Améliorer l’expérience utilisateur de l’auto-garde | Bitcoin 2026

All right. Welcome to the most exciting panel of the day. We have a star-studded panel of all of the experts from the different areas of the self-custody world. To start, let's just do a brief round of introductions and also answer the question, what user are you typically designing for day-to-day with respect to self-custody? So, my name is Alex. I work on a project called Fedimint at a company called Fedi. So, we do a federated multi-sig e-cash system. So, over to you. My name is Pedro. I work on Set Signer, which is a privacy-focused Bitcoin wallet that touches all the aspects of Bitcoin. So, if you have sets that need to be signed, transactions on all the way from on-chain to lightning, e-cash, that's the app to use when it launches. Hi, my name is Sindura Saraswati. I am a PhD student. My contribution here is I focus on balancing security and usability. One of my recent works is about choosing optimal thresholds by minimizing the total loss, that is loss caused by self-lockout and loss caused by attacker stealing your funds. And I'm Kevin Loaec working on Bitcoin security at Wizardsardine. The main product we have is called Liana, which is a miniscrypt wallet with recovery options for like inheritance or organizations to make sure they never lose their coins. And to answer your questions about the typical like users we're designing for, we don't know, which is an issue. So, we don't know who our users are. So, we have some hardcore Bitcoiners we have to design for, but we also have organizations where the people that are actually using the wallet don't know much about Bitcoin. So, we have to try to make the fit of both sides, like having enough features to make the Bitcoiner happy and abstracting enough without dropping the security for the average person. Amazing. Um yeah, to start the conversation, can anybody to you uh just talk about when single sig security fails? So, the typical way to store Bitcoin in a self-custody way is through a single signature wallet, and when does that start to break down? Yeah, uh tough question, I guess. Um so, I mean, a single sig for me is I mean, it's just like, you know, having one key to sign, but this key you can back it up in multiple ways. You could have multiple backup of your key, you could have a Shamir of your key, et cetera. Um this key could be on a signing device, aka a hardware wallet, which is kind of decent already. There's, you know, pretty low chance you fuck up too hard if you have good backups and use a hardware wallet. But if this key is on your computer, on your phone, and maybe you don't have a proper backup, that's a very different question, right? So, there's a wrench here. It's not like single sig is not a bad thing. It's still different definitely better, in my opinion, than using a custodian. But again, it depends on how you secure your key. Um I feel single sig can be optimal, too, but the goal has to be like, we have to reduce the single points of failure. So, when that's the goal, I I think multi sig can come into picture, which can be better in balancing security and usability. But if you can still prove that your security posture is good enough, or your recovery path is rehearsed, then you can go for single signature, in my opinion. I love single signature. I think multi signature still, in terms of UX, still has a little bit of ways to go. I think it has a lot of potential, but it's we can still do a lot, and Bitcoin is already kind of like Kevin was saying for people that are coming from outside of Bitcoin. Bitcoin can already be very complicated even in single sig. That being said project like Liana and hopefully set signer are pushing forward and making it more easy to use. And technologically I think it's already there. It just needs a little bit more of a push in the UX in the design and make it more easy for people to understand what they're doing when they're clicking. I mean that's a very bold claim that multi-sig is not ready. You know, I think all the podcasters telling people to stamp their seed words on the seed plates across the country is uh would disagree. What would we need in order to get to a point where multi-sig is ready? Well, ready for whom? For as a general recommendation for a new holder. For the general user that's getting into Bitcoin, I would never recommend single sig multi-sig. I would always recommend single sig. It's much much easier. If you're going to go and lose any of your setup when you're doing multi-sig, that's kind of I I hear a lot of people already losing their seed words. So, you're just opening yourself up for failure. But, if you're more experienced, yes, maybe that at that point it's ready. I just don't know I don't see that people using it that much. Thoughts? Yeah, if I can hop in on this one. So, there are also different way of looking at multi-sig. So, you could have multi-sig for a single individual where you have multiple keys. Maybe for higher security, maybe for redundancy, whatever. Like in my case for example, obviously I use a multi-sig and it's a geo-distributed multi-sig. So, I need to cross border to be able to sign my coins. That's like a very strong security, you know, feature. But also, like if you are start talking about a family or an organization, just don't use single sig, you know, with like gold multi-sig. If you have multiple people in a group, have them all have their own key cuz otherwise it's a mess if you start sharing keys with people. So, yeah, just to add to that. Yes, your research is mainly about when it's trying to the optimal threshold for multi-sig. Can can you speak to this? How how should people be thinking about what the the proper multi-sig setup is to choose? Um yeah, sure. So, my research says that instead of picking thresholds by habit, like defaulting to two of three or three of five, we should choose thresholds by asking what thresholds can actually minimize the total loss. When I say total loss, it is self-lockout loss and theft loss. Um so, you can intuitively say that you keep raising your threshold as long as it helps security more than it hurts you your own recoverability. Um so, in our research, we come up with some closed-form solution where we can like estimate what could be the optimal threshold. And for that, we technically we define two parameters which captures, you know, how fast the user's ability to meet the threshold deteriorates as threshold goes up and how fast the attacker's ability deteriorates as threshold goes up. So, the sweet spot is where adding one or more signers stops being worth it. Uh so, the main idea is that you need to balance between security and usability and come up with that optimal threshold. Yeah, Kevin, running Liana or in running Wizards of Dungeons and Dragons, what use case or what situation are you most or do you find most users fall into? Are people more likely to lose their coins or to get stolen from? Typically, our users are coming to us because of the risk of loss more than the risk of theft. The risk of theft is There are like a whole range of attacks, right? That we can consider for theft. As soon as you start using a multi-sig, you're covered against many of the theft attack, except maybe in-person theft, you know, like the $5 wrench attack. And this is very hard to go around. Like you of course you can do like me and segregate your keys across border, but that doesn't stop the guy to hit me with the wrench, right? So there is always limits into what we can do. But I believe the main thing, especially for larger holders and large institutions, is the risk of loss. That's what they're the most afraid of. It's not theft, it's really loss. It's being unable to access the coins and being blamed for it. And this is why they are using custodians. It's to not to protect themselves from not losing the coins, it's to be able to blame someone else, right? And I mean, I don't think most custodians have, you know, a decent enough security, in my opinion. It's always like a very low number of signers. Sure, they could be in HSMs or whatever, but it's still a small number of keys. And you need to have people having access to these keys. So there is a risk that these keys are lost or stolen or whatever at some point. So yeah, things like Liana are built for recoverability, so you make sure that you have self-custody, but even if you fuck up, if you lose your keys, you have different spending condition that triggers over time. So I'm just going to take like 10 seconds to explain how Liana works, but so Liana is a mini script wallet, which means that you can have different spending condition that activate over time of the inactivity of your wallet. So let's say I lose my key, I can't spend for 3 months, but after 3 months, I can have a different set of key or a different threshold of my multi-sig to access these keys. So it's really cool for recovery, for inheritance, or for companies having like key rotation or employees leaving and things like that. Yeah. Incredible. Um yeah, so Miniscript has been promised to Bitcoin for years. It's been the the hottest thing on the block for a long time. Uh can you give the audience an understanding of what specific things that are now possible that weren't possible a few years ago due to Miniscript? Uh this is a great question. Um technically nothing. Um we could do the exact same scripts on Bitcoin as we can do with Miniscript. Miniscript doesn't change the way Bitcoin works. Miniscript just change the way developers build tools for this kind of a script on Bitcoin. So, Miniscript let us build secure software where back in the days we would have to design the Bitcoin script by hand and that was extremely risky. It was somewhat easy to get the script that does what you want it to do as in like, "Oh, I want a two of two multisig." But it was extremely hard to prove that the script you made doesn't have other way to spend from it. So, typically you could have bugs or other way to spend from this, you know, built by hand script and this is how, you know, the the attacks or the hacks would happen and that's why nobody basically was using timelocks or weird multisig that didn't use like two of three or three of five just because you couldn't prove when you build it by hand that there was no other way to spend and Miniscript fixes that. So, Miniscript lets you do whatever kind of uh timelock combination of like multisig multisig of a multisig, things like that um in a way that you are pretty much guaranteed by the system that it is the only way to spend your coins. Incredible. I mean, Pedro, have you seen excitement for Miniscript in uh the work you do? Uh yes, a lot. Uh but for in my perspective, the so the Bitcoiners I interact with, especially in the context of the conference, uh they they tell me how they use Bitcoin and I I don't see a lot of people using Bitcoin in these ways. Obviously, with Liana, Kevin is probably interacting with a whole subset of users that I I don't have contact with. But, as we were discussing backstage, I think the challenge right now is how to describe the language, how to improve the the UI, and like the panel is called elevate the UX. So, all these things are extremely easy to use, and that requires a little bit of familiarity from the users who actually use them. I myself still learning what the possibilities of mini scripts bring into the application we're developing. But, there is for me I'm I'm more focused on the on how to make the design completely intuitive, so that the user knows what's happening. And sometimes, I worry that making it too complex is going to make it impossible for us to design a flow that the user can actually use. Welcome to Predict. The [music] world is a market. Everything is a market. Every headline moves the line. Every moment is your market. Call the moves. Bet on your instinct. Your prediction, your edge. Dual bets. Predict, where everything is a market. Yeah, what do you think is the current biggest failure of call it the mainstream wallets these days? Like, how are people failing on UX? I think they either offer too many features or not enough features. I don't know exactly. I'm I don't have a clear answer for that. I'm also my exploration is testing all the the wallets and um creating a flow that I understand and also acknowledging that I I have a specific use of Bitcoin. Um and I don't think there's a specific wallet that's going to work for everybody. I think this is a a pitfall that a lot of projects fall into and trying to accommodate to too many users. And it's okay to focus your specific use case in a a very niche uh type of user. I think one improvement in wallets is that we are moving from ad hoc setup to policy-driven self-custody. Um and we are seeing complex policies, you know, making it onto the hardware flows. Uh but what is still missing according to me is that uh you know, policy readability on devices. Until users uh know what they are authorizing, what is the recovery path, um then I think UX gap in wallets is not fully closed. Absolutely. Yeah. Um I think this is the biggest thing people are afraid of. It's the signing device, so also called hardware wallets. Um when you start having policies like miniscript or anything like that, multisig on a hardware wallet, people, especially the ones that aren't, you know, hardcore Bitcoiners, are just pressing next next next. They don't read what's on screen cuz it doesn't really speak to them, you know, they don't know what a Bitcoin address is or it's not really, you know, readable. It's just characters. Um and so this is where it gets scary for them and for us because if they don't do anything about verifying on the hardware, everything we're doing is useless. Like we could use a hot key if they don't verify anything on the hardware. So, yeah, absolutely. Yeah, I mean this makes me think like one I think common criticism of the more complex innovative custody setups is is that the expectation of or the the responsibility of the user goes up not down usually in these situations. So, um given all these fancy inheritance planning, do you think it will the the the the complicated uh mini script setups will actually hold up when um somebody dies and and it falls on their non-technical heirs? Yeah, I I really think so. Um so, one of the kind of fear or criticism that some people are saying, you know, when we're talking to them about Liana and they're like, "Oh, it's too complicated. My family doesn't want to do anything with Bitcoin. Uh they will never be able to recover." That's kind of you know, it's it's not what happens in reality. Um if you die and your family knows that there's a bunch of money to recover, they're going to take the 10 minutes to learn how it works. It's just that right now they don't want to spend these 10 minutes cuz they don't care. You're still there and they don't think you're going to die and they don't care about your Bitcoin. So, it's really that as well. Like it it's not about them right now. It's about them when they need to recover the money. Will they be able to do that? Yeah, absolutely. Like it's pretty simple to to get on board with a a signing device. You just have to import your descriptor and seed and that's it. You can recover the coins. Amazing. Yeah, I mean who drives that? It will in the event that somebody dies is it the responsibility of the person setting up the wallet to have the executor um the executor of their will uh aware of the situation? Um in what we see, it depends. You have two types of users. You have the user that want to be sovereign. They don't want anyone to know anything about their setup, not even their family sometimes. So, this basically goes into tamper-evident bags. You put all the instruction in a bag, you put the seed in a bag, put maybe a signing device in a bag, and you just tell them open this bag if something happens to me. That's perfectly fine because it's time locked anyway. So, even if someone steal the bag or whatever, they can't steal the money. Um if it goes through an executor, it depends as well. Do you want a trusted third party as like an external company that could help your family to recover? That happens, right? There there are services for that. Um so, yeah, up to the user to decide. That's Yeah, uh uh in my experience I'm certainly being designed for the people that are building it and primarily with my wife in mind. So, this is the the user test case and if we if my thinking is if we make the UI clear enough with some differentiation and some clear charts uh understanding the what's happening under the hood becomes way more simpler and um it's possible, but it's it's going to be a process. This is uh I don't think it's going to be solved so easy so soon. Maybe just to rephrase what I said a bit earlier um in a in a way that might speak to you, you know, when your family says you know, it's going to be too hard. I give you three things. I give you a hardware wallet, I give you a mnemonic, and I give you a descriptor. There's something you need to load in your in your hardware wallet. I'm telling you there is one Bitcoin in there. I think absolutely everyone at the conference would try to get it done and would manage to get it done. If you have the incentive to do it, you will learn. You will go online and figure out how to put a seed on a hardware wallet and how to put your descriptor and spend the coin. It's just the incentive that, you know, isn't there when you're not dead yet. I mean, have you found anybody having issues or or has everybody been able to set it up? So far, yeah, no issue. One thing we heard though a lot in Bitcoin is from people using multi-sig from the early days um where a lot of the multi-sig people think all you need is to have your enough of your seed phrases, which is not true. You need to have the expert of every key in your wallet even the ones that are lost. So, what you need technically is called a descriptor. Um you could potentially rebuild it with all the seed the the mnemonics. But if you only have, let's say, two backups, two keys, and you don't have the third one, and you have no way to find out what was the XPub, you will never recover the coins. That's valid for any multi-sig. And so, I do believe that right now, a lot of multi-sig users are still not aware of that, and they basically are, you know, probably operating at a huge risk that if they lose any one of their keys, they don't have the correct backup to recover, cuz they never tried. So, maybe just try to recover your wallet, you know, before it's too late. Well, um we're running a bit short on time, but um maybe one last thing that we we can all uh speak about is if there's one thing that you'd like to change about the Bitcoin ecosystem, or uh add to Bitcoin uh to make self-custody more achievable and uh just better functioning for users to achieve the the goal of Bitcoin of self-sovereign money, um what would you do? Pedro. Um my perspective, I just more more design. So, I'm coming from the the kind of the other end of the spectrum in this panel. I'm coming from the design part and entering into the technology the the technology and the implementation. We're just using tools that already exist, and with those tools, uh improving the the UX just by allowing making it clear that you you need the the policy of the multi-sig, and you need the the keys, allowing Really, this is really basic, but it's like just making it so easy that with two taps in a scan, I can recover funds if it's if they're in the right form, and educating the user that you can save this in a QR code or something. Uh that would That's where I find the friction is when people need to tap People are very lazy. If they need to tap an extra tap on the phone, they're gone. If they need to to download a new wallet and uh They with different devices. They're not interested. Uh So, yeah, just more design, more experimentation, more different UX paths and flows to to see what which one will work. Um if I have to talk about multi from multi-sig perspective, I would say don't choose thresholds by habit or convention, but choose them by um from the perspective that you minimize the total loss and that's same for dynamic threshold setup as well, like inheritance style recovery paths. And um I would say like wallets can uh integrate some sort of formal methods to when it comes to choose or advise uh threshold choices to their users. That makes user experience much better, in my opinion. Yeah, from my perspective, the top UX problems again are like hardware wallets. Like, how do we show to the user what they're actually doing and how can we make them not scared? It's always going to be hard because users are lazy. Um but the other thing that we can and we're working on um to fix is basically the problem around multi-sig and descriptors. Um we know it's very hard for people to understand how to back up a descriptor. The seed phrase, it's easy, you know, you can put it on metal, on paper, whatever. It is 12 24 words, but the descriptor is not something you really write down. Um and so, we basically have a a BIP coming up. I don't know if the number was assigned yet or not, but basically um what it does is that what we want to achieve is that a user with any single mnemonic part of a multi-sig or a miniscript descriptor would be able to recover the whole descriptor. And so, to do that, we basically encrypt the descriptor with every single one of the mnemonic. And so, with every single one of them, you can also recover it. Um and so, this is a standard we're trying to get to like basically all the all the wallets on Bitcoin. So, it will be compatible cross compatible across wallets. Yeah. Well, is this related to like the descriptor encryptor project? Correct. Yeah. Incredible. Um cool. Any final thoughts before we break? No? Awesome. Well, thanks so much everybody. Yeah, thank you. >> [music] >> Every year this community comes together to celebrate to debate to build what comes next. >> [music] >> And every year the stage gets bigger. >> [music] >> Sound money center stage. So, [music] where do you go to celebrate the next chapter in Bitcoin history? You come home. Nashville, [music] July 2027.