), so there are a number of security downsides, but is sometimes used for smaller amounts of BTC.
NB: For Lightning Network (LN) it is also recommend to download a full node to verify transactions, not for all transactions like in the Bitcoin Network, but the ones interacting with the node. With a LN Node you also have full custody of your BTC and contribute to the network + you can route payments and earn Sats.
You still need to protect your seed phrase. Some protect their seed phrase with a passphrase.
Different wallet types
Cold storage offline wallet:
The cold wallet generates and stores private keys on an offline air-gapped pc. Payments are received online with a watch only wallet. Unsigned transactions are generated online, transferred offline for signing. The signed transaction is transferred online for broadcasting to the BTC network. It´s non-custodial so you have to back up the seed phrase.
Multisig wallet:
A multisig (multisignature) wallet is a wallet with 2 or more private keys and seed phrases. So, to access or send BTC from a multisig wallet +2 private keys need to be entered instead of a singlesig wallet. This is often used by people who like higher form of security like businesses or couples and is one of the building blocks of Lightning network (Lightning payment channel). Many provide solutions like 2-of-3 multisig (Multisig m-of-n). It´s non-custodial so you have to back up the seed phrases. You could go deeper and look at collaborative custody with multisig.
Hardware wallet:
A hardware wallet is a flash drive-like device HD-wallet designed to store BTC. The physical device stores the private keys offline and approve transactions when connected to the internet and the blockchain. They can be connected via Bluetooth to your phone or via desktop application. It´s non-custodial so you have to back up the seed phrase. Often people will enable a pin or passphrase to their hardware wallet.
Mobile wallet:
A mobile wallet is a HD-wallet which generate private keys stored on your phone. It´s non-custodial so you have to back up the seed phrase. These wallets are convenient when using Bitcoin on a daily basis. The most advanced wallets connect to Lightning network.
Desktop wallet:
A desktop wallet is a HD-wallet which generate private keys stored on your host computer (desktop/laptop). It´s non-custodial so you have to back up the seed phrase. These wallets often offer more security than mobile wallets.
Paper wallet:
A paper wallet is a wallet where you write down your private key, public key and Bitcoin address on a piece of paper. You would probably need a Bitcoin wallet generator like this in some form if you don´t want to calculate by yourself. BIP-38 change things so it became possible to add a passphrase to Bitcoin private key, read more here.
Paper wallets are vulnerable and do not tell about how much BTC you have received, here you need wallet software in some form. It is a decentralized way to store your BTC, but not that safe for beginners.
Metal case:
A metal case is a way to store seed phrases, passphrases etc. You will imprint/write your secrets in steel, which is fire and water proof. This mean you have a solid backup that will be hard to destroy. People use these in many different ways for the all-mentioned wallets but also in complicated systems to increase security with a physical secure offline option.
Encrypted storage:
Encrypted storage comes in many forms, but here you see examples of making private keys based on real physical things, so you eg. via a photo can access your seed phrase or private key. Institutions also make algorithms to store private keys in different secure ways. You will see private keys and seed phrases incorporated in all sort of things the more secure the better. Some use biometric secure warehouses and different techniques even to get to the big vault that secure the seed phrase/s, others will implement a chip, make a multisig wallet with seed phrases placed in outer space for back up, use biometrics etc.
How do people do?
Always consider you own security, it´s okay to be a little paranoid about your money. Start by thinking about what you want. Do you want to have a little BTC to buy a whisky or a mocktail, maybe consider getting a Lightning wallet. A wallet with self-custody so you own your keys. If you are a larger buyer, think about what you want with your investment. Always think about a backup plan for your relatives if something should happen for you. With a private non-custodial wallet your seed phrase is your money, if you die and nobody know about your seed phrase the money will be “frozen” in the Network.
Remember there are many ways to secure your BTC and you will find a good way or you should talk to a pro.
For big spenders you will often see 50/50 storage (offline/online).
The bigger the amounts of BTC the more sophisticated systems for securing BTC private keys, seed phrases and pass phrases.
Example: 6 wallets in different layers from hot to colder. You could have 3 hot wallets, with each 2-4-7 % BTC reserve. 3 cold wallets with 17-25-45% BTC reserve.
If the 2% wallet gets drained because you are on a spending spree then you will use the 4% and then to 7%. Some will have much lower margins.
You run into a problem. You need to spend more, but to get more you need to get your cold wallet with 17% BTC reserve. This wallet is not connected to the internet so BTC will need to be moved from a clean external pc or hardware wallet to the hot wallet. You would fill up the 2% wallet and then move on if more BTC is used for refill. The second cold wallet with 25% BTC reserve would be stored even colder maybe using multisig and multiple devices. The third cold wallet with 45% of the BTC reserve use even more sophisticated methods to make sure nobody enters the biggest reserve.
People often make systems an automate them, so their hot wallets can automatically work in order of % of reserves and also refill in proper order. Rebalancing wallets or making more wallets is also things to consider. Some also use time-locked contracts like PTLC and HTLC in their systems.
Note: Printers and other online apparatus connected to devices with BTC wallet/s is potential attack vectors. Being online is dangerous. You would not walk around with all your physical cash on the street, like you would not have all your Bitcoin online in the same wallet.
If you sell or buy big amounts of BTC, you will make smart strategies to build a wallet system that is secure and working.
Extra
You should maybe get a short arm human centrifuge it seems healthy.
Some still think BTC is not trusted money see here, BIS like mBridge.
Powered by BTCPayWall