Topic: Multi-Sig Strategy to Keep Bitcoin is not the Ideal Solutions for Individuals (Read 262 times)

That's another possible use of multi-sig, though. If you truly have nowhere secure offsite where you can store a copy of a single sig seed phrase, then multi-sig allows you to compromise a little on that. I could set up a 3-of-5 multi-sig and store one back up with 5 friends, for example. Perhaps I don't trust any one of these friends enough to give them a single sig seed phrase, but I collectively trust them enough to know that 3 of them won't all try to betray me.

As pooya87 has said above, it's all about pros and cons, risks and benefits. Is the increased risk of theft offset by the decreased risk of accidental loss? Is the increased redundancy offset by the increased chance of discovery? It's up to the user to decide, but blanket statements like "Don't use multi-sig" are not helpful.

Having said that, in terms of your master seed proposal, I think it is less than ideal. Multi-sig is not just safer because it decentralizes your back ups; it is also safer because it decentralizes your seed creation process. If I have a device which is generating weak seed phrase (see the Libbitcoin Explorer vulnerability as an example), and I create a single sig wallet using it, my coins are lost. If I use it to create one seed phrase of a multi-sig set up with the other 2 (or 4, or whatever) seed phrases coming from a different device which is generating strong seed phrases, then I am protected from loss despite my weak seed phrase. If however I generate a master seed using that weak RNG, and then derive all my seed phrases for my multi-sig from this one weak seed, then again my coins are at risk of theft.

If you are going to generate a multi-sig from one source of entropy and store all your seed phrases as one single back up, then you've not really achieved anything at all. A single sig cold wallet would be a better choice.

Exactly. In decentralized system where every user is responsible for their own security, they must first educate themselves. Of course in such a system without a central authority it is up to us (who know a tiny bit more) to provide them with the best and most accurate information to help guide them in their decision making.

I see the point you are trying to make is that multi-sign wallets shouldn't be labelled as not ideal for individuals because of human error. I understand that if I want to set up and use the multi-sig wallet my first step to take is to get educated and learn how to use it the right way and understand the advantages and disadvantages inherent in it. From your reply I understand that using a multi-sig wallet is in tandem with the core principle of decentralization where I and other people have control over their own assets and security.

I completely got you.

What you are saying is like saying there is no difference between having 1 lock or 2 locks to secure a front door. The thief can eventually break all the locks. 
What's the point of having 2 locks, if they all can be opened using a single key?

Again, we use a multi-signature wallet, so that we eliminate any single point of failure. 

Sure, 100 seed phrases would be even better  but I'm in very doubt someone  builds multisig from 10 seeds. I think the most common case is either 2-of-2 or 2-of-3 multisig. Moreover I believe people  play hanky-panky when talking about different geolocations  of their backups, It’s easier said than done.

Logical it is possible that even if you have even 10 seed phrase for a multi sig it can still be located or accessed but what hosseinimr93 is saying which I agree with is the fact that the probability of getting access to the m seeds  of the m-n multi sig is much higher than if it they are generated by a single seed. The probability will only be the same when you back all the individual seeds in Jus one place and that from a start is definitely not logical, as this is just same as one using a single device to set the multi sig up.

With the individual seeds dispersed in different back up locations it will be hard to get all m required seeds to sign a transaction from that wallet

It seems to  me you missed the point of my message. What I meant was,  eventually,  someone could  have the ability  to  access all your  seed phrases. Judging to that, and the fact that the management of the set of child mnemonics is less difficult   I see the option to have multisig constructed from that set is more convincing - security and safe is almost the same, well, probably a very little less, but that "very little" is fully covered by management benefits.

It seems like topics like this keep coming up every now and then where someone is arguing that a particular method is not suitable, not ideal or outright insecure just because people that are using it may not do it correctly.
For example we've had this argument with regarding paper wallets and the bitcoin wiki is still calling them "obsolete and unsafe" which is wrong.

Everything in Bitcoin has pros and cons, from bitcoin itself with its volatile price to the wallet types we use. For example you can't say "bitcoin core is not an ideal solution for individuals because it takes a long time to sync" just as you can't say "multi-sig is not suitable because it is hard to setup and backup correctly".

Multi-sig wallets have their benefits even for individuals but they obviously require more effort to setup, backup and use. The important thing is for people to learn how to choose the most suitable tool for them and understand how to take advantage of what it offers. If the benefits of multi-sig wallet is what an individual looks for, they will also accept the extra effort that it demands.

In general, multi-sig is MUCH safer than single-sig. We must not confuse privacy danger with safety danger. Of course we need full redundancy for public keys, but it is not difficult. Even if you lose a backup of all of your xpubs, your coins are totally safe. But you don't have to backup all xpubs together.

Backing up xpubs is easy like Charles-Tim said in the quote below. It is what I do personally and I feel very comfortable. I just need to check my backups occasionally (1-2 times a year).

No. If you have a 2 of 3 multi-signature wallet and someone has access to one of three seed phrases, there is no way for the thief/hacker to steal your fund.
In your proposal, there's a seed phrase that can be used to derived all seed phrases. If someone has access to that seed phrase, your fund is gone.
 
You can set the m in the m of n multi-signature wallet to 3 or more, so that even two seed phrases are not enough to steal the fund.

It goes without saying. But this a point  a failure to all multisig  no matter in what way they  were  created either from child seeds derived from deterministic entropy or independent ones. If someone get access to seeds then kiss the relevant stash goodbye.

The way  to create multisig from mnemonics compliant to  deterministic entropy makes harder to access multisig by having backdoor say in one wallet that participates in signing. The more wallet you use the more sustainable multisig wallet to backdoor attack. At the same time it make easier the management of pertaining SEEDs.

Only with BIP39 seed phrases. With Electrum seed phrases, segwit multi-sig wallets always use the derivation path m/1', and there is no option in the GUI to change this. Therefore if you try to use the same seed phrase twice, you will get an error as Charles-Tim has said. If you use a BIP39 seed phrase, on the other hand, you can change the derivation path from the default m/48'/0'/0'/2' (for segwit) to anything you like, allowing you to use the same seed phrase with different derivation paths. (It would of course be possible to use the same Electrum seed phrase if you manually derived at different paths and exported the relevant Zprvs and Zpubs, but all you'll really achieve here is to increase the risk that you accidentally lock yourself out of your coins by doing something weird.)

The other option not mentioned yet would be to use the same seed phrase with different passphrases. You can use this option with either Electrum or BIP39 seed phrases on Electrum. I don't see any real advantages to this over using separate seed phrases, though.

We create a multi-signature wallet for two purposes.


First purpose: When we want to have a wallet in which transactions can be made only if m out of n people allow that.
Due to obvious reasons, there is no way to use your proposal for this purpose.


Second purpose: When we want to use a wallet individually and increase our security.
We use the multi-signature wallet to eliminate any single point of failure. If there's a seed phrase that can generate all required keys, there's still a single point of failure.

If someone has access to the master seed, the thief can steal the fund.
If the device which is used for creating the master seed is compromised, the fund will be stolen.

The major purpose of multisig approach is to have wallet which is more  resistant to a potential backdoor in a single device. Thus, if you create child mnemonics from Master SEED and import each of them into different BIP39 compliant wallets further used in signing  multisig transaction , such multisig wallet would serve purpose. It seems to me  that such  logic would work. Correct me if this logic is wrong.

It may worth mentioning that there is no seed phrase in bitcoin protocol.


Right. But just to be more accurate:

Electrum doesn't allow two co-singers have the same master public keys.
Therefore, it's possible to use a single seed phrase with different derivation paths to create a multi-signature wallet in electrum.

I did not know that this is in bitcoin protocol before until I was corrected on this forum. I mean to use the same seed phrase to generate m-of-n multisig wallet. On Electrum, it is not possible as it will bring up error, which is likely because it is not secure at all. I also will not recommend it.

I also disagree.
If you know what exactly you are doing, then there's nothing to worry about.


If all keys can be derived from a single seed phrase, it would defeat the purpose of a multi-signature wallet. What you are proposing is like a single signature wallet, but with bigger transaction fee.

Strange as it may appear, at this point I'm against Antonopoulos view. If you use multisig approach  by yourself to make your stash a bit safer you may take child SEEDs ( derived from one master/deterministic  SEED) to build relevant multisig wallet.  Thus,  to reconstruct MultiSig  wallet your need to keep safe only one mnemonic , i.e Master SEED.

That's not necessary. For any m-of-n multi-sig, the minimum number of back ups you need is equal to n. Each back up will contain one seed phrase, and a specific arrangement of n minus m master public keys such that any m back ups is sufficient to completely restore your wallet.

What this means is that for a 2-of-3, you need three back ups in the formulation that Charles-Tim has shared above, each containing one seed phrase and one master public key. There is no need to have three different back ups just for the public keys, and there is no need to back up raw private keys at all.

You could of course duplicate all your back ups if you wanted and end up with six back ups for a 2-of-3, but you would have to weigh the increased redundancy against the increased risk of discovery.

Of course. The whole point of a multi-sig is to remove any single points of failure. As soon as you bring the threshold number of keys together on the same device or in the same location, then you have a single point of failure.

Yeah with two or more different device it is most suitable, what I meant and stated Above is using a single device to set it up, this defeats the purpose of multi sig entirely.