Let's look at a commonly used multisig wallet: a 2-of-3 quorum. We need two keys to sign a transaction, meaning it's okay if one of the three gets lost. What not everyone knows, however, is that keys actually come in public/private key pairs, and while it's fine to lose a single private key, we absolutely cannot afford to lose its corresponding extended public key, or xpub for short. If we did, we'd be locked out of our bitcoin forever, Laura!

Currently there is no user-friendly way to back up public keys that will stand the test of time. While private keys can easily be translated into English words using BIP39 and stamped onto metal, few bitcoiners are protecting their precious xpubs with this same amount of effort and security. Most will store them on an SD card or solid state drive, but with a limited lifespan of only about 10 years or so, that's not enough time to protect your bitcoin for your grandchildren.

If you don't lose any of your private keys, you have no problem. But the whole point of having a 2-of-3 multisig wallet is that you're mentally prepared to incur up to one key loss. If your backup plan is to simply re-derive all of your public keys, you're ngmi.

All electronic media - hard drives, solid state drives, SD cards, CDs, even "the cloud" - won't last forever and cannot withstand fire, flood, water, or shock. For significant amounts of bitcoin, your best option is to use a metal engraver to etch your xpubs onto steel or alternately, use Icebox with the coldest storage there is - the immutable bitcoin blockchain.

For a 2-of-3 multisig wallet, Icebox creates three on-chain transactions to store each one of your xpubs in an OP_RETURN. Once these transactions are confirmed, they're not going anywhere, and your grandkids will thank you later.

Forget tail emissions or demurrage, Icebox is projected to singlehandedly support bitcoin's emerging fee market + security budget. Just kidding, Icebox only needs a one-time investment of 729 vBytes to protect your bitcoin for literal decades (centuries?) to come. Furthermore, nodes may choose to prune out OP_RETURN data should they need to save space.

Your data is safely encrypted. If you lose xpub1, you'll need both xpub2 and xpub3 to restore it. This also means that a single leaked xpub will not reveal to the world that you're a user of multisig and cannot be used to find the other two.

Icebox is open source, and we don't store your xpubs on our servers. Transaction fees are paid using BOLT11 Lightning invoices, so your privacy is protected from on-chain analysis, too. But don't trust, verify! Icebox is not only an app - it's also a protocol. You can write your own implementation, or you can run our code locally.

Currently, Icebox supports 2-of-3 multisig wallets. However, if you ask D++ nicely, she may consider expanding compatibility to additional thresholds or even creating a custom backup just for you.

Your multisig configuration file contains your wallet's xpubs, derivation paths, and master fingerprints. Icebox has your xpubs covered, but what about the other parts? Fingerprints are less important, so it's okay if we omit them. Derivation paths, however, are an absolutely necessary part of your backup, therefore we strongly suggest sticking to an industry standard such as m/48'/0'/0'/2'.

Have a bitcoin company or application and want to integrate Icebox? Go for it! We'd love to see Icebox become an industry standard.

Icebox uses the following steps to back up xpubs in a 2-of-3 multisig wallet: