Bitcoin multisig in a pandemic
As COVID-19 continues to spread, Casa is preparing for disruption and dislocation that may impact our client base. While today we consider the probability of major disruption low, it's our responsibility to help our clients - and Bitcoiners generally - stay safe and plan ahead for all eventualities.
In this primer we’ll cover:
- How Casa’s resilient key system keeps you safe and enables flexibility
- Managing your hardware and documentation in a variety of situations
- Planning ahead
Two resilient keys
Casa’s system includes two keys that are highly resilient against a wide variety of threats:
The Mobile Key is securely stored on your iOS or Android device, with an encrypted remote backup that leverages Apple and Google infrastructure, respectively. Should you ever lose or destroy your phone, the key can be recovered by downloading Keymaster on a new device, and re-authenticating with Casa + iCloud/Google. It's important to note that because of how Casa has engineered your Mobile Key backup, neither Casa nor Apple/Google have access to your Mobile Key. You can read more about the Mobile Key here.
Casa Recovery Key
The Casa Recovery Key is also highly secure and uses multiple backup procedures. This key acts as one of the signing keys in a client's keyset, and is available for use in emergency situations where personally managed keys may be unavailable. The Casa team is fully remote and well distributed, providing our clients a high degree of reliability. We are standing by to assist if and when signatures are needed.
By ensuring that two keys are always available for our clients, Casa enables flexibility that doesn't compromise on security or user experience. We’ll take a look at scenarios you can plan for as COVID-19 continues to spread - extended quarantines, evacuations, and widespread disruptions - however, you can also extrapolate from these guidelines to a wide variety of routine and emergency situations.
Casa’s 3-of-5 security model allows you to store a single hardware key at home. This offers a high degree of security against seizure, loss, and theft, as well as convenience. In an extended quarantine scenario, the Home key can be readily available as the second signature on transactions.
Note: Casa Gold clients who choose to keep two keys at home (hardware wallet and phone, or two hardware wallets) remain at risk to physical threats. Upgrading to Platinum to unlocks 3-of-5 for additional flexibility, emergency lockdown, and personalized duress procedures.
- Home defense primer
- Steel backups
- Recommended safes (combination lock, water and fire resistant)
Another advantage of keeping a key at home is that it can be ready to travel at a moment’s notice should evacuation become prudent or necessary. In the event that you are unable to travel with a key, secondary locations can offer a recovery lifeline. Keeping a key in a location with different economic, geographic, political, and/or epidemiological risk factors will substantially increase your overall security, just be sure you have a plan to get there in the relevant emergency scenario.
- Casa faraday bags
- Recommended case
- Recommended bag (plus GORUCK's Bitcoin history)
- Bug-out bag overview (via ThePrepared)
3. Widespread Disruption
While Casa, Apple, and Google systems are hardened against risks, no centralized system can compete with the resiliency of a trust-minimized protocol like Bitcoin. We rate the current threat of widespread disruption as low, however it is important to consider the possibility of outages. In the event Casa is offline, you can still access and spend your Bitcoin using open source software like Electrum. Our Sovereign Recovery process will guide you through the steps to recreate your account and move your funds. We recommend that you both print these instructions out and save them on removable media with other valuable documents.
The most important thing to do in a crisis is to remain calm and remember the steps you took ahead of time to prepare. The good news is Casa clients are already well ahead of the pack - multisig offers you tremendous security and flexibility in exactly this scenario.
If you haven’t already done so, take a moment to think about the locations of your hardware devices, and how quickly you’d be able to access them in different scenarios according to your threat model. Remember that the Casa Recovery Key is available, but requires a security delay before a signature can be added.
If you're currently a Platinum or Diamond member, we encourage you to reach out to your Client Advisor one-on-one, to talk through the scenarios above and review your preparedness plans generally.
Still worried about your bitcoin?
If you still haven’t gotten set up with a Casa membership, you can get started here today.
Stay safe out there
Want more tips on staying safe and sovereign? Join the Casa Intelligence Briefing for news + developments impacting your personal security and privacy.