Pages:
Author

Topic: A small problem with a multi sig wallet (Read 316 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 05, 2022, 07:39:17 AM
#22
No, I realised that would be impossible, tried different ways, even if I learned that it may be possible to get a infinite list (still impossible) of addresses just with 2 of them and by luck to be able to sign a reedem script.
Do you have the 3 individual public keys that are used to generate the multi-sig address?
Do you have 2 out of the 3 seed phrases? (or private keys)

If it's a yes to both, you can recover your money. If you don't have 1 out of the 3 individual public keys, then you can create infinite addresses. The task of finding your multi-sig address' lost public key is equal to searching for an address by picking random public keys. You're never gonna make it.

Note that I'm using the term individual to distinguish it from the master public key.
legendary
Activity: 2268
Merit: 18771
March 05, 2022, 07:36:51 AM
#21
For sure 2-3 multi sig in bitcoin is not worth it.
I wouldn't say that. A multi-sig set up, while more complicated to use and recover than a single-sig set up, provides some unique benefits and can also provide a lot of additional security. The problem is that a lot of users, like yourself, are unaware of the need to have all the xpubs for recovery, and therefore the requirement for every signatory in the multi-sig set up to back up every other xpub along with their own seed phrase. For a 2-of-3 set up, the simplest way of backing things up would be as follows:

Back up 1: seed A, xpub B, xpub C
Back up 2: xpub A, seed B, xpub C
Back up 3: xpub A, xpub B, seed C
member
Activity: 429
Merit: 52
March 05, 2022, 06:59:14 AM
#20
Ahh ok. So you haven't generated the xpub at all. What you have done is import the three individual public keys, and the app in question has used those three individual public keys to recover the necessary address. After this you imported the two seed phrases, which allowed you to a sign a transaction from the address.

For my own interest, what was the name of the app you used?

No, I realised that would be impossible, tried different ways, even if I learned that it may be possible to get a infinite list (still impossible) of addresses just with 2 of them and by luck to be able to sign a reedem script. For sure 2-3 multi sig in bitcoin is not worth it.
legendary
Activity: 2268
Merit: 18771
March 05, 2022, 06:51:04 AM
#19
Ahh ok. So you haven't generated the xpub at all. What you have done is import the three individual public keys, and the app in question has used those three individual public keys to recover the necessary address. After this you imported the two seed phrases, which allowed you to a sign a transaction from the address.

For my own interest, what was the name of the app you used?
member
Activity: 429
Merit: 52
March 05, 2022, 06:32:01 AM
#18
Managed to generate an xpub with many attempts with the public key.
Do you want to explain exactly what you did? It is not possible to generate a master public key (xpub...) from an individual public key (02..., 03..., or 04...), so you have mistaken your terminology somewhere.

Basically used an app which actually has multi sig wallet, all we had was at first to enter pub key 02...03..04 ABC in order, after we have imported the seed phrases of 2 addresses it showed like the users to sign it, approve it, we approved 2 out of 3 keys and that was it.

It may be possible but not sure as of this moment that we might've used another version of this app or something similar. I can send by PM if it may help you in the future.
legendary
Activity: 2268
Merit: 18771
March 03, 2022, 08:06:14 AM
#17
Managed to generate an xpub with many attempts with the public key.
Do you want to explain exactly what you did? It is not possible to generate a master public key (xpub...) from an individual public key (02..., 03..., or 04...), so you have mistaken your terminology somewhere.
member
Activity: 429
Merit: 52
March 03, 2022, 07:15:56 AM
#16
if you don't have public keys you need redeem script anyway

I actually managed it, it was quite a big ammount over 3btc+ so the stress was 24/7.

Managed to generate an xpub with many attempts with the public key. Not going to use multi sig between 3 parties ever, it's bullshit.

Thanks very much to o_e_l_e_o for all the effort he showed in helping out! Also thanks to nc50lc, I may need coinlib in the future.

Thank you guys! I'll not lock the thread, maybe someone will have same issue in the future.
member
Activity: 351
Merit: 37
March 03, 2022, 05:41:57 AM
#15
if you don't have public keys you need redeem script anyway
legendary
Activity: 2268
Merit: 18771
March 02, 2022, 09:30:06 AM
#14
Quote
Do you know if the private key corresponds to a single address you are trying to access?
This one I don't understand what you mean.
Master private and public keys recover an entire wallet. Individual private and public keys only recover a single address. If you have the individual private keys and public keys which all correspond to the same address, then you have a change of recovery here. If the keys correspond to the wrong address, then you have have no chance of recovery. If you don't know if the keys correspond to the right address or not, then we'll just have to experiment and find out.

Do your two private keys start with Yprv, Zprv, 5, K, L, or something else entirely?
What wallet software did you use to create the multisig wallet in the first place?
member
Activity: 429
Merit: 52
March 02, 2022, 08:46:40 AM
#13


Quote
Do you know if the private key corresponds to a single address you are trying to access?
This one I don't understand what you mean.

Quote
Are your two public keys individual public keys (which begin with 02, 03, or 04) or master public keys (which begin with Ypub or Zpub)?
They are public keys but also I have the master keys.
legendary
Activity: 2268
Merit: 18771
March 02, 2022, 06:43:51 AM
#12
You also said that in the case of 2-of-3 multisig, (three) wallets exchange master public keys with each other, which means any of three wallets will generate exactly the same set of public keys. Doesn't it also mean that wallets don't need the third wallet (seed phrase or master private key) to exist because they already keep the information about its master public key?
Absolutely correct. If you create a 2-of-3 multisig in Electrum, for example, then each of the three wallets will contain one seed phrase and the other two master public keys. This means that each of the three wallets contain all the necessary public keys, and so any two of these wallets can sign a transaction. Even if you lose the third wallet entirely, the other two can still generate new addresses and sign transactions.

Seems like btc doesn't work like eth where you need only 2 of the 3 private keys to recover a multi sign.
No, you need all three public keys.

But the problem is, even if I use they public compressed key to find out the hex value of it which may help me in a way, I don't get all the addresses generated by the electrum.
Turning your compressed WIF private key in to a hexadecimal key achieves nothing useful.

You need to answer the questions we have asked you above:
Do you know if the private key corresponds to a single address you are trying to access?
Are your two public keys individual public keys (which begin with 02, 03, or 04) or master public keys (which begin with Ypub or Zpub)?
member
Activity: 429
Merit: 52
March 02, 2022, 05:33:34 AM
#11
Seems like btc doesn't work like eth where you need only 2 of the 3 private keys to recover a multi sign. Anyway my plan was to:

1. generate reedem script using the public compress key: - > value:
2. with it to generate in js a raw transaction. But here as i understood I need only 2 keys when i broadcast the transaction

Code:
const multisig = createPayment('p2sh-p2ms(2 of 3)'); const inputData1 = await getInputData([2e4], multisig.payment, false, 'p2sh'); { const { [tx_hash], [index], true, [redeemScript], } = inputData1; } const psbt = new bitcoin.Psbt({ network: mainnet }) .addInput(inputData1) .addOutput({ address: [receiveAddress] value: [1e4], }) .signInput(0, [privateKey_BTC_B]) .signInput(0, [privateKey_BTC_C]); assert.strictEqual(psbt.validateSignaturesOfInput(0), true); assert.strictEqual( psbt.validateSignaturesOfInput(0, multisig.keys[0].publicKey), true, ); assert.throws(() => { psbt.validateSignaturesOfInput(0, multisig.keys[1].publicKey); }, new RegExp('No signatures for this pubkey')); psbt.finalizeAllInputs(); const tx = psbt.extractTransaction(); //broadacast tx.toHex();

But the problem is, even if I use they public compressed key to find out the hex value of it which may help me in a way, I don't get all the addresses generated by the electrum.
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
March 02, 2022, 12:35:14 AM
#10
Let's use a 2-of-3 multisig as an example. Each of the three wallets creates a seed phrase, and from that seed phrase a master private key and a master public key. They all share their master public keys with each other. To generate the first address, each wallet will derive the first child public key at the necessary derivation path from each of those three master public keys, and then combine those three child public keys in a script which essentially says "signatures required for 2 out of 3 of these keys". It hashes that script, and that is the first address in the multisig wallet. It can then do the same thing with the second child public key from each master public key to create the second address in the wallet, and so on. It is individual public keys which are combined together in locking scripts, not the master public keys.
That pretty much explains why we need all three master public keys to recreate all the addresses that have funds on them locked, thank you. Yeah, it totally slipped my mind that a bitcoin address may be a hash of a public key or of something else, for example, a more complex script like in our case. You also said that in the case of 2-of-3 multisig, (three) wallets exchange master public keys with each other, which means any of three wallets will generate exactly the same set of public keys. Doesn't it also mean that wallets don't need the third wallet (seed phrase or master private key) to exist because they already keep the information about its master public key? I mean, wallets need to store this information somewhere to generate new addresses, and owners of two remaining wallets should be able to find it and recreate a multisig wallet?
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
March 01, 2022, 11:55:32 PM
#9
-snip-
I have access to 2 of the 3 private keys, and i have all 3 public keys but not 1 of the xpub. How can I restore it?
You can use coinb.in's multisig tool to re-create the MultiSig address: coinb.in/#newMultiSig
Use "New->Transaction" to create a transaction using the redeem script; then the "Sign" tab to sign the RAW Transaction.
However, it only supports P2SH and not P2WSH (SegWit).

I'd recommend to use it offline during the part when you need to paste the private keys (e.g. when signing the transaction).
Run from the source: https://github.com/OutCast3k/coinbin/


But something tells me that you have the "master private keys" (Yprv / Zprv) instead of "private keys".
In which case, you'll have to get the address' private keys from the master keys first to be able to sign it (will add a few extra steps).
If not disregard this part.
legendary
Activity: 2268
Merit: 18771
March 01, 2022, 11:06:15 AM
#8
but no one explains why the third public key is required and how all the keys and addresses are generated. I tried to google the answer but been so far unsuccessful. The only information I found was how to create a multisignature address using several public keys, but how to do that deterministically? I mean, I have some basic understanding of how key generation in deterministic wallets works, but multisignature scheme where more than one seed is involved appears more challenging to comprehend.
Let's use a 2-of-3 multisig as an example. Each of the three wallets creates a seed phrase, and from that seed phrase a master private key and a master public key. They all share their master public keys with each other. To generate the first address, each wallet will derive the first child public key at the necessary derivation path from each of those three master public keys, and then combine those three child public keys in a script which essentially says "signatures required for 2 out of 3 of these keys". It hashes that script, and that is the first address in the multisig wallet. It can then do the same thing with the second child public key from each master public key to create the second address in the wallet, and so on. It is individual public keys which are combined together in locking scripts, not the master public keys.

I have the compressed public key of the 3rd wallet only, but not xpub as asked by electrum
And this public key corresponds to the address you need to access? Are the two private keys you have individual private keys or master private keys?
member
Activity: 429
Merit: 52
March 01, 2022, 09:19:30 AM
#7
If it's 2 of 3 multisig wallets I think you can make a raw transaction that you can sign with those two private keys and broadcast it manually.
I don't know if I'm right I read it from the old post from this link below
You're not right, I'm afraid.

Yes, you only need 2 of the 3 private keys to be able to a sign a 2-of-3 transaction, but you still need some information from the 3rd key to be able to reconstruct the wallet. If you do not have the 3rd seed phrase, private key, or public key backed up, then the only way you can create and sign a transaction is by having an actual wallet file which contains the necessary data.

It sounds like OP has two private keys and one public key. If any of these are individual keys, then he can only recreate and spend from a single address. If all of these are master keys, then he can recreate and spend from the entire wallet.

I have the compressed public key of the 3rd wallet only, but not xpub as asked by electrum
legendary
Activity: 2464
Merit: 4415
🔐BitcoinMessage.Tools🔑
March 01, 2022, 08:30:51 AM
#6
Sorry, but I am not familiar with multisignature wallets and never have tried to create one. So, I have a question... Everyone is talking about the necessity to have at least 2 master private keys and all 3 master public keys in order to recreate a hierarchical deterministic wallet with multisignature scheme, but no one explains why the third public key is required and how all the keys and addresses are generated. I tried to google the answer but been so far unsuccessful. The only information I found was how to create a multisignature address using several public keys, but how to do that deterministically? I mean, I have some basic understanding of how key generation in deterministic wallets works, but multisignature scheme where more than one seed is involved appears more challenging to comprehend. My guess is that several people firstly generate their own seeds and corresponding private and public master keys, secondly, they collaborate and create a single public master key by combining three previously generated public keys, thirdly, from a freshly created master public key, they can generate as many child public keys as they want... Am I close to the truth? Please, explain...
legendary
Activity: 2268
Merit: 18771
March 01, 2022, 07:46:24 AM
#5
If it's 2 of 3 multisig wallets I think you can make a raw transaction that you can sign with those two private keys and broadcast it manually.
I don't know if I'm right I read it from the old post from this link below
You're not right, I'm afraid.

Yes, you only need 2 of the 3 private keys to be able to a sign a 2-of-3 transaction, but you still need some information from the 3rd key to be able to reconstruct the wallet. If you do not have the 3rd seed phrase, private key, or public key backed up, then the only way you can create and sign a transaction is by having an actual wallet file which contains the necessary data.

It sounds like OP has two private keys and one public key. If any of these are individual keys, then he can only recreate and spend from a single address. If all of these are master keys, then he can recreate and spend from the entire wallet.
legendary
Activity: 3472
Merit: 3217
Playbet.io - Crypto Casino and Sportsbook
March 01, 2022, 07:20:21 AM
#4
Problem is the 3rd person is not alive anymore. We only have his public key available at this moment which is compressed. The project we started was 2 out of 3 multi sign transaction, but more than 1 year passed since.



If it's 2 of 3 multisig wallets I think you can make a raw transaction that you can sign with those two private keys and broadcast it manually.
I don't know if I'm right I read it from the old post from this link below

- https://bitcointalksearch.org/topic/m.50299299

Where you can make a transaction and only sign it with 2 private keys.
member
Activity: 429
Merit: 52
March 01, 2022, 04:38:17 AM
#3
I have access to 2 of the 3 private keys, and i have all 3 public keys but not 1 of the xpub. How can I restore it?
Assuming you want to recover a deterministic 2of3 multisig wallet you need to know
1. All 3 master public keys (xpub)
2. At least 2 of the master private keys (xprv or seed phrase)

If you only have individual private and public keys, all you can recover is a single address not the whole wallet.
You can't recover xpub (master public key) by only having child public keys.
If it is not 2of3 then you need the appropriate number of keys. For example for 3of5 you need 5 public keys and 3 private keys.

Problem is the 3rd person is not alive anymore. We only have his public key available at this moment which is compressed. The project we started was 2 out of 3 multi sign transaction, but more than 1 year passed since.
Pages:
Jump to: