The Nihilism Blog
Previous Page

Prism Breaker

How to setup a trustless inheritance plan for your monero

If you make a lot of money in monero, and unluckily you are about to reach the end of your life, and again luckily you have someone you care and want them to have your money after your death, this tutorial is for you.

Let's do not ask why you do not handle them your coins or convert to fiat when you are still alive, maybe you want some sort of mysterious surprise for your relative who never heard of monero, and carries on to execute your evil plan with it.

Theory and setup

The plan is to setup a plan when your family find out you died, they can recover your crypto. You will need 2 lawyers to setup this plan. But our plan will utilize some cryptography tools so neither your lawyer or your family members can access your crypto not as you intended.

To achieve what we want, we need threshold encryption, where we need to encrypt containers and make sure that we need at least 2 out of the 3 existing keys to open them, we can use veracrypt https://blog.nowhere.moe/opsec/veracrypt/index.html, but instead of only using passwords, we'll use keyfiles

We will setup a container with password and keyfile, for these kind of container you will need both password and keyfile to open, if one of them is lost, it is impossible to decrypt

We will assume you already know to create veracrypt containers and how to mount them

The plan is to achieve a 2/3 multisig scheme. Which means we will have 3 keys, and we should be able to access our wallet with any 2 key. It is like a council with 3 people, but you only need 2 people to agree to pass a law

Monero multi-sig feature is still experimental, and has vulnerability before, so we will use veracrypt to achieve this multi-sig feature. Veracrypt itself does not support multi-sig,so we have to use some little tricks to achieve that. In short, we will create 3 keys and 3 containers.

Let's do a simple math, there is 3 possible combinations for 3 keys

Then you create 3 containers with idential content, but encrypted with 3 keyfile combinations, thus you can achieve a 2/3 multi-sig

Finally you need to thing about a password, since this is also required for veracrypt to operate. You need to remember this, and you should notify your family members about this and make sure they also remember it.

Then use veracrypt to generate 3 keyfiles, keyfiles will be random files generated by veracrypt. They have size of 1024kb and is highly random, so your container is impossible to open without them.

Choose to create a new volume, click next until you see the keyfiles option

We will try to generate 3 random keyfiles

Move your mouse to collect enough entropy, this is very important! The protection from cryptography will be significantly weakened if there is not enough randomness. Then set the key file size to maximum which is 1048576. This is the maximum size utilized by veracrypt and we should use that.

Name your keyfile as key 1 and save it. And repeat this step to produce key 2 and key 3. You shoud have 3 keyfiles now ready for being used to encrypt your containers.

We will then continue to create 3 containers, you will create containers with the same password, but use a different combination of 2 keyfiles for each container as planned

As a remaider, 3 containers will have a encryption setup like this

Volume 1 : password + key file 1 + key file 2

Volume 2 : password + key file 2 + key file 3

Volume 3 : password + key file 1 + key file 3

Add the keyfiles in keyfile option when creating a new volume

You will always save three containers together, this means your family member can unlock 1 of the 3 container even one keyfile is lost.

The last thing to do is to try to unlock your containers, if sucessful, put your seed text file into each container

Prepare your seed and save it in a file, remember to do this in a trusted environment and destroy it later!

Then unlock each container, and make sure you copy the seed into it

Then you need to properly distribute the keyfiles as follows:

1.You will keep key file 1, and the local copies of containers at home

2.Tell your family members about the plan, and most importantly the password they need to know because they still need that for container decryption.

3.Upload the containers to a cloud storage which is controlled by your family members as a backup. You better ask them which cloud service they use, like icloud or gdrive, and copy the containers to their devices and upload to the cloud, so they can easily find the containers through their most familiar method

4.Handle a physical copy of keyfile 2 and keyfile 3 to two different lawyers in different countries, and ask them to send it to your family members when you die officially.

In short there are 6 factors that determine the sucess of inheritance, only the keyfiles allow 1 fault to happen, so you should be really careful and make sure every part work as expected

In this setup your monero can be safely inherited, and it is resistant against accidents. Different things can happen:

1.The best case is you died, your family member grab your local copy of containers and keyfile1, and receive keyfile 2 from one lawyer. Then sucessfully decrypt to get the seed, and recovered your monero

2.Your home is destroyed in a disaster, but your family members and download the containers from the cloud. They wait until both lawyers deliver keyfile 2 and keyfile 3 to them. Then unlocked to recover your monero.

3.One of the lawyer died in earthquake, plus his office also destroyed. Your family member still have your local copy of containers and keyfile 1, and receive another keyfile from the survived lawyer. They unlocked and recovered your monero.

You should find lawyers in different cities to reduce the risk.

You can also print this down as a reference for your family

This plan prevents your lawyers to steal crypto, because they do not have the containers plus the password. Your family members also cannot access your crypto, because they only have one key.

Inheritance process



This section describes how the actual inheritance process is going to like, it assume no technique background for its reader

There is some crypto left from your gifter, you need below steps to recover them:

First you need to find your gifter's safe, it should contain some storage device with some files called "container" and "key", plus a password

Some step below require participation of your gifter's lawyer, but we will continue your technical setup first

First open your lovely windows, and we open the veracrypt website https://www.veracrypt.fr in browser

Download veracrypt as showed

Find the downloaded veracrypt installed, right click on it and click property, choose digital signature as showed in picture

Make sure the digital signature is displayed as "ok", otherwise do not use!!!

Now install it, do not change any setting and install in default setup

Click next

And Install

After you see this warning, click yes

Next you should find a hard drive or cd, which is left by the people who gift you money. It should look like something like this

Or this

You should fild three files called container 1, container 2 and container 3 inside, if not search your own cloud drive with name "container". For example your microsoft onedrive

Seach on your own microsoft, google and apple cloud storage

If you searched all the cloud storage but cannot find any files named container, and you are sure the physical copy of the container at home is also lost, then the money is gone forever! I am sorry.

You should also find a file called key1 from storage devices in your gifter's safe, if somehow this is lost due to disaster or mistake, you are in trouble but it is still fixable, continue reading

If you have found the keyfile 1 and containers, you should now wait for a lawyer to contact you, if your gifter has properly setup the procedure with lawyers, you should receive their message and the keys in mail or in person

Now let's assume you have received another key, named key2 from the lawyer, now we have two keys and we can decrypt the container for getting your money!

Open veracrypt and click the "select file" button, select file called container 1

Choose a drive and click mount

Enter the password you found in the safe, or find a family member that knows the password. Next choose keyfile tickbox, and click the button on the right

Choose add files and select key1 and key2 you received

Click ok and decrypt the container!

If everything worked correctly, you should see a new mounted disk on your file explorer

You got the seed! Do not tell that anybody, restore it in a monero wallet, for example download cake wallet on your phone, input the seed for the money!

If you get key3 from another lawyer, don't panic, it also works if you have key1

But choose container 3 instead of container 1 in veracrypt before decryption, and use key1 and key3 in the keyfile section

At last is the worst situation, if key 1 is lost like your house is destroyed in fire, you need to contact both lawyers to recover the money. You have to find them both to get key2 and key3

If you are lucky and get the keys from both lawyer, choose container 2 in veracrypt, use key 2 and key 3 for decryption

You can now also access your money!

PrismBreaker

Shatter the big brother.



Creative Commons Zero: No Rights Reserved

My Links

RSS Feed
SimpleX Chat

About nihilist

Donate XMR: 87iB34vdFvNULrAjyfVAZ7jMXc8vbq9tLGMLjo6WC8N9Xo2JFaa8Vkp6dwXBt8rK12Xpz5z1rTa9jSfgyRbNNjswHKTzFVh


Contact: prismbreaker@waifu.club (PGP)