add LND-onchain-wallet-only backup

backups/lnd-onchain-wallet-only.md

@@ -0,0 +1,39 @@
+# LND single seed multi-location backup scheme for the onchain funds only
+
+The aim is to create a redundant backup where the secret can be restored from any two locations.  
+If someone in charge bootstrapping an LND node can use this method to share the parts with 3 other people who will not be able to restore the wallet alone.
+
+The 24 words seed should not be split in more than 2 parts as 8 words are close to be brute-forceable.
+
+For the Cypher Phrase a good option is to use 12 words from the standard wordlist to ease the offline backup and keep the security of parts roughly the same.  
+An example to generate 12 words separated by spaces using a [diceware](https://github.com/ulif/diceware#diceware) sourcing the entropy from  `/dev/urandom` :
+```
+$ sudo apt install diceware
+$ diceware -n 12 -d' ' --no-caps
+```
+Note that the password asked first when generating the wallet is only used to encrypt the file and not relevant to the secret itself.
+
+More on LND wallet recovery: <https://github.com/lightningnetwork/lnd/blob/master/docs/recovery.md>  
+LND seed format (different from Bip39 or Electrum): <https://github.com/lightningnetwork/lnd/tree/master/aezeed>  
+Test at https://guggero.github.io/cryptography-toolkit/#!/aezeed  
+
+---
+## Full backup required to restore
+* Seed (24 words - split in two)
+  * Seed words #1 - #12
+  * Seed words #13 - #24
+* Cypher Phrase (aka passphrase)
+
+---
+## Packages for a 2-of-3 setup
+### Location 1
+* Seed words #1 - #12
+* Cypher Phrase
+
+### Location 2
+* Seed words #13 - #24
+* Cypher Phrase
+
+### Location 3
+* Seed words #1 - #12
+* Seed words #13 - #24