Home Bitcoin safety – How you can setup a Bitcoin Multisig Pockets securely

safety – How you can setup a Bitcoin Multisig Pockets securely

0
safety – How you can setup a Bitcoin Multisig Pockets securely

[ad_1]

I have been interested by the factors raised within the Nov. 5 2020 article from Benma/Bitbox about How practically all private {hardware} pockets multisig setups are insecure.

Do you agree that the next 2 steps summarize precisely the required (and ample) steps to safe a 2-of-3 Segwit Native (P2WSH) multisig pockets setup earlier than sending any funds to this pockets?

Step 1: Create a protected backup of every xpub by verifying the xpub of every cosigner on a minimum of one {hardware} pockets per cosigner and saving it on paper or in a reliable medium. This step serves 2 functions, the primary being to create a protected backup of the xpubs in case one cosigner ({hardware} pockets and backup) is misplaced. The second objective is to allow the second step (see beneath).

Step 2: Confirm on ALL 3 {hardware} wallets that ALL 3 cosigner xpubs match the verified xpubs that had been obtained within the earlier step. Which means 3×3 = 9 verification steps. This step serves to make it possible for any obtain tackle generated by any of the {hardware} wallets and any change tackle accepted by any of the {hardware} wallets whereas signing transactions are certainly addresses that these 3 cosigners management.

And yet one more query: Is there a way we may ignore these steps with affordable security (assuming e.g. that it is extremely unlikely that malware would concurrently infect e.g. each Sparrow on Desktop in addition to e.g. Nunchuk on Cell) by a intelligent mixture of signing transactions (with a small quantity of Bitcoin despatched to the unsecured pockets) with a number of cosigner {hardware} wallets and on a number of gadgets and wallets?

PS: I am pondering it might be nice to create a {hardware} pockets that permits you to load not solely a single cosigner seed phrase onto the gadget, however as well as all of the remaining cosigner seedphrases for the multisig setup when registering the multisig pockets with anyone {hardware} pockets. The {hardware} pockets wouldn’t hold any non-public keys of the extra cosigners, however would use the extra seedphrases to calculate and save the xpubs wanted for this multisig pockets registrations, eliminating the necessity for all of the handbook xpub verification at setup. A easy test that the cosigner {hardware} wallets all generate the identical obtain addresses could be greater than sufficient to achieve confidence that they’re all setup accurately. Handbook verification would nonetheless be wanted for the xpub backups, however any of the cosigner {hardware} wallets may show and generate a full backup for you.

[ad_2]

LEAVE A REPLY

Please enter your comment!
Please enter your name here