Author

Topic: I'd like to do a multi sig wallet (Read 790 times)

legendary
Activity: 1974
Merit: 1030
March 29, 2013, 02:56:57 AM
#10
I share your desire to do an n-of-m wallet.

The closest thing I have found are some python scripts that let you backup an Armory wallet to n-of-m paper backups.  

At the moment I am waiting for the Offline bundle to be updated to support it.

See: https://bitcointalksearch.org/topic/2-of-3-paper-wallets-139625

This is newer than that.
sr. member
Activity: 349
Merit: 250
BTCPak.com - Exchange your Bitcoins for MP!
March 28, 2013, 12:37:03 PM
#9
I share your desire to do an n-of-m wallet.

The closest thing I have found are some python scripts that let you backup an Armory wallet to n-of-m paper backups.  

At the moment I am waiting for the Offline bundle to be updated to support it.

See: https://bitcointalksearch.org/topic/2-of-3-paper-wallets-139625
hero member
Activity: 767
Merit: 500
March 28, 2013, 11:21:00 AM
#8
Not sure i understand very well.
With your system, let s say the owner of {a,b,c} and {b,d,e} met. They are only 2 yet they can manage to rebuild the whole message (abcde). So this should not work does it?

I think you might be misunderstanding - the notation {a,b,c} is the group of people comprising of person a, person b, person c.

Will
legendary
Activity: 892
Merit: 1013
March 28, 2013, 06:03:25 AM
#7
Not sure i understand very well.
With your system, let s say the owner of {a,b,c} and {b,d,e} met. They are only 2 yet they can manage to rebuild the whole message (abcde). So this should not work does it?
hero member
Activity: 767
Merit: 500
March 28, 2013, 04:37:52 AM
#6
you could use P2SH or Shamir's secret sharing but those are probably a bit heavyweight.  A lighter weight solution that you can just do with your calculator, but requires more storage (3 c 5 = 10x256bits) would be in this case:

Generate a random 256 bit key for each of the participants.

Go through all the permutations of how you wish the unlock to happen - e.g. in your case there are ten combinations:

{a,b,c} {a,b,d} {a,b,e} {a,c,d} {a,c,e} {a,d,e} {b,c,d} {b,c,e} {b,d,e} {c,d,e}

and XOR the keys against each other e.g. for A, B and C to unlock you generate K(A|B|C).  Then XOR each of these generated intermediate with the master private key you wish to secure (obtain the bitcoin private key from dumprivkey RPC command, then convert to raw 256bit value).  You will end up with ten, 256 bit values which you then publish to all participants, or on a website (it can be public).

EDIT: in fact, you should put the intermediate keys through a SHA256 hash before XORing with the bitcoin private key - this avoids a depth attack where you can just XOR the public values against each other to leak information.  Sorry.
 
Now when three participants wish to decode the public key, they XOR their three secrets with each other along with the correct value from the public intermediate list, and this recovers the private key.

Will
legendary
Activity: 892
Merit: 1013
March 28, 2013, 04:14:03 AM
#5
So would there be a point in making a service such as bitcoinadress that would work as follow :
1 choose how many block you want
2 choose how many block is needed to reform the key
3 random words are created for each block.

For example i choose 3 block and 2 are needed.
Block 1: AB_
Block 2: _BC
Block 3: A_C

2 out of thoose 3 would allow you to reform the word ABC wich can be used as a private key.

Then you can print each block and save them this way.
I only have a problem figuring how to do so in a generic way. (for instance what would be the solution of 6 block and 3 is needed)


For me this solution is much more convenient as:
Brain Wallet --> you can forget the password. If you write it down, someone can stole you. what if you get an accident?
Paper wallet --> canot be spread so much. if someone take a simple picture of it they can stole you. If you keep them at home, what if you get a fire?
If you give to someone, what if he turns rogue?What if your house get stolen? Soon bitcoin will be more wanted than gold!
Encrypted wallet on cd -->  hard to check integrity. same problem as brain wallet
kjj
legendary
Activity: 1302
Merit: 1026
March 26, 2013, 10:36:02 AM
#4
Personally, I think you would be better off making 5 new private keys and then making a P2SH multisig 3-of-5 address from them.
sr. member
Activity: 291
Merit: 250
March 26, 2013, 10:26:15 AM
#3
Are you saying you want to have a private key that is split into 1/5's, and any of the 3 can redeem the private key?  Bitaddress.org can generate a Vanity address (have not tried it myself) that will generate a 2 way split key.  Not sure about a 3/5 split key but this might help with what you are looking for.

https://bitcointalksearch.org/topic/ann-bitaddressorg-safe-javascript-bitcoin-addressprivate-key-43496
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
March 26, 2013, 10:03:31 AM
#2
With non-standard transactions it would have been easy to do
legendary
Activity: 892
Merit: 1013
March 26, 2013, 09:40:53 AM
#1
Hello it's all in the title.
I'd like to print on 5 papers some part of the btc private key and someone in possession of 3 of thoose paper should be able to easily recover the funds.
Is there any simple way to do so?
Jump to: