[PowerfulWizard]

One solution is to have the key on paper in a safe, and then let the lawyer know the key is in the safe. If you die they can drill the safe. The nature of the private key makes digital solutions possible, but they aren't necessary. It doesn't have to be handled differently from any highly valuable small object.

[mlac]

Depending on the amount, split the key across paper across multiple bank vaults and lawyers, with direction to contact all of them and bring the key together at your death.

But good luck finding someone you can trust to actually handle the money once they have the key.

[rozab]

One cool aspect of Shamir's Secret Sharing is you can set any threshold for how many fragments are required to recover the secret. This reduces the risk of one losing the secret due to fragments being lost. The scheme also has perfect secrecy, so gaining a few fragments, but not the threshold amount, gives an attacker no information about the secret.

https://francoisbest.com/horcrux

[sudobash1]

I wouldn't split the key because as another comment noted, you don't need all the pieces to brute-force the rest. Rather I would have several "keys" that when you XOR them all together, you get the real key. That way, any piece is useless without all the rest.

Unless, this is what you meant by "split" in which case I agree.

[titzer]

Even just putting half the key on paper and not putting the rest could make brute-forcing the rest feasible. Even knowing just 1 bit makes brute-forcing 2x as easy. 8 bits? 256x easier, etc.

[_ihaque]

One would use a scheme like Shamir's secret sharing [1], not literally cutting the exact bits of the key into strips.

> To unlock the secret via Shamir's secret sharing, a minimum number of shares are needed. This is called the threshold, and is used to denote the minimum number of shares needed to unlock the secret. An adversary who discovers any number of shares less than the threshold will not have any additional information about the secured secret-- this is called perfect secrecy. In this sense, SSS is a generalisation of the one-time pad (which is effectively SSS with a two-share threshold and two shares in total).

[1] https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing

[mananaysiempre]

(Shamir’s scheme is delightfully straightforward, but if polynomial interpolation over finite fields isn’t a thing you feel in your bones, try inventing an n-of-n-shares scheme that only uses xor and a random-number generator. Gb nyy ohg bar bs gur cnegvpvcnagf, tvir n puhax bs enaqbz qngn nf ybat nf gur frperg; gb gur ynfg bar, tvir gur kbe bs gur frperg naq gur enaqbz puhaxf. You probably don’t want that in production, but it’s nice to figure it out and even utterly simple to prove it secure, provided you understand the proof for one-time pads.)

[tejohnso]

This immediately came to mind as a possible tactic because polynomial interpolation is covered nicely in A Programmer's Introduction To Mathematics[1] which I started reading recently. Highly recommended.

[1]: https://pimbook.org/

[titzer]

Oh yeah, I know about that. I meant to intentionally release only part of the key specifically to make brute-forcing easier for your heirs. I mean, hey, they gotta work for it, you just give them a leg up! :)

[kangaroozach]

Crypto dead mans switch like sarcophagus.io.

You can connect to obituary oracle on chainlink and release data to prespecified law firm upon proof of death. Then make sure the law firm validates the death before opening. Wallets and Keys inside. Or secret pass phrases inside.

[plorg]

When all you have is a crypto hammer, everything you see is blockchain nails.

[kkielhofner]

Or (somewhat ironically) a bank safe deposit box.

[dylan604]

This isn't that ironic, as there are often safe deposit boxes with contents more valuable than the cash on hand of the bank branch itself.

Yes, ironic that digital currency is being protected by physical bank, but that's really stretching for something to be haha. It's SOP for banks really.

[kkielhofner]

I was more referring to the (somewhat fair) crusade against big banks in the crypto community in general. Tweeting against banks all day and talking about "code is law" while paying a safe deposit box fee and leaning on the traditional legal system (wills, etc) and banks (the box) scales somewhere from ironic to hypocritical.

[mananaysiempre]

No it doesn’t, at least in a sensible understanding of the crusade. (I’m not sure cryptographic Byzantine consensus is the panacea it is touted to be, but agree with its proponents as to whether many of the things they call problems with the traditional system are in fact problems.) It’s nice to have a technical solution to things that do not actually need human interpretation, and it’s nice to expand the set of these things. Whether you actually want human interpretation for the act of transferring money is questionable.

Fiat money is uniquely susceptible to repressive governments in a way that nothing was when people actually thought about countering those in a practical way, and bank transfers are even more so—see today’s news from Canada for an example that’s chilling whether or not you agree with the actual politics in play. That needs to be fixed, I think. It could be fixed by making money more resilient to government intervention or by making governments less likely to make malicious interventions, probably both. These approaches, and even approaches to these approaches, have different implications, so history will have to find the balance, but I’d be loath to just dismiss the former out of hand.

But death is a thing that needs human interpretation, at least for the foreseeable future, and thus those arguments don’t apply here. The current banking and actuarial system isn’t that insane for the most part, for a system that has to operate under the constraint of needing human interpretation. It’s just that I refuse to stop thinking about the extent to which such a constraint is actually present in any particular situation. In strongbox rental, it is. Great! And I say that as someone with an experience of withdrawing the contents of a safe deposit box from a branch of a failing bank, on the day before the doors of said branch were locked and tagged.

(Nothing about a strongbox rental business even needs to be connected with loans or securities in any way, it’s just that banks sort of organically grew both functions. No problem with that, but also no problem with somebody dissatisfied with any aspect of modern macroeconomics having no gripes against safe deposit boxes.)

[MichaelZuo]

I think the parent was pointing out at the irony that every hour of effort spent on the crypto space so far has only made banks and other institutions even more critical in the end, because the death rate will be 100% for the forseeable future, like it always has been.

It’s effectively backloading risk onto the very things claimed to be outmoded and replaceable.

[matheusmoreira]

Not ironic at all. It's a fact that banks have great physical security, no reason to not take advantage of that. If you have a cryptocurrency paper wallet in the bank, they don't know about it, it's not on their books, they can't lend it out without your knowledge and inflate the economy with it.

[jml7c5]

Note that banks usually require you to sign away all liability for anything placed in a safe deposit box, even if negligence or fraud on their part leads to the items being stolen or destroyed.

The risk is very low, but it is present.

See: https://www.nytimes.com/2019/07/19/business/safe-deposit-box...

[TremendousJudge]

That seems like owning small valuable objects with extra steps