[bitcoin-dev] Proposal: Bitcoin Secure Multisig Setup

Hugo Nguyen hugo at nunchuk.io
Tue Feb 9 10:58:06 UTC 2021


On Tue, Feb 9, 2021 at 2:19 AM Christopher Allen <
ChristopherA at lifewithalacrity.com> wrote:

>
>
> On Tue, Feb 9, 2021 at 2:06 AM Hugo Nguyen <hugo at nunchuk.io> wrote:
>
>>
>> I don't think reusing XPUBs inside different multisig wallets is a good
>> idea... For starters, loss of privacy in one wallet will immediately affect
>> privacy of other wallets. I think multisig wallets should be completely
>> firewalled from each other. That means one unique XPUB per wallet. This is
>> what we have been doing with the Nunchuk wallet.
>>
>
> To be clear, I have stated repeatedly that xpub reuse into multisig is a
> poor practice. However, finding a trustless solution when a wallet is
> airgapped with no network, or is stateless like Trezor, is quite hard.
>
> The challenge also includes how does an airgapped or stateless wallet know
> that it is talking to the same process on the other side that that it gave
> the xpub to in the first place. Without state to allow for a commitment, or
> at least a TOFU, a cosigner who thought he was part of a 3 of 5 could
> discover that he instead is in a 2 of 3, or in a script with an OR, as some
> form of scam.
>

The shared secret approach that I mentioned in the proposal actually can
help you here. The TOKEN doubles as a session ID - thereby establishing a
common state on both sides.

Best,
Hugo


>
> — Christopher Allen
>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210209/51b3281e/attachment.html>


More information about the bitcoin-dev mailing list