Bitcoin’s multisignature (multisig) capability, defined in BIP-11 and later refined through output script policies like sortedmulti in descriptor-based wallets, enables robust self-custody solutions by requiring m-of-n keys to authorize a transaction. In a 2-of-3 configuration, any two of three distinct keys must cooperate to spend funds, offering fault tolerance and strong resistance to single-key compromise.
To further strengthen this setup, many advanced users apply BIP-39 passphrases — an optional 13th or 25th word that augments entropy and acts as a second authentication factor. While passphrases significantly harden against seed phrase compromise, they also introduce additional complexity and risk, particularly in a multi-key environment.
This article provides a technically rigorous breakdown of best practices, security considerations, and operational strategies when incorporating passphrases into a 2-of-3 P2WSH or P2SH-P2WSH multisig wallet.
BIP-39 defines a mnemonic-based method for deriving deterministic keys using a combination of a mnemonic phrase and an optional passphrase. When a passphrase is used, it acts as a salt to the PBKDF2 function that derives the wallet seed from the mnemonic.
The derivation looks like this:
seed = PBKDF2-HMAC-SHA512(
password = mnemonic,
salt = "mnemonic" + passphrase,
iterations = 2048
)
This seed is then passed to BIP-32 to derive the master private key (xprv). The presence or absence of the passphrase completely changes the root seed and the resulting wallet. Thus, the same 24-word mnemonic produces an entirely unrelated wallet depending on whether a passphrase is supplied—and which passphrase is used.
In a multisig configuration, each cosigner uses their own xprv or xpub, and thus the inclusion of a passphrase changes the cosigner’s key contribution to the final redeem script or descriptor.
