What are meaningfully secure multisig setups for protocol keys?
Login Required
Please sign in with Google to answer this question.
2 Answers
0
I use a 3-of-5 multisig: hardware wallets, air-gapped PC, and two offline backups; keeps protocol keys reasonably secure.
0
0
At my teams' protocol keys, we landed on a 3-of-5 multisig. It’s sturdy, but the magic is in the process, not just the math. Our setup: three hardware wallets, one air-gapped signing laptop, and two offline backups stored in bank vaults. We keep one key as a cold backup in a separate location. Sign-off flow: a proposal goes out, each signer signs offline, then a single online cosigner does the broadcast. We rotate keys every 6, 12 months and run drills so we don't freeze during real events. If a signer is unavailable, another signer can still sign; if a key is compromised, we revoke and rotate. Document the procedures and practice them.
0