Topic: Is this scheme for multisig audit of Trezor + Coldcard ok? (Read 97 times)

Yeah... I would agree.

If you're concerned that the RNG in the Trezor is malicious, broken or "poor"... you could just as easily create your own BIP39 seed using dice or coinflips offline... and import that into the Trezor.

You can then easily use offline tools like iancoleman's BIP39 mnemonic code converter to validate that the Trezor is generating the "correct" keys/addresses from your BIP39 seed.

Why don't you just generate private key or BIP39 seed words offline and then import them in your hardware wallet if you want?
Entropy generation in Trezor is not so great, and it is mixing external entropy from computer with internal entropy from built-in hardware random number generator.
Other hardware wallets like ColdCard are using secure elements for seed generation but I would still use old methods with offline BIP39 if done correctly.


You don't need to first receive coins on your address, but you should first delete and restore your wallets before sending or receiving any coins.
That way you will be sure you wrote everything correctly and made good backup.

Note that Multisig for most hardware wallets are not totally secure and for Trezor wallet you can't automatically verify that the co-signers are safe, and it has to be done manually for every transaction.
Jameson Lopp did a test of hardware wallets with multisig few months ago and it interesting to read and notice many flaws:
https://blog.keys.casa/bitcoin-multisig-hardware-signing-performance/

My plan is to make a multisig between coldcard and trezor. I want to audit and verify that I indeed own the 2 keys of these wallets, using a raspberry pi zero (no wifi/bluetooth by definition) on a very old HDMI tv with no internet either, and using a virtual keyboard and simply a mouse on the pi zero.

These are the possible risks I want to mitigate:

 - The wallets can have a malicious random number generator. 

 - The wallets can generate address for keys that are not mine

To eliminate the risk of the trezor generating a private key I don't own, I'm gonna put its key on the raspberry pi zero and see that it generates the same master pubkey and shown in trezor. This proves I own this key, but it might be a kew that someone already owns. No problem, that's why I'm doing multisig.

On the coldcard, I'll generate a seed using dices, and then verify on the raspberry pi that those dice rolls indeed generate the private key shown by coldcard. This proves that I own a private key that no one owns, because it was generated using dices.

Now that I have 2 private keys that I own, and at least one of them I'm the only owner, I can create a multisig wallet on Electrum or maybe BlueWallet. I'll annotate the first 10 addresses generated by the software wallet, and verify if they match on the coldcard and on the trezor. If the 3 show the same 10 set of addresses, I can consider these addresses safe for receiving Bitcoin.


I'll then receive some Bitcoin on one address, erase both wallets, restore them with the private keys, and then try to spend this Bitcoin, just to make sure I really owned the coins.

What are the possible problems I can encounter? Am I forgetting something important?

PS: I know that if the trezor has a malicious random number generator and it creates a private key that not only myself own, this is a privacy leak, but not a problem. And it's a privacy leak only when I spend from this address, revealing the public key on the blockchain.

I also plan to use just PBST air-gapped transactions on Coldcard, and a trusted computer to broadcast.