Unbreakable Seed Storage

Bitcoin users generally fail to secure their seed phrases - the keys to the blockchain wallets that hold their funds. Exchange wallets can't be trusted and electronic hardware wallets actually increase vulnerabilities. But here's a simple, unbreakable, free, manual method to secure your seed phrase that any competent 8-year-old child can use, but quantum computers can't break.

Bad Wallets

Any exchange can go out of business and take your wallet with it, so you sure can't leave your BTC there. Hardware wallets are made of the same components Ed Snowden showed leak data via USB sockets, mains chargers, NFC and WiFi fields. And so are software wallets running on any phone or laptop. Meanwhile backup paper wallets are open to everyone from the lowly paid bank manager who peeks inside safe deposit boxes to a teenager asking TikTok what this weird haiku in her Mom's diary means ...

One-Time Pad Without Tears

Bitcoiners need a way to encrypt and decrypt a seed phrase without using any more technology than a coin to flip and dice to roll. And we need the resulting cipher to stay safe even when attacked with a quantum computer.

That sounds like a job for the mathematically unbreakable One Time Pad. Except, without electronics, OTP is a nightmare of bit-twiddling that no one can seriously consider using. So we're going to do this OTP by shuffling, which geeky folk call interspersing. We're actually going to do it twice because the bitcoin seed words aren't quite random enough - they come from the "BIP39" list of just 2048 words. So first we have to shuffle in some pad words, and then we shuffle in some pad characters. Here's what that looks like step by step:

1. Intersperse (shuffle) your seed words with some other words that don't come from the BIP39 list. Anything you like - place names, say, or French swear words. So long as you don't pick these pad words from the BIP39 list, you don't even need to remember them.
2. Then insert a pad phrase at the start and another one at the end. Don't use phrases that are obvious like the "Heil Hitler" that cracked Enigma. Also it's important that no one can figure out how long any of your pad phrases are.
3. Now let's call the result of shuffling your seed words with these pad words the "Stage 1 Phrase". For the Stage 2 shuffle you need to come up with a long but memorable pad phrase. It has to be at least a bit longer than your Stage 1 phrase. You can pick any memorable sentence from any page of any book you happen to like. Just make sure you can easily remember it, and that you don't reveal it to anyone else. And never use the same pad to encrypt anything else. It's a one-time pad, after all.
4. Here's how you're going to perform the Stage 2 shuffle. You just flip a coin. Heads you consume a character of the Stage 1 phrase, tails you consume a character of the pad phrase. If the characters in each phrase are the same, you consume from the pad phrase. But ignore any spaces, capitalization, fonts, or punctuation. You continue flipping and consuming characters this way until you have used up all the characters in the whole Stage 1 phrase. The result is your unbreakable ciphertext.

Even easier to decrypt the ciphertext. You only need to cross out every pad-phrase character until all that's left is your Stage 1 phrase. Then eliminate all the non-BIP39 pad words, and the result is your seed phrase. It's so simple a child could do it, but the space of all possible pads is so large, and coin flips so random, quantum computers can't break it.

Dungeons and Dragons

So far, so good, but now where do you get your seed phrase in the first place? If you use a hardware wallet or a software wallet or any electronics at all to generate your seed phrase, you'll hit exactly the same Snowden vulnerabilities we're working to avoid in the first place.

Happily, generating a seed phrase doesn't need any electronics. Get a set of gamer dice from any hobby store. I like to use two D20. Roll one for the thousands and hundreds, and then roll the two together taking one digit from each for the tens and ones. Just roll again if you get a total over 2048. And then look on the indexed list of 2048 bitcoin seed words to find the word that corresponds with the multiple of your dice numbers.

Do so twenty-three times - we have to generate the 24th word in the next section. Note that you don't have to worry about checking online that this die-rolled phrase is not also someone else's seed phrase because the space of all possible seed phrases is so vast you have a much greater chance of being hit by lightning, and a crashing airplane, and a comet while also winning a billion lotteries all at once as the sun goes nova ...

A One-Time Hardware Wallet

One last challenge stands between you and perfectly unbreakable seed security. You need a zpub. That's a public-key "watch only" version of your wallet that just has the ability to accept deposits and view transactions and balance. It lacks the ability to withdraw funds or sign transactions, which makes it perfectly safe to keep on any of your electronic devices.

Don't worry, we're not generating this zpub by hand. Far too much error-prone work doing that. We're going to use a signal-isolated (not just air-gapped) burner device running an open source app called Bluewallet to do it. Any cheap second-hand phone will do for this.

By burner I mean a factory-reset device running only the open source wallet software, and signal-isolated by taking it out into the middle of nowhere where it cannot connect to cell towers, WiFi, NFC, etc. If you live urban, you might do this work in a Faraday cage. We use Bluewallet for this because it's simple to use and it's open source, which means there's thousands of third party programmers reviewing the code to assure us there's no surprises.

But first we're going to need to generate the 24th seed word - which acts as a checksum on the first 23. Too complicated and error-prone to generate it by hand so we're going to load the website seedtool.org in a browser on our burner. It will work offline, so once we have our burner signal-isolated we just feed in the first 23 words, hit the button, and that offline site will give us the 24th. Don't forget to write it down!

Then we simply feed our naked 24-word seed phrase into Bluewallet on our burner and press the button to generate a zpub QR code. Scan that QR into the Bluewallet running on your everyday non-burner device, and that's that.

But don't ask me how to set up Bluewallet to do it - I won't answer - RTFM.

Now we have to kill the burner before we leave signal-isolation. We can't just rely on software to scrub it. It's had our unprotected seed phrase on it, so it needs to die mechancially before it leaves signal-isolation. A deep body of water is simplest. You don't want to literally burn or stomp a phone because its battery might explode, but seawater reliably kills any phone that swims deeper than a few fathoms. And, yes, the corroding burner is probably not good for fishes, but nowhere near as bad as all the kilotonnes of toxic sludge and microplastics humans throw in the sea every day anyway ...

Unbreakable Withdrawals

So far so good. The seed phrase is securely encrypted offline and we can view and deposit into the unbreakable wallet. But how do we withdraw funds without using some Snowden-vulnerable hardware wallet? We do it the same way we generated the zpub - on a burner phone in a signal-isolated location. In short:

1. Set up a Bluewallet app on another burner phone. You will always kill your burner at the end of the transaction, same as you did when you generated the zpub. You must never re-use a burner or expose it to signals before killing it.
2. Once you reach signal-isolation, enter your seed phrase into the burner.
3. Tell your watch-only Bluewallet on your daily driver to send some of your funds to some recipient address - or do some other transaction that requires a signature with the seed phrase. Your watch-only bluewallet generates a series of QR codes representing a "partially signed" version of this transaction. It won't be fully signed until you use the seed phrase in your burner.
4. Scan those QR codes using Bluewallet on the burner phone, and then sign them there. This will generate completely signed transactions as QR codes for your watch-only Bluewallet to scan.
5. Scan these new QR codes into your daily-driver watch-only zpub Bluewallet. Don't worry, your seed phrase isn't transmitted with them.
6. Kill the burner and, only then, return to a location with signal. Use your daily device's Bluewallet to transmit the signed transactions. And that's that, job done.

Sure, it's more hassle than just using a hardware wallet. But this is the only way you can keep your cold storage wallet unbreakably secure and still withdraw from it. Effectively, the burner is itself a hardware wallet - just a properly secure one. If the funds you have in cold storage aren't enough to warrant this much security, you can just wait a few years. If bitcoin continues to do what bitcoin has been doing for the last decade and a half, it will be worth your while soon enough.

Really Cold Storage

Congratulations! Your wallet is now perfectly secure and ready for all the BTC you can buy before the exchanges around the world run out of the stuff. And you can write the OTP ciphertext down wherever you like because it's unbreakable.

Easiest to just put the ciphertext in your everyday device and back that up along with your photographs and emails, but for the sake of paranoia you will want some physical copies too. Some people stamp their physical backups into bits of metal, but then you have to worry about fossickers with metal detectors souveniring it yours ...

It's safer and easier to just write your ciphertext on archival paper in archival ink - google for an online shop for those - then seal it in mylar and/or HDPE and bury it where you can easily get it again in case of fire/flood/foe. Not in a safe deposit box nor some other private storage facility that might lock you out ...

Where then? Public parks aren't reliable because earthworks happen unpredictably. Wild land sounds okay until someone paves it or floods it. Climate change makes beaches wash away. But there's always cemeteries. Pick one for war heroes to make it unlikely your backup will ever be dug up. They died for our freedoms - I think they'd approve.