If you’ve figured out that you want to go to multi-sig for your bitcoin wallets, you probably have a 2-of-3 or a 3-of-5 setup.

This means finding 3 or maybe even 5 different locations to store your plates.

You might have one or two physical locations you have direct control over, not many of us can say we can feasibly control more than 2 storage locations.

So perhaps you’ve thought of using an additional location where you know you won’t regularly visit or have complete control over the access to your backup at that location.

Popular choices for such a location could be a safety deposit box at a private vault, or perhaps one of the many new Bitcoin specific key storage locations.

So how can you be sure, if you leave a seed plate for one of your keys at this location, that the security of your multi signature setup has not been eroded by the plate potentially having been read by the custodian you have entrusted its safekeeping to?

This was a problem I couldn’t find an off-the-shelf solution for, so I thought about what might it take to be able to VERIFY, not TRUST, that if I left a seed plate at a custodian, that when I return to pick it up and make use of it, that I could be absolutely sure no one had read the contents in the meantime.

So why couldn’t I just leave the plate inside a tamper evident sealed bag?

If the seal of the bag is broken, then that means the plate could have been read by someone.

If the seal is intact, then surely that means no one could have read the contents, right?…Right?

Well it turns out, there is an entire industry, present in just about every country and major industrial centre, that has equipment capable of reading the content of metal plates stored like this - and they can do it without leaving a trace of having done so even if it is inside a tamper evident sealed bag.

NDT Labs (Non Destructive Testing) are an important part of the steel and construction industry. Their job is to inspect and test the integrity of structural welded metal parts.

They do this using powerful X-rays. Here’s how much detail they can see when scanning through metal:

So, the first thing we needed to check was, is it possible to read the engravings of a metal plate via such an X-ray machine without breaking any of the seals of a Tamper Evident bag. We went to one such NDT testing lab here in Brisbane, with an engraved seed plate all nicely wrapped up, and here’s what the machine could see:

Those with keen eyesight can already glean some of the seed words present on the plate and with not much additional work, it would clearly be possible to recover the seed words without breaking the sealed tamper evident bag.

The plate could then be returned to the storage location with the plate owner none the wiser that the custodian has been able to capture the data being stored.

So this meant we needed to come up with a method to:

1. Make it much harder to read the engravings on the metal plate using NDT equipment

2. Make it obvious that someone had attempted to do so

Reaching out to fellow bitcoiner colleagues with experience in 3D printing (thank you FNQ and Dan!) and after a lot of iterations and false starts, here’s the solution we came up with:

Behold the SeedSleeve! “So what” you say, “that just looks like a 3D printed plastic sleeve to put your seed plates into - surely the X-rays at the NDT lab will be able to see right through plastic and still be able to read the plate’s contents?”

Let’s tear open the seed sleeve and see what’s inside:

In this cut away image, you can see the multiple layers that make up the SeedSleeve. The Sleeve actually contains a 3mm thick plate of solid lead on both sides. The lead is intended to make it extremely hard for the X-rays to be able to see what’s sandwiched in between - your seed plate.

The SeedSleeve also has a hole in the top left corner which perfectly aligns with the hole in the metal plate for SH-01, SH-02 and SH-03 format seed plates - through which a serial numbered zip tie can be threaded - proving that the plate has not been removed from the sleeve.

But there is also an X-ray sensitive sticker on the outside of both sides of the SeedSleeve. This sticker says “INDICATOR NOT IRRADIATED” - the “NOT” will visibly turn black when exposed to X-Ray radiation of the kind that would be used in an NDT lab to inspect the metal.

Finally, we need to make sure no one who has triggered the X-Ray sensitive stickers, can simply replace the stickers with fresh ones, so we wrap the whole enclosure inside an A5 sized Tamper Evident Sealed bag - and we get this:

So now we had to test the SeedSleeve and see if it works. This was an exciting process.

After trying every permutation and combination of radiation doses, the NDT lab couldn’t get any pictures of the engravings on our test plate better than this one:

Additionally, the attempts to read the plate using X-rays quickly led to the X-Ray sensitive sticker on one side of the enclosure being triggered, making it obvious that someone had attempted to extract the plate’s contents:

The conclusions from the lab included:

1. The lead sandwich design is highly effective - no sensor they had could be configured to be able to read the contents of the plate.

2. The lab believes it is actually impossible to read the contents of the plate using NDT equipment, and especially so without triggering the radiation sensitive stickers.

So, mission accomplished. SeedSleeve has finally solved for the most paranoid offsite seed storage scenario. There’s nothing stopping your plate custodian from ripping apart all the tamper evident seals and packaging to read your plate contents - but when you come to retrieve your plate, there will be no way to hide from you the fact that they have done this.

A well constructed multi-sig setup will still mean you’ve not lost control of your funds, even if a bad actor has access to one of the keys that make up your wallet - but there is obviously some additional value in KNOWING, provably, that if the seals are intact, that there is no known way your plate could have been read.

This certainty may enable more people to embrace multi sig and to feel more comfortable in using third party custodians as key storage agents.

It could have another use case too - securely sending a seed plate through the mail (which is often X-rayed by postal and courier services) or when travelling by air (I’d recommend putting your plate in checked baggage, as if you take it through airport security, it is sure to get the attention and interest of the gate security staff who will see a rather large black rectangle on their X-ray scanners).

Want to get hold of a SeedSleeve for your multi sig setup? We now have them for sale here:

https://www.mineracks.com/shop