Deep Cold Storage: How Beginners Can Swim in the Deep End

By Patrick Kim

Cold storage is the practice of keeping crypto assets in offline, yet accessible locations. Deep cold storage takes this concept to the next level for assets you plan on leaving untouched indefinitely — possibly until they’re passed down to your heirs. Because all you need for deep cold storage is a recovery phrase, what you’re left with if you don’t add some level of redundancy is an extremely important single point of failure. What deep cold storage does is protect the backup of your assets by helping you avoid having all your eggs in one basket.

Deep Cold Storage Practices

Deep cold storage is popular for those who put a fixed amount of money into bitcoin every month, depositing it at an address and never transferring out. This kind of investor only needs to keep their address on-hand, while the wallet app used to generate the address can be deleted.

There are numerous methods you can use to store your recovery phrase. In general, redundancy is crucial to the security of your assets, but the more complex a storage scheme becomes, the more prominent the factor of human error gets. It’s important to choose a method that strikes the right balance for you.

Method One:

It’s common practice to copy mnemonic phrases onto a piece of paper. However, paper can be easily lost or destroyed, so using metal storage products is a much safer way to store your recovery phrase.

Method Two:

If you only store your recovery phrase in one place, it’s more likely to be lost in a disaster such as a fire or flood. However, if it’s stored multiple locations separated by distance, you’re much less likely to fall victim to unforeseen events beyond your control.

Suppose that a recovery phrase stored in a single location has a 1% probability of being stolen or lost in a natural disaster. If this phrase is instead stored in five separate locations, the chances of it being stolen increase to the probability of theft at any of the five locations. However, in order for the recovery phrase to be lost to a natural disaster, all five locations would have to be affected simultaneously. The following table demonstrates how these probabilities play out:

So while putting the recovery phrase in five separate locations almost guarantees your phrase will not be lost to natural disaster, it makes it 5 times easier for someone to steal.

Method Three:

Shamir’s Secret Sharing Scheme (SSSS) gets around the issue of increased vulnerability to theft dividing secret information into n parts, from which a threshold of k is needed to recover the information_._ For example, using SSSS to separate a backup into 5 separate parts located in 5 different locations, a threshold of 3 out of the 5 locations is needed to recover the keys. With SSSS, no single part is vulnerable on its own because it does not contain all the information required to constitute the secret. This practice results in a drastic reduction of the probability of loss due to theft:

While the chances of destruction from a natural disaster are notably higher than for a simple redundancy storage scheme, SSSS gives you more balanced practical odds against both loss from theft and disaster.

Method 4:

One fallacy of SSSS is its reliance on the assumption that if a backup is somehow compromised, the owner of the recovery phrase will be immediately aware and able to respond by transferring their assets. If the owner of the recovery phrase has no knowledge of the condition of their backups, the probability of total loss drastically increases due to situations in which parts are quietly lost one by one.

Since hiding parts generated by SSSS can be risky, SSSS is best used with professional services such as safe deposit boxes. It’s rumored the idea of deep cold storage originated when a London bank began offering offline key storage solutions backed-up in multiple undisclosed locations — presumably their old school vaults. However, these professional services charge a lot of money, with the London bank wanting 2% annually to underwrite any loss of assets. Meanwhile, distributing them among friends runs the risk of those friends colluding and stringing together the mnemonic to divide up the assets.

We came across a solution to these pitfalls through security expert Lance R. Vick (Twitter: @lrvick), which consisted of the following:

1. AES encrypting the recovery phrase
2. SSSS dividing the AES decryption key into yubikeys distributed amongst several trusted friends in separate legal jurisdictions around the globe
3. Surgically implanting AES encryption result under skin

Lance uses AES encryption for his recovery phrase because it requires a two-factor process consisting of both the decryption key divided with SSSS and the encryption result to obtain the recovery phrase. So even if his SSSS parts collude against him to constitute the AES decryption key, they still need the AES encryption result that’s implanted under his skin. This solution is impressive not only because it avoids having a single point of failure, but because it makes it very difficult for the SSSS holders to collude against him because they would also need the encryption result imbedded under his skin. Needless to say, surgically implanting an encryption result under one’s skin and involving trusted friends located in different parts of world isn’t for everyone, and few have the resources or expertise to do it.

How Can the Average User Take Advantage of SSS?

Anyone without programming experience can do SSSS by making use of online tools such as this one. Like other SSSS tools, the n parts the secret information is split into and the threshold k required to reconstruct the information are at the discretion of the user. Be aware that it’s best practice to download such tools onto an offline computer rather than use their web-based versions.

However, using SSSS to divide a recovery phrase offline and distributing random strings geographically to several locations is a difficult approach to backing up your assets. For the average user, this level of difficulty makes it far more likely something will go wrong. Instead, what might be considered is to manually divide a 24-word mnemonic phrase into three parts containing 16 words, so that each part lacks 8 words that the others have. The 16-word mnemonics can be simply written on paper, but we advise storing them on metal tablets for a higher degree of permanence. Parts can be kept with your grandma, or put in secure locations you find reliable.

If a malicious actor gets ahold of one part, it’s hypothetically possible for them to brute force the remaining 8 words they need to complete the recovery phrase. But what would this look like in practical terms of how much they would have to invest?

The latest Antminer S19 Pro mining equipment has a hashing power of 110 TH/s and power consumption of 3250W. At dirt-cheap electricity rates of around 5 or 6 cents per kilowatt hour, it would cost around 127 million dollars to run the 2⁸⁸ hashes required to brute force the remaining 8 mnemonic words (2⁸⁸/110/1,000,000,000,000/3600*0.05*3.25). The calculation method used here is based on the hacker having the 24th word, which means they will have the checksum of the entropy. If the hacker happens upon one of the backup parts that doesn’t get the 24th word, the difficulty of brute forcing the remaining 8 words would increase exponentially, such that ASIC miners would not even be sufficient to accomplish it.

Unless you’re storing over 127million dollars worth of assets, it’s not cost-efficient for a cybercriminal to do anything if they come across one of the backup parts. With this storage method, the probability chart looks like this:

You can give your recovery phrase these odds and give each of the three parts virtually indestructible durability by purchasing just three Keystone Tablets for $117.

The same method is not safe to use with 12-word mnemonic phrases. If a hacker gets one backup part consisting of 8 words, they only need to crack 4 words, which an Antminer S19 Pro is capable of doing in just 0.16 seconds (2⁴⁴/110/1,000,000,000,000).

Don’t Neglect the Recovery Phrase

Cold storage is great for keeping your assets safe from online threats, but you could still lose everything if you don’t pay attention to how your recovery phrase is kept. While deep cold storage is often thought of as a security solution for institutions, elite investors, or cybersecurity professionals like Lance, the methods we demonstrated above provide anyone with the means of realizing it for their own recovery seeds.