How to check I have the seeds of my multisig 2/3

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: unknowncustomer on July 17, 2023, 01:26:32 PM

For example, I first sign a transaction with seed 1. Then I sign this transaction with seed 2. The transaction is valid because it is a 2 out of 3 multisig.
Then I copy the first transaction and signed it with seed 3 this time (instead of seed 2).
So now I have two signed transaction (actually this is the same transaction). Every signature is done offline on my airgapped computer.
What « happened » if I then don’t broadcast this or these two transactions over the internet ? Is it ok ?

Yeah, its fine unless someone broadcasts it. The two signed transactions are both valid and either of them can be broadcasted at any point in time. If for some reason, you didn't manage these two transactions properly and someone else gets access to it, they can still broadcast it because they are valid.

These two transaction are valid until any of the inputs in that signed transaction gets spent.

apogio

sr. member

Activity: 406

Merit: 896

Quote from: unknowncustomer on July 17, 2023, 01:26:32 PM

For example, I first sign a transaction with seed 1. Then I sign this transaction with seed 2. The transaction is valid because it is a 2 out of 3 multisig.
Then I copy the first transaction and signed it with seed 3 this time (instead of seed 2).
So now I have two signed transaction (actually this is the same transaction). Every signature is done offline on my airgapped computer.
What « happened » if I then don’t broadcast this or these two transactions over the internet ? Is it ok ?

If you are afraid that you may have privacy issues broadcasting transactions, since you need internet for this purpose, I suggest running your own node + electrum server. Then connect a wallet, like Sparrow for example, to your personal electrum server using TOR. I think you can't really do much more to avoid connecting to the internet at all. Bitcoin needs the internet.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: unknowncustomer on July 17, 2023, 01:26:32 PM

What « happened » if I then don’t broadcast this or these two transactions over the internet ? Is it ok ?

If you don't broadcast the transactions, then nothing happens. The network never learns about them, your coins never move, and you pay no fees. As far as the wider network is concerned, those transaction do not exist until you broadcast them. If you never broadcast them and delete them instead, then it is as if they never existed.

unknowncustomer

jr. member

Activity: 48

Merit: 27

For example, I first sign a transaction with seed 1. Then I sign this transaction with seed 2. The transaction is valid because it is a 2 out of 3 multisig.
Then I copy the first transaction and signed it with seed 3 this time (instead of seed 2).
So now I have two signed transaction (actually this is the same transaction). Every signature is done offline on my airgapped computer.
What « happened » if I then don’t broadcast this or these two transactions over the internet ? Is it ok ?

tcash

newbie

Activity: 4

Merit: 0

Yes. if 3rd device is a Coldcard MK4 (I highly recommend) go to "Advanced" menu > "Danger Zone" > "Seed Functions" > "View Seed Words"

You should have written down the Electrum seeds to verify.

if 2nd hardware device is a Coldcard MK4 ....repeat *Above*

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: Abdussamad on July 12, 2023, 10:50:13 AM

No they don't. You need all the words and in the right order.

Yep, with relative ease but not directly of course. Though you could mistype one or two of the words and still be able to recover it since they are still using the same fixed wordlist. If you miss out a word or two, that's still fine. You can't get the correct versioning without a few specific phrases which would automatically eliminate most of the seeds without the need for further key derivation.

Jumbling them up sounds quite intentional, so that shouldn't be too much of an issue.

Abdussamad

legendary

Activity: 3584

Merit: 1560

Quote from: ranochigo on July 11, 2023, 09:41:19 AM

Not necessarily.

Your seeds have a certain threshold of redundancy, where you can afford to get a word or two wrong while still being able to recover them with relative ease.

No they don't. You need all the words and in the right order.

apogio

sr. member

Activity: 406

Merit: 896

Quote from: hosseinimr93 on July 12, 2023, 08:02:26 AM

Quote from: apogio on July 12, 2023, 07:50:28 AM

Make sure to back up your 3 xpubs as well. In case you lose one of your seeds, if you don't have all the 3 xpubs, you will not be able to recover your keys, even if 2 out of 3 seeds are needed to sign transactions.

To be more accurate, if you lose one of the seed phrases, you will need the master public key associated with the lost seed phrase to recover your wallet. You won't need all three master public keys. Two of them can be derived from the two existing seed phrases.

To recover you wallet and spend fund from that, you will need:

Seed A, Seed B, MPK C
or
Seed B, Seed C, MPK A
or
Seed A, Seed C, MPK B

(MPK = Master public key)

Correct. If OP doesn't want to backup all the xpubs with each cosigner's seed, they could back it up as follows:

1. Seed A, MPK B
2. Seed B, MPK C
3. Seed C, MPK A

Therefore, losing 1 of those packets OP will still be able to recover their wallet. At the same time, if an attacker steals one of the packets, they will not be able to monitor your wallet.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: apogio on July 12, 2023, 07:50:28 AM

Make sure to back up your 3 xpubs as well. In case you lose one of your seeds, if you don't have all the 3 xpubs, you will not be able to recover your keys, even if 2 out of 3 seeds are needed to sign transactions.

To be more accurate, if you lose one of the seed phrases, you will need the master public key associated with the lost seed phrase to recover your wallet. You won't need all three master public keys. Two of them can be derived from the two existing seed phrases.

To recover you wallet and spend fund from that, you will need:

Seed A, Seed B, MPK C
or
Seed B, Seed C, MPK A
or
Seed A, Seed C, MPK B

(MPK = Master public key)

apogio

sr. member

Activity: 406

Merit: 896

Quote from: unknowncustomer on July 11, 2023, 05:37:27 AM

Hello,

I created an electrum 2/3 multisig Wallet on an air-gapped device.
The three seeds are geographically distributed.

I want to verify that I have well written the three seeds.
I have to create a "fake" transaction on electrum then sign it with the first key then export the PSBT then sign it with the second seed ? What about the third seed to check it's correct ?

Is there any other solution to check I own the correct seeds ?

Make sure to back up your 3 xpubs as well. In case you lose one of your seeds, if you don't have all the 3 xpubs, you will not be able to recover your keys, even if 2 out of 3 seeds are needed to sign transactions.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Where are your xpubs backed up? They should be backed up alongside your seed phrases.

Quote from: unknowncustomer on July 11, 2023, 05:37:27 AM

I have to create a "fake" transaction on electrum then sign it with the first key then export the PSBT then sign it with the second seed ? What about the third seed to check it's correct ?

What is contained by the wallet you plan to create this fake transaction on? All of the seed phrases? Or just the xpubs? Or some combination?

How are you planning to sign it with second seed phrase? Are you importing that seed phrase in to a clean device alongside the two other xpubs? Again, where are your xpubs backed up?

I would not create a transaction at all. What I would do instead would be to access each seed phrase back up individually, use each back up to derive the necessary xpub, then take all three xpubs together and recover a watch only copy of your multi-sig. If the addresses match up, then your seed phrases are correct.

I would also point out that creating a multi-sig on a single device negates the whole point of a multi-sig, which is to remove a single point of failure.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: dkbit98 on July 11, 2023, 04:37:21 PM

First write seed words on paper, than erase wallet or reset device/s, and than import seed words from scratch.
Only if everything works good you should accept coins on addresses generated by this wallet.

If a multisig wallet has been created already, you can check the seed phrase, master public key and make sure the addresses are the same on all the m wallets. Even if the addresses are correct, the multisig wallet is properly setup. If there is a mistake in the setup, likely the wallet will not be created at all. I do not think reimporting the seed phrase is necessary.

Quote from: MusaMohamed on July 11, 2023, 11:12:35 PM

Multisig wallet or Singlesig wallet, you always have to do three steps.
Create your wallet with seed
Backup your wallet seed
Recover your wallet to test your wallet seed backup

You do not have to recover multisig or single sig wallet just like I mean above. You can still always double check that your seed phrase (and master public keys) are correct and properly backup the seed phrases and master public keys.

MusaMohamed

sr. member

Activity: 882

Merit: 290

Multisig wallet or Singlesig wallet, you always have to do three steps.
Create your wallet with seed
Backup your wallet seed
Recover your wallet to test your wallet seed backup

With Multisig wallet, the recovery process will include checking seeds of all cosigner wallets and their Master Public Keys.
If the multisig wallet created has the same address as an initial wallet has, all from wallet creation, wallet backup, wallet recovery are good.

Creating a multisig wallet.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: unknowncustomer on July 11, 2023, 05:37:27 AM

Is there any other solution to check I own the correct seeds ?

Word of advice, whenever you are creating bitcoin wallet, either regular or multisig, you should ALWAYS check if your seed phrase backup work, only after this you can consider your setup safe.
First write seed words on paper, than erase wallet or reset device/s, and than import seed words from scratch.
Only if everything works good you should accept coins on addresses generated by this wallet.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: unknowncustomer on July 11, 2023, 05:37:27 AM

I want to verify that I have well written the three seeds.
I have to create a "fake" transaction on electrum then sign it with the first key then export the PSBT then sign it with the second seed ? What about the third seed to check it's correct ?

By following that method, just make two copies of the PSBT with 1 signature and send each to the other two cosigners.
Either one should be able to sign it.

Quote from: unknowncustomer on July 11, 2023, 05:37:27 AM

Is there any other solution to check I own the correct seeds ?

Check each cosigner wallets' addresses if they are all the same, then go to each cosigner's menu: "Wallet->Seed" if the seed if correct.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: ranochigo on July 11, 2023, 09:41:19 AM

Last few bytes are checksum and there is a fixed number of words in Electrum wordlist.

Since OP has generated the seed phrases using electrum and they are not BIP39, the checksum isn't the last few bytes.
Instead of having a checksum in the way a BIP39 seed phrase is generated, electrum hashes the words and then checks if the result matches any of the correct versions numbers.

ranochigo

legendary

Activity: 2954

Merit: 4158

Not necessarily.

Your seeds have a certain threshold of redundancy, where you can afford to get a word or two wrong while still being able to recover them with relative ease. ~~Last~~ (First*) few bytes are checksum and there is a fixed number of words in Electrum wordlist. For the maximum security, I wouldn't generate the multisig using the three seeds at the same time on the same computer. Rather, I would get the master public key and combine them to get the MultiSig wallet and compare their addresses.

You have to import each seed into separate computers and derive the master public key individually. I'm assuming that you're able to do this, given that this would be the ideal setup for a secure airgapped multisig.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

You may want to make a transaction to see a how a multi-signature wallet works, but if you only want to check if you have written down the seed phrases correctly, there is no need to make a transaction.
Just create a new 2 of 3 multi-signature wallet using the three seed phrases you have. If electrum generates the correct addresses, it means that you have written down the seed phrases correctly.

Zaguru12

hero member

Activity: 672

Merit: 855

In 2/3 multi sig wallet two of the keys are actually ok to approve a transaction, so to test the other third key, I would just say you should try it out manually. Initiate another transaction and sign in with the third key and any one of the other ones just to check

unknowncustomer

jr. member

Activity: 48

Merit: 27

Hello,

I created an electrum 2/3 multisig Wallet on an air-gapped device.
The three seeds are geographically distributed.

I want to verify that I have well written the three seeds.
I have to create a "fake" transaction on electrum then sign it with the first key then export the PSBT then sign it with the second seed ? What about the third seed to check it's correct ?

Is there any other solution to check I own the correct seeds ?

Topic: How to check I have the seeds of my multisig 2/3 (Read 201 times)