Author

Topic: Electrum multisig 2of2 on separate machines and both offline(cold storage) (Read 250 times)

HCP
legendary
Activity: 2086
Merit: 4363
I would have to concur with the others... as soon as I read that you created a transaction and signed it from only one of your 2of2 wallets and it was successfully broadcast and confirmed, my immediate reaction was "he has created the wallet using TWO xprv's instead of 1 xprv and 1 xpub".

In other words, your wallet has BOTH sets of private keys, so it is able to provide both signatures when signing a transaction.
hero member
Activity: 1232
Merit: 738
Mixing reinvented for your privacy | chipmixer.com
the fact that on top of your screen it says 2of2 doesn't mean you are providing 1 signature. for instance (i just tested this) when you create a 2of2 wallet the first step creates your key, then in second step it asks  you for the second cosigner key. you can provide it with a master public key (xpub....) and NOT be unable to fully sign on this wallet or you can provide it with a master private key (xprv....) and be able to fully sign the transactions since you are holding both keys and providing 2 signatures.
The fact that watch was setup incorrectly is immaterial. You should never be able to spend from a 2of2 multisig with only 1 signature. Period.
setting up your multisig wallet incorrectly would ultimately grant that wallet ability to fully sign transactions
read pooya87's comment I quoted above,
if you mistakenly provided both xprivs to one wallet, you are NOT having true 2-of-2 multisig wallet
what you thought a wallet with 1 signature, actually owns both keys to sign Undecided
legendary
Activity: 3472
Merit: 10611
The point is that I spent the coins of the 2of2  multisig wallets with 1 sig. Regardless.

the question you are avoiding to answer is that how are you so sure you are providing 1 signature?

the fact that on top of your screen it says 2of2 doesn't mean you are providing 1 signature. for instance (i just tested this) when you create a 2of2 wallet the first step creates your key, then in second step it asks  you for the second cosigner key. you can provide it with a master public key (xpub....) and NOT be unable to fully sign on this wallet or you can provide it with a master private key (xprv....) and be able to fully sign the transactions since you are holding both keys and providing 2 signatures.

try creating a new wallet but this time in step 2 make sure that you are giving it a string that starts with the word "xpub". if you still could sign transactions then we can start digging more to see what the problem is.
newbie
Activity: 18
Merit: 1
The point is that I spent the coins of the 2of2  multisig wallets with 1 sig. Regardless.

Either my multisig  wallets are setup incorrectly(still possible, but I cannot see how), or there is a bug in multisig.  

The fact that watch was setup incorrectly is immaterial. You should never be able to spend from a 2of2 multisig with only 1 signature. Period.

If the cause of this bug is setting up an incorrect watch wallet, then that should be fixed. An attacker can purposely then setup an incorrect watch wallet and steal coins, maybe from any M of N wallet  with just one sig from any of the wallets ?

legendary
Activity: 3710
Merit: 1586
Are you the posting police ?

You half answered my question. Nobody has answered the question fully IMO and it looks to me like a serious security hole.

If someone doesn't answer your question to your satisfaction you should follow up in the same thread instead of creating a new thread in an entirely different forum.

It's not a security hole. You're making a mistake setting up the wallets.

Quote
You said IF I setup my watch correctly with 2 xpubs THEN it will work correctly. Granted, that's correct and I did make a mistake there. But an attacker does not have to do that. They setup watch with 1 xpub , as I did, and then only required 1 sig to drain from both offline 2of2 multisig wallets ! What's the answer to that ? That's quite serious IMO

I set up the offline multisigs correctly, because it says 2of2 in each header and 2of2 of the default multisig in electrum. I apologise in advance if I have made a setup or assumption error, but I don't think so.

Maybe you've made an error in setting up the watch only wallet which is why signing with just one offline wallet is sufficient. I've explained what a watch only wallet with just one xpub means on stack exchange. Perhaps your watch only wallet corresponds to single sig addresses and not multisig ones or it isn't really a watch only wallet. You can view the addresses via view menu > show address and then switch to addresses tab.  Compare them with the addresses on the offline multisig wallets. You can also search this tab using ctrl+f. Are the addresses the same?
newbie
Activity: 18
Merit: 1
Are you the posting police ?

You half answered my question. Nobody has answered the question fully IMO and it looks to me like a serious security hole.

You said IF I setup my watch correctly with 2 xpubs THEN it will work correctly. Granted, that's correct and I did make a mistake there. But an attacker does not have to do that. They setup watch with 1 xpub , as I did, and then only required 1 sig to drain from both offline 2of2 multisig wallets ! What's the answer to that ? That's quite serious IMO

I set up the offline multisigs correctly, because it says 2of2 in each header and 2of2 of the default multisig in electrum. I apologise in advance if I have made a setup or assumption error, but I don't think so.
legendary
Activity: 3710
Merit: 1586
How many places are you going to post this question? You posted it on reddit, stack exchange and now here. Yet you don't read any of the answers given to you. I suggest you read the answer I gave you on stack exchange again. You likely made a mistake setting up the watch only wallet.
newbie
Activity: 18
Merit: 1
Except both multisig wallets have "2of2" named at the top of each wallet, and I checked again the default wallet when creating a multisig in Electrum is 2of2 requiring 2 co-signers(your 2nd image). 

I will just give multisig a miss until I am more confident in it.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
Test1 should be the correct way to sign 2-2 multisig address transactions.

However, Test2 showed that you've created a 2-2 wallet with 1 grayed-out signature slider.
Transactions will require any of the two cosigner's signature, as displayed here:


A normal 2-2 signature should be created with this setting:


It's (the images are) pretty self-explanatory.
legendary
Activity: 3472
Merit: 10611
what is the difference between save and export ?

"save" saves the transaction you just made in your wallet file on the computer you just created it. in other words it will add that transaction to your history as a "local transaction".
"export" exports the transaction to a file with a .txn extension which is basically a JSON file containing your raw transaction. then you can use this file to transfer elsewhere.

i have not used the multisig features of Electrum that much but based on what you are explaining i suppose there is only two possibilities the most possible one is that you imported both keys in your offline wallet and now are signing with both but think you are signing with one because the network will reject your tx as invalid if it was otherwise (signed with 1 but needing 2).
when creating the cold wallet did you give it 1 master private key (xprv) + 1 master public key (xpub)?

the other possibility is that your wallet may not even be a multisignature one.
newbie
Activity: 18
Merit: 1
I am lost sending coins from this multisig wallet.

I use an online watch wallet to create an unsigned send txn, save it to a usb drive.
load unsigned txn into multisig1  , sign it , save and export to usb drive.  (what is the difference between save and export ?)
load signed txn into multisig2. There is no sign option(greyed out) then what ?

I got it to work once after much fiddling, but not sure how to repeat. It is completely un-intuitive and unhelpful IMO.

Update : It gets worse, I tried 3 methods to send the coins , all 3 different, all 3 worked, at least 1 was wrong(1 sig) it still confirmed. Now I'm worried ! I conclude that this does not achieve 2of2 in electrum. You can pretty much do anything as long as you have at least 1 sig, it will confirm.

PS : It says 2of2 at the top of each wallet and I used the other's key to create each multisig wallet respectively. Presumably they are correctly setup.

Test1

1. Online watch wallet-send txn , export to usb
2. Offline multisig1 wallet-load unsigned txn,  sign, save, export
3. Offline multisig2 wallet- load unsigned txn, sign, save, export(this overwrites the prev signed txn file from multisig1 wallet )
4. Load signed txn file from step 3 onto watch wallet and broadcast

Test 2
Only signed on 1 multisig wallet and then broadcast from watch wallet. (sent and confirmed only 1 signature !)

Test3

1. and 2. are the same, but 3. I just loaded the signed txn and then saved and exported it back. Sign button was greyed out.
Jump to: