Topic: Mixin Safe: A Convenient and Decentralized Multisig + MPC + Timelock solution - page 6. (Read 1851 times)

The lock means to limit the ability of the recovery key, the timelock duration can be set on a per safe basis, 1 year is just a default setting. And for the test service, this duration is only 3 days.

I agree with on the logical ways. That's what Mixin Safe is doing, provides a good service to do the inheritance in the logical way. You add your trusted people to the safe, setup the trusted inheritance key manager, in a multisig and timelocked way, and easy to manage, and everybody is able to master it.

As I said, I don't like miniscript^[1], but why was Timelock chosen and why exactly at least 1 year? Also, the phrase at least may mean for more than a year.
If we assume that the use is for the heirs, it is possible after the members return the key with the recovery key and be able to withdraw the money without the consent of the owner key. Therefore, here we cannot apply it as a model for the heirs (it may be a good service if it is linked to biometric indicators that activate a lock for a period of 6 months from the date of death of the owner key holder)

I hate to say it but centralized solutions or trust in heirs are the logical ways to solve the problem of the death of the bitcoin owner.


[1] https://bitcointalksearch.org/topic/m.62556275

At first, Mixin Safe makes bitcoin multisig+timelock conveniently usable for average users, otherwise they have no other choices.

Second, we have been running for 6 years, that's long enough, we have no incentive to go offline.

Finally, even if we are offline, many developers or companies should be incentive enough to develop new tools. Imagine Mixin Safe can attract customers to pay $1000 per year, why no other companies want to do this? If we have 1000 customers, a new company can easily have 1000 customers to use their service.

Emphasis mine, and that's my concern. It's technically possible to set up this inheritance and recovery type of multi-sig arrangement yourself, but as you correctly point out, it is beyond the skill set of the vast majority of average users. It will also be beyond their skill set to recover their coins if your service disappears, and that's a very dangerous situation to be in. And you are not incentivized to release a tool to allow them to do so, since then they can easily bypass your pricing model.

You are essentially hoping that some unknown developer will be kind enough to develop a tool to allow users to recover their coins, for free, in their own time. That's a big assumption.

All our systems don't hold private keys, and we have a long history of 6 years, and lots of users, with around 20000BTC are managed through our services. I understand any systems could have bugs, but a long history without security incidents and open source could at least prove something.

OK for messages, but during that period, did Mixin messenger have any relationship with private keys and crypto addresses that hold some value?
I want to say that messaging is not as attractive for abuse as wallets. Once a significant amount of coins are connected to your service, more unethical persons will appear and try to open your system. For example, hackers always prefer to attack a system where there is some value than where the reward is just a bunch of text.

Technically they can use any software to do the CMP-MPC, and even if all the nodes go down, it's technically possible to do the process to access the members key. And all these process doesn't rely on any altcoins, and members should have no knowledge about any altcoins.

Mixin Messenger may go offline and that has never been the case since 2017, and it serves hundreds of millions of E2EE messages everyday.

Our service is to make all this technically possible process easier for average user, when you are trying to think about the backup plan when our service is gone, the plan is not to let the users develop software, it's to provide another software to help them. A decentralized system allows a new software to do the job, unlike a centralized system rug.

An average user can't even use Bitcoin Core to manage multisig and timelock, that's why we provide the service and sell it at a price.

In summary, everything could go offline, and in past 6 years, Mixin Messenger never did that. The software doesn't rely on altcoins. The coins can always be recovered even if our system is completely offline.

I see. And they do all this through Mixin Messenger, right? Can they do it through any other piece of software, or it has to be your software?

My understanding is that the whole network is dependent on your XIN altcoin and its nodes, of which there are only 20-30? What happens when your network goes down? Does Mixin Messenger go offline? How does the average user (i.e. one who cannot clone github repos or compile software themselves) manage to recreate the members key and access their coins?

It's the CMP-MPC protocol from Fireblocks, so there is no private key for the members key, and it has never existed. But n members hold some shares, they can sign the message with their share and combine the signature to form the final signature.

Technically and actually you can do all of this for free. What we charge is that we make a tool for you to easily do all these multisig and MPC stuffs easily. We sell wallet software, just like people sell wallet hardware, you can manage your private key without the hardware.

---

Mixin Safe is completely different from Ledger Recovery, they are trying to backup your private key, Mixin Safe never gets access to your private key. What we promote is multisig+timelock, the ultimate technology in Bitcoin, to help people preserve their coins without single point of failure.

I haven't studied this in depth, but as far as I can tell it works as follows.

Mixin Safe is a 2-of-3 multi-sig.
There is one key held by you, the owner key.
The second key is held by your family/friends/colleagues/other trusted contacts, called the members key.
The third key is held by Mixin Safe themselves, but is timelocked for a year, called the recovery key.

You can spend coins using your key and the key held by your trusted contacts with their approval. If you lose your key, or your trusted contacts lose their key, you can recover your coins after one year with the key you do still have and the recovery key.

---

I would also say that I will never use such a product, for a couple of reasons. Personally, I do not want a third party involved in my storage, and I certainly don't want to be paying a third party to be involved in my storage. I also highly value my privacy, and don't want a third party being able to see all my holdings and transactions. I know there is a market for such products given the recent Ledger Recovery nonsense, but that market is not me.

However, on poking about the website a bit more I have one main concern, and it revolves around the members key. How does it work exactly? It is a multi-sig embedded in a multi-sig? Is it SSS? How do the threshold number of members come together in order to recreate their key? Can I pick the threshold? Your pricing model says you charge $20 per transaction(!). How can you enforce this when I am supposed to be able to access my key and the members key without you? If the members truly did hold this key, then I can recover my multi-sig to any wallet and make transactions without paying your fee, no? Something doesn't add up.

You can check our website for technology details and send a transaction from your Mixin Safe to see the multisig in action.

https://blockstream.info/tx/038a366e35ce50a7315b42f9139f19f868f481212ba9fc814e08a09bdd39a57e?expand

The link above is a transaction sent from one Mixin Safe address, as you can see the witness script shows two signatures used to unlock a timelockec 2-of-3 multisig script.


Thank you. Mixin Safe is a new project started this year, when I asked about Bitcoin script questions https://bitcointalksearch.org/topic/p2wsh-multisig-and-timelock-question-5441806

However Mixin Messenger is a project with lots of users and has been running for 6 years.

I have seen this project in the service board running a review campaign. I have also seen that many people have applied to the review the project. But it appears that this project is not a familiar one, but it has a good security feature. I remember when I first set up a 2-2 multi sig wallet, it wasn't a straight forward thing but I achieved it.
I have interest in this project and I will like to use it. I don't know if someone like o_e_l_e_o has studied this project. He has a way of explaining difficult things in a simple manner. I will be glad if he can respond to this.

Meanwhile, Op you did well by offering a review campaign. That is the only way to make the community acquinted with the project.

Where is the multisig and private key functionality? I don't see it anywhere in the app.

I'd like to see how the 2-of-3 multisig is stored.

Thank you for the praise 

For the members key, if you just wanna try the service, you may choose anybody, even yourself is enough. We recommend the members to be managed by trusted members, or by two different phones, so that you won't lose access of the members key.

One question about the member key aspects of this project, can the member be folks I know or I can meet any random guy and add them thorough the messenger app, the reason is because I have a very limited contact.

Haven't tried it out yet but I thought I should know about this aspect of the project although I think the project is cool because beleive me ,I know most bitcoin users always prefer storing their coins in CEX even if they are fully aware of the vulnerability but mixin safe seem simple enough and the multi sig aspect of it makes it somehow cool and safe even if one losses their private key.

A few wallets are now supporting part of miniscript, but they don't have full support, they usually only allow some simple predefined templates. I will look into Bluewallet to have a test.

Throwaway number is ok for a test. But if you like the product and decide to use it for your coins, it's recommended to use a real number though. By mentioning throwaway number, it's not a recommendation, just to emphasize that we don't want people's phone number, we make the product to use phone numbers because it's the most adopted authentication method for general public.



It's better for most people to download apks from their app stores, usually Google Play, FDroid, or something, then those apk warning won't appear. This is not an app thing, it's the Android.

Mixin Messenger itself is the easiest wallet to use already, with good real mixing capability as the name suggested

One device use means single point of failure, Mixin Safe is just designed to avoid this issue, so It's possible to use it with a single device, but not in a recommended way.

Op I tried to download the Signal Messenging App and this is warning I got from it.

This is what most people are trying to avoid because they are afraid that virus might infect their mobile device to destroy their already installed wallet.

And also the inclusion of bitcoin core in desktop or laptop and Mornin Key App and Ledger Wallet App for Android Version is making the process cumbersome. Why can you programme it for one device use? Now what will happen to those who are not using phone or those who are not using phone?

As you said, the service is not for everyone but you still need everyone for the service. So make things easy for us to use.

How about Bluewallet, since this one also supports miniscript I can used this on the mixin safe?  I thought, your requiring each users to have morni key, but I was wrong about this thinking.

But anyway, thanks for the clarification for this thing now I know what am I gonna do with this mixin safe. One more thing why in your terms in the review campaign you've mentioned that anyone can use throwaway number, right? Why? It seems that there is risk when we use mixin safe?

I think that storing any value with the help of a temporary service or one controlled by a third party cannot be a good solution. Sounds like "not your key, not your coins" to me.

Mixin Safe is not a single software, it's a service that makes multisig easy to use, the minimum requirements for this service is Mixin Messenger and a Bitcoin private key wallet.

The Bitcoin private key wallet can be any Bitcoin wallets that support miniscript well. So Bitcoin Core is the most trusted and free choice, you don't need to buy anything. And Mornin Key is the other software choice, and as I know no other Bitcoin software wallets support Miniscript wallet yet.



1. Yes, any phone number which can receive SMS is acceptable.
2. We are considering other choices, including email.


Yes, the answer is correct. Once other software wallets fully support the miniscript feature, they can be used with Mixin Safe.