Pages:
Author

Topic: Electrum multisig for long-term cold storage - page 2. (Read 540 times)

jr. member
Activity: 59
Merit: 31
Quote
I would also be careful making any multisig setup with hardware wallets like ledger or trezor, that are not fully supporting it or they shown some issues in past.

Just thinking about this again after watching Jameson Lopp's interview with Peter McCormack. He makes the point that Casa help protect against "breakable changes" that could happen if wallet vendors make a bad update to their software. However, I had always thought that, so long as I have all seed phrases to fulfil a quorum, it doesn't matter whether the vendors create changes that disrupt the devices' multisig capabilities?
jr. member
Activity: 59
Merit: 31
December 11, 2022, 07:02:58 AM
#25
Ah got it, thank you.
legendary
Activity: 2268
Merit: 18771
December 11, 2022, 06:13:14 AM
#24
Why is this? I had assumed that if all three HD were corrupt I could just import the seeds into three new devices.
You can of course, provided you have three new devices in which to import your seed phrases.

If you were in the situation where your hardware wallets were lost/stolen, and you needed access to your coins urgently (before you had time to order three new hardware wallets and wait for their delivery or purchase three second hand laptops or similar), then your only option would be recover all the seed phrases in to the same wallet.
jr. member
Activity: 59
Merit: 31
December 11, 2022, 04:51:54 AM
#23
Quote
if your hardware wallets have issues you may have to recover every back up to the same device

Why is this? I had assumed that if all three HD were corrupt I could just import the seeds into three new devices.
jr. member
Activity: 59
Merit: 31
December 06, 2022, 09:25:13 AM
#22
Quote
Seems reasonable. When you say "one key kept nearby", is this on another device or just on paper? Because as above, if you need to import this key on to the same device which is already holding another key every time you want to spend, you are losing much of the benefit of a multi-sig, which is to spread your keys across different devices and remove a single point of failure.

I mean one key would be kept on a HD nearby. Though having one key permanently on the signing machine obviously means you are particularly vulnerable in a 2-of-3 setup. Maybe best to not have one key on the signing device.

----

One question that I just thought of is, could an air gapped HD that can sign with a QR code (such as Passport or KeyStone) sign an Electrum multisig transaction remotely?
legendary
Activity: 2268
Merit: 18771
December 06, 2022, 07:50:34 AM
#21
But I guess so long as I have the backups for the wallets, it doesn't matter so much if the HDs have issues? Yes, I'm thinking about air gapped wallets/general setup.
As long as you have your back ups you will be able to recover your wallets, but if your hardware wallets have issues you may have to recover every back up to the same device, which removes the security of a multi-sig wallet.

Keeper (https://www.bitcoinkeeper.app/) seem to be developing something that probably suits what I'm looking for. It's still in testnet mode however.
Is it open source? They link to a GitHub, but it doesn't seem like any of the repositories are for that wallet.

This would seem to be better than a single sig wallet with multiple backups as there is no single point of failure.
Seems reasonable. When you say "one key kept nearby", is this on another device or just on paper? Because as above, if you need to import this key on to the same device which is already holding another key every time you want to spend, you are losing much of the benefit of a multi-sig, which is to spread your keys across different devices and remove a single point of failure.
jr. member
Activity: 59
Merit: 31
December 06, 2022, 02:50:13 AM
#20
Quote
I would also be careful making any multisig setup with hardware wallets like ledger or trezor, that are not fully supporting it or they shown some issues in past.
Other hardware wallets are much better for multisig, especially if they are airgapped like Passport or Keystone.

But I guess so long as I have the backups for the wallets, it doesn't matter so much if the HDs have issues? Yes, I'm thinking about air gapped wallets/general setup.

Quote
can't recommend specific wallets for iOS since I've never used any myself, but there will be a number of wallets which support multi-sig which could be used to make your phone one part of a multi-sig wallet. A subset of those wallets which support multi-sig will also have support for your chosen hardware wallet, if instead you want to make your hardware wallet one part of a multi-sig but interface with it via your phone.

Keeper (https://www.bitcoinkeeper.app/) seem to be developing something that probably suits what I'm looking for. It's still in testnet mode however.

----

I'm now thinking about the following setup:

An air-gapped machine that I use to sign. One key kept on there, and one key kept nearby.

An online machine with a watch-only wallet. Importing the transactions to the air-gapped machine to sign, importing the signed transactions to the online machine and broadcasting.

Backups (seeds and wallet file) and one other key kept remotely.

This would seem to be better than a single sig wallet with multiple backups as there is no single point of failure.
legendary
Activity: 2268
Merit: 18771
December 05, 2022, 02:48:51 PM
#19
So, Electrum doesn't seem to have an iOS app. I'm trying Bluewallet, but it seems it's impossible to use with a Trezor One or Ledger.

I'm at a loss as to how to incorporate a key on my phone into a multisig setup.
Well, that depends if you want to use a key stored on your phone, or if you want to use a key stored on a hardware wallet which you access via your phone.

I can't recommend specific wallets for iOS since I've never used any myself, but there will be a number of wallets which support multi-sig which could be used to make your phone one part of a multi-sig wallet. A subset of those wallets which support multi-sig will also have support for your chosen hardware wallet, if instead you want to make your hardware wallet one part of a multi-sig but interface with it via your phone.
legendary
Activity: 2212
Merit: 7064
December 05, 2022, 02:48:37 PM
#18
Thank you all for your replies. I guess the most fail-safe way of creating an inviolable multisig wallet would be to do it through Bitcoin Core? Given that that is likely above my technical capabilities at present, I could just keep a copy of Electrum backed up.
You can use any wallet you want but I don't think Bitcoin Core is good option unless you already running your own node, you will have to wait a very long time for sync to complete and blockchain to be downloaded.
I would also be careful making any multisig setup with hardware wallets like ledger or trezor, that are not fully supporting it or they shown some issues in past.
Other hardware wallets are much better for multisig, especially if they are airgapped like Passport or Keystone.

So, Electrum doesn't seem to have an iOS app. I'm trying Bluewallet, but it seems it's impossible to use with a Trezor One or Ledger.
One more option for Android wallet would be Airgap.it that is open source, but this wouldn't be my primary choice.
I think it's working for multisig setup, but I can't vouch for this.
jr. member
Activity: 59
Merit: 31
December 05, 2022, 02:13:18 PM
#17
Quote
BlueWallet works with Coldcard and CoboVault. According to the information on their website, it only works with hardware Wallets that support PSBT's.

Blockstream Green has support for hardware wallets. You could try that one.
Mycelium does as well but it doesn't work with iOS devices.

Thanks for this.
legendary
Activity: 2730
Merit: 7065
December 05, 2022, 10:57:47 AM
#16
I'm trying Bluewallet, but it seems it's impossible to use with a Trezor One or Ledger.

I'm at a loss as to how to incorporate a key on my phone into a multisig setup.
BlueWallet works with Coldcard and CoboVault. According to the information on their website, it only works with hardware Wallets that support PSBT's.

Blockstream Green has support for hardware wallets. You could try that one.
Mycelium does as well but it doesn't work with iOS devices.
jr. member
Activity: 59
Merit: 31
December 05, 2022, 08:01:14 AM
#15
I'm not sure what you mean by a "mobile key", but you can certainly use Electrum on mobile to generate and restore one part of a multi-sig wallet.

Yes, I mean a key that is held on the mobile phone.



So, Electrum doesn't seem to have an iOS app. I'm trying Bluewallet, but it seems it's impossible to use with a Trezor One or Ledger.

I'm at a loss as to how to incorporate a key on my phone into a multisig setup.
legendary
Activity: 2268
Merit: 18771
December 05, 2022, 07:43:30 AM
#14
Can I generate a mobile key in Electrum? That would definitely address the access issue.
I'm not sure what you mean by a "mobile key", but you can certainly use Electrum on mobile to generate and restore one part of a multi-sig wallet.

Yes, I guess I was thinking along the lines of redundancy. However, I hadn't factored in the scenarios where without the custodied keys you would only need to lose two items to prevent access to the wallet.
Yeah, you should always have more than one back up of every part, so for a 2-of-3 multi-sig that means at a minimum 6 different back ups. With such a scenario, you could lose any 3 back ups and still regain access to your wallet.
jr. member
Activity: 59
Merit: 31
December 05, 2022, 06:42:40 AM
#13
Quote
It seems to me you could achieve the same with a 2-of-3 multi-sig involving your mobile phone, a hardware wallet, and a paper wallet/back up stored somewhere else which would take a bit of time to be accessed.

Interesting, I didn't think this was possible. Can I generate a mobile key in Electrum? That would definitely address the access issue.

Quote
I don't follow your meaning here. 2-of-3 is always 2-of-3, regardless of how many back ups you generate or where those back ups are stored.

Yes, I guess I was thinking along the lines of redundancy. However, I hadn't factored in the scenarios where without the custodied keys you would only need to lose two items to prevent access to the wallet.

Quote
It's not the recovery process that is the issue with closed source wallets. It's that you have no idea how the wallet was generated in the first place. Did it use a poor source of entropy? How do you know it didn't give you a seed phrase from a list of possible seed phrases that someone else possesses? How do you know it hasn't transmitted your seed phrase to Casa's servers or some other third party? These are not just hypotheticals - these are all things that have happened in the past with closed source wallets.

I really hadn't considered any of this, thank you. I'm definitely erring on the side of setting up an entirely self-sovereign multisig.
legendary
Activity: 2268
Merit: 18771
December 05, 2022, 06:24:49 AM
#12
Closed source, yes. But I have all the derivation paths and xpubs for the multisig address that I can import to an open source wallet.
It's not the recovery process that is the issue with closed source wallets. It's that you have no idea how the wallet was generated in the first place. Did it use a poor source of entropy? How do you know it didn't give you a seed phrase from a list of possible seed phrases that someone else possesses? How do you know it hasn't transmitted your seed phrase to Casa's servers or some other third party? These are not just hypotheticals - these are all things that have happened in the past with closed source wallets.

I'm also not sure a completely self custodied 2 of 3 setup beats a collaborative 3 of 5 setup.
Well, that's a personal decision, but I would always opt for the set up which does not depend on third parties.

Establishing a completely self custodied 2 of 3 would essentially be a 2 of 6 if my seeds were also dispersed.
I don't follow your meaning here. 2-of-3 is always 2-of-3, regardless of how many back ups you generate or where those back ups are stored.

In an emergency situation, I'd use the mobile key, the Casa sovereign recovery key (which comes with a 48-hour delay to avoid wrench attacks) and the one HD. This seems to retain the benefits of a multisig setup.
It seems to me you could achieve the same with a 2-of-3 multi-sig involving your mobile phone, a hardware wallet, and a paper wallet/back up stored somewhere else which would take a bit of time to be accessed.
jr. member
Activity: 59
Merit: 31
December 04, 2022, 01:12:20 PM
#11
Closed source, yes. But I have all the derivation paths and xpubs for the multisig address that I can import to an open source wallet.

I'm also not sure a completely self custodied 2 of 3 setup beats a collaborative 3 of 5 setup. Having the seeds for the latter basically makes it 3 of 6 if Casa went offline. Establishing a completely self custodied 2 of 3 would essentially be a 2 of 6 if my seeds were also dispersed. However, the problem with the latter is that if the keys and seeds were dispersed enough to provide robust security, accessing the funds in an emergency could be problematic.

In an emergency situation, I'd use the mobile key, the Casa sovereign recovery key (which comes with a 48-hour delay to avoid wrench attacks) and the one HD. This seems to retain the benefits of a multisig setup.
legendary
Activity: 2268
Merit: 18771
December 04, 2022, 05:58:26 AM
#10
My current multisig is with Casa.
Then I think you should continue down the path of moving to a better system. Casa is closed source, holds one of your keys for you, and (correct me if I'm wrong) but you have to pay them $120 a year for the privilege of them holding one of your keys for you. None of these are good thigns.

However, on reflection, I think my relative lack of technical expertise may be more of a threat to my multisig security than Casa becoming a bad actor.
Maybe at the moment, sure. But the fact that you have self identified this means you are already well on the way to being able to address your lack of expertise. An entirely self hosted solution will always be preferable to one which depends on third parties.

With my current setup, I only need to have access to one physical key.
Well then you've already lost most of the benefits that a multi-sig solution brings.
jr. member
Activity: 59
Merit: 31
December 04, 2022, 04:22:30 AM
#9
My current multisig is with Casa. I thought for the sake of absolute self sovereignty/privacy, etc., I would explore the option of establishing a multisig address myself. However, on reflection, I think my relative lack of technical expertise may be more of a threat to my multisig security than Casa becoming a bad actor. Then there is the trade off between a more secure setup being correlated to the keys being more geographically dispersed and the ease of access to funds in a situation where travel is hard. With my current setup, I only need to have access to one physical key. The one vulnerability is the seedless setup they encourage, but I can easily overcome that by replacing the current seedless keys with new keys and have their seeds backed up.



Thank you all for your replies. I guess the most fail-safe way of creating an inviolable multisig wallet would be to do it through Bitcoin Core?
Bitcoin Core doesn't support HD MultiSig wallet so it'll be tricky to backup multiple MultiSig addresses.
No GUI option or menu for MultiSig as well, you'll have to operate using commands.

The sovereign recovery info for my current multisig setup directs me to use p2sh-segwit on Electrum with derivation path m/49, not m/1. All keys on my current setup use BIP-39 passphrases, which I successfully tested when one of my keys became corrupted. Can I establish a multisig quorum by just inputting the BIP-39 seeds of my wallets?
Yes, Electrum can restore from BIP39 seed phrase and BIP39 passphrase, just enable the options "BIP39 seed" and "Extend this seed with custom words" when importing the seed phrases(s).
Next to that, type the BIP39 passphrase when prompted for the "seed extension".
After that, you'll have to select the correct script type and then edit the derivation path if it's different from the default for P2SH-SegWit MultiSig - m/48'/0'/0'/1'.
But yours is probably more than just m/49 since it's usually the extended master key at BIP38 derivation path's 'script type' level (check your wallet for the correct path).

Appreciate this, thanks

[moderator's note: consecutive posts merged]
legendary
Activity: 2268
Merit: 18771
December 03, 2022, 08:47:59 AM
#8
The sovereign recovery info for my current multisig setup directs me to use p2sh-segwit on Electrum with derivation path m/49, not m/1.
What is your current multi-sig set up? Why is that insufficient and why are you planning to change?

The derivation path you need to use to recover an existing multi-sig set up is dependent on how it was created in the first place, not on which software you are using to recover it. As I said above, if you create an Electrum segwit multi-sig wallet using Electrum seed phrases, it will use m/1' If you create an Electrum segwit multi-sig wallet using BIP39 seed phrases, it will use either m/48'/0'/0'/1' or m/48'/0'/0'/2' for P2SH and P2WSH respectively. If you recover an existing segwit multi-sig wallet using Electrum, then you'll need to use whatever derivation path your original software used when first establishing the multi-sig wallet. If it tells you to use m/49' (or more likely m/49'/0'/0'), then use that.

All keys on my current setup use BIP-39 passphrases, which I successfully tested when one of my keys became corrupted. Can I establish a multisig quorum by just inputting the BIP-39 seeds of my wallets?
The BIP39 seeds and any associated passphrases, yes. But be aware that by importing all of these in the same wallet, then you remove all the additional security that multi-sig brings by having all the keys necessary to spend your coins contained within the same wallet on the same device.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
December 02, 2022, 11:18:43 PM
#7
Thank you all for your replies. I guess the most fail-safe way of creating an inviolable multisig wallet would be to do it through Bitcoin Core?
Bitcoin Core doesn't support HD MultiSig wallet so it'll be tricky to backup multiple MultiSig addresses.
No GUI option or menu for MultiSig as well, you'll have to operate using commands.

The sovereign recovery info for my current multisig setup directs me to use p2sh-segwit on Electrum with derivation path m/49, not m/1. All keys on my current setup use BIP-39 passphrases, which I successfully tested when one of my keys became corrupted. Can I establish a multisig quorum by just inputting the BIP-39 seeds of my wallets?
Yes, Electrum can restore from BIP39 seed phrase and BIP39 passphrase, just enable the options "BIP39 seed" and "Extend this seed with custom words" when importing the seed phrases(s).
Next to that, type the BIP39 passphrase when prompted for the "seed extension".
After that, you'll have to select the correct script type and then edit the derivation path if it's different from the default for P2SH-SegWit MultiSig - m/48'/0'/0'/1'.
But yours is probably more than just m/49 since it's usually the extended master key at BIP38 derivation path's 'script type' level (check your wallet for the correct path).
Pages:
Jump to: