Author

Topic: Multi-Sig Strategy to Keep Bitcoin is not the Ideal Solutions for Individuals (Read 263 times)

legendary
Activity: 2268
Merit: 18748
Moreover I believe people  play hanky-panky when talking about different geolocations  of their backups, It’s easier said than done.
That's another possible use of multi-sig, though. If you truly have nowhere secure offsite where you can store a copy of a single sig seed phrase, then multi-sig allows you to compromise a little on that. I could set up a 3-of-5 multi-sig and store one back up with 5 friends, for example. Perhaps I don't trust any one of these friends enough to give them a single sig seed phrase, but I collectively trust them enough to know that 3 of them won't all try to betray me.

As pooya87 has said above, it's all about pros and cons, risks and benefits. Is the increased risk of theft offset by the decreased risk of accidental loss? Is the increased redundancy offset by the increased chance of discovery? It's up to the user to decide, but blanket statements like "Don't use multi-sig" are not helpful.

Having said that, in terms of your master seed proposal, I think it is less than ideal. Multi-sig is not just safer because it decentralizes your back ups; it is also safer because it decentralizes your seed creation process. If I have a device which is generating weak seed phrase (see the Libbitcoin Explorer vulnerability as an example), and I create a single sig wallet using it, my coins are lost. If I use it to create one seed phrase of a multi-sig set up with the other 2 (or 4, or whatever) seed phrases coming from a different device which is generating strong seed phrases, then I am protected from loss despite my weak seed phrase. If however I generate a master seed using that weak RNG, and then derive all my seed phrases for my multi-sig from this one weak seed, then again my coins are at risk of theft.

If you are going to generate a multi-sig from one source of entropy and store all your seed phrases as one single back up, then you've not really achieved anything at all. A single sig cold wallet would be a better choice.
legendary
Activity: 3472
Merit: 10611
I see the point you are trying to make is that multi-sign wallets shouldn't be labelled as not ideal for individuals because of human error. I understand that if I want to set up and use the multi-sig wallet my first step to take is to get educated and learn how to use it the right way and understand the advantages and disadvantages inherent in it. From your reply I understand that using a multi-sig wallet is in tandem with the core principle of decentralization where I and other people have control over their own assets and security.
Exactly. In decentralized system where every user is responsible for their own security, they must first educate themselves. Of course in such a system without a central authority it is up to us (who know a tiny bit more) to provide them with the best and most accurate information to help guide them in their decision making.
sr. member
Activity: 574
Merit: 310
It seems like topics like this keep coming up every now and then where someone is arguing that a particular method is not suitable, not ideal or outright insecure just because people that are using it may not do it correctly.
For example we've had this argument with regarding paper wallets and the bitcoin wiki is still calling them "obsolete and unsafe" which is wrong.

Everything in Bitcoin has pros and cons, from bitcoin itself with its volatile price to the wallet types we use. For example you can't say "bitcoin core is not an ideal solution for individuals because it takes a long time to sync" just as you can't say "multi-sig is not suitable because it is hard to setup and backup correctly".

Multi-sig wallets have their benefits even for individuals but they obviously require more effort to setup, backup and use. The important thing is for people to learn how to choose the most suitable tool for them and understand how to take advantage of what it offers. If the benefits of multi-sig wallet is what an individual looks for, they will also accept the extra effort that it demands.
I see the point you are trying to make is that multi-sign wallets shouldn't be labelled as not ideal for individuals because of human error. I understand that if I want to set up and use the multi-sig wallet my first step to take is to get educated and learn how to use it the right way and understand the advantages and disadvantages inherent in it. From your reply I understand that using a multi-sig wallet is in tandem with the core principle of decentralization where I and other people have control over their own assets and security.
legendary
Activity: 2380
Merit: 5213
It seems to  me you missed the point of my message.
I completely got you.

What I meant was,  eventually,  someone could  have the ability  to  access all your  seed phrases.
What you are saying is like saying there is no difference between having 1 lock or 2 locks to secure a front door. The thief can eventually break all the locks. 
What's the point of having 2 locks, if they all can be opened using a single key?

Again, we use a multi-signature wallet, so that we eliminate any single point of failure. 
hero member
Activity: 714
Merit: 1298

It seems to  me you missed the point of my message. What I meant was,  eventually,  someone could  have the ability  to  access all your  seed phrases.


Logical it is possible that even if you have even 10 seed phrase for a multi sig it can still be located or accessed but what hosseinimr93 is saying which I agree with is the fact that the probability of getting access to the m seeds  of the m-n multi sig is much higher than if it they are generated by a single seed. The probability will only be the same when you back all the individual seeds in Jus one place and that from a start is definitely not logical, as this is just same as one using a single device to set the multi sig up.

With the individual seeds dispersed in different back up locations it will be hard to get all m required seeds to sign a transaction from that wallet

Sure, 100 seed phrases would be even better  Grin but I'm in very doubt someone  builds multisig from 10 seeds. I think the most common case is either 2-of-2 or 2-of-3 multisig. Moreover I believe people  play hanky-panky when talking about different geolocations  of their backups, It’s easier said than done.
hero member
Activity: 868
Merit: 952

It seems to  me you missed the point of my message. What I meant was,  eventually,  someone could  have the ability  to  access all your  seed phrases.


Logical it is possible that even if you have even 10 seed phrase for a multi sig it can still be located or accessed but what hosseinimr93 is saying which I agree with is the fact that the probability of getting access to the m seeds  of the m-n multi sig is much higher than if it they are generated by a single seed. The probability will only be the same when you back all the individual seeds in Jus one place and that from a start is definitely not logical, as this is just same as one using a single device to set the multi sig up.

With the individual seeds dispersed in different back up locations it will be hard to get all m required seeds to sign a transaction from that wallet
hero member
Activity: 714
Merit: 1298
But this a point  a failure to all multisig  no matter in what way they  were  created either from child seeds derived from deterministic entropy or independent ones. If someone get access to seeds then kiss the relevant stash goodbye.
No. If you have a 2 of 3 multi-signature wallet and someone has access to one of three seed phrases, there is no way for the thief/hacker to steal your fund.
In your proposal, there's a seed phrase that can be used to derived all seed phrases. If someone has access to that seed phrase, your fund is gone.
 
You can set the m in the m of n multi-signature wallet to 3 or more, so that even two seed phrases are not enough to steal the fund.

It seems to  me you missed the point of my message. What I meant was,  eventually,  someone could  have the ability  to  access all your  seed phrases. Judging to that, and the fact that the management of the set of child mnemonics is less difficult   I see the option to have multisig constructed from that set is more convincing - security and safe is almost the same, well, probably a very little less, but that "very little" is fully covered by management benefits.
legendary
Activity: 3472
Merit: 10611
It seems like topics like this keep coming up every now and then where someone is arguing that a particular method is not suitable, not ideal or outright insecure just because people that are using it may not do it correctly.
For example we've had this argument with regarding paper wallets and the bitcoin wiki is still calling them "obsolete and unsafe" which is wrong.

Everything in Bitcoin has pros and cons, from bitcoin itself with its volatile price to the wallet types we use. For example you can't say "bitcoin core is not an ideal solution for individuals because it takes a long time to sync" just as you can't say "multi-sig is not suitable because it is hard to setup and backup correctly".

Multi-sig wallets have their benefits even for individuals but they obviously require more effort to setup, backup and use. The important thing is for people to learn how to choose the most suitable tool for them and understand how to take advantage of what it offers. If the benefits of multi-sig wallet is what an individual looks for, they will also accept the extra effort that it demands.
hero member
Activity: 560
Merit: 1060
He goes further to say that while MultiSig provides redundancy for spending (e.g., 2 out of 3 signatures required), it demands full redundancy for public keys, and it is therefore risky for individual users who may not have the necessary backup redundancy, because if they lose a single seed, they have lost all access to funds.

In general, multi-sig is MUCH safer than single-sig. We must not confuse privacy danger with safety danger. Of course we need full redundancy for public keys, but it is not difficult. Even if you lose a backup of all of your xpubs, your coins are totally safe. But you don't have to backup all xpubs together.

Backing up xpubs is easy like Charles-Tim said in the quote below. It is what I do personally and I feel very comfortable. I just need to check my backups occasionally (1-2 times a year).

If you want to increase the security of your wallet, you can go for multisig. Although, it is very useful for multiple users purposes. For individual, we have suggested 2-of-3 multisig wallet several times on this forum with the appropriate backups like this:

Seed 1, MPK 2
Seed 2, MPK 3
Seed 3, MPK 1

Backups in different locations. If you lose one of the backups, you can still use the other two to recover your wallet.


legendary
Activity: 2380
Merit: 5213
But this a point  a failure to all multisig  no matter in what way they  were  created either from child seeds derived from deterministic entropy or independent ones. If someone get access to seeds then kiss the relevant stash goodbye.
No. If you have a 2 of 3 multi-signature wallet and someone has access to one of three seed phrases, there is no way for the thief/hacker to steal your fund.
In your proposal, there's a seed phrase that can be used to derived all seed phrases. If someone has access to that seed phrase, your fund is gone.
 
You can set the m in the m of n multi-signature wallet to 3 or more, so that even two seed phrases are not enough to steal the fund.
hero member
Activity: 714
Merit: 1298


If someone has access to the master seed, the thief can steal the fund.


It goes without saying. But this a point  a failure to all multisig  no matter in what way they  were  created either from child seeds derived from deterministic entropy or independent ones. If someone get access to seeds then kiss the relevant stash goodbye.

The way  to create multisig from mnemonics compliant to  deterministic entropy makes harder to access multisig by having backdoor say in one wallet that participates in signing. The more wallet you use the more sustainable multisig wallet to backdoor attack. At the same time it make easier the management of pertaining SEEDs.
legendary
Activity: 2268
Merit: 18748
Therefore, it's possible to use a single seed phrase with different derivation paths to create a multi-signature wallet in electrum.
Only with BIP39 seed phrases. With Electrum seed phrases, segwit multi-sig wallets always use the derivation path m/1', and there is no option in the GUI to change this. Therefore if you try to use the same seed phrase twice, you will get an error as Charles-Tim has said. If you use a BIP39 seed phrase, on the other hand, you can change the derivation path from the default m/48'/0'/0'/2' (for segwit) to anything you like, allowing you to use the same seed phrase with different derivation paths. (It would of course be possible to use the same Electrum seed phrase if you manually derived at different paths and exported the relevant Zprvs and Zpubs, but all you'll really achieve here is to increase the risk that you accidentally lock yourself out of your coins by doing something weird.)

The other option not mentioned yet would be to use the same seed phrase with different passphrases. You can use this option with either Electrum or BIP39 seed phrases on Electrum. I don't see any real advantages to this over using separate seed phrases, though.
legendary
Activity: 2380
Merit: 5213
The major purpose of multisig approach is to have wallet which is more  resistant to a potential backdoor in a single device. Thus, if you create child mnemonics from Master SEED and import each of them into different BIP39 compliant wallets further used in signing  multisig transaction , such multisig wallet would serve purpose. It seems to me  that such  logic would work. Correct me if this logic is wrong.
We create a multi-signature wallet for two purposes.


First purpose: When we want to have a wallet in which transactions can be made only if m out of n people allow that.
Due to obvious reasons, there is no way to use your proposal for this purpose.


Second purpose: When we want to use a wallet individually and increase our security.
We use the multi-signature wallet to eliminate any single point of failure. If there's a seed phrase that can generate all required keys, there's still a single point of failure.

If someone has access to the master seed, the thief can steal the fund.
If the device which is used for creating the master seed is compromised, the fund will be stolen.
hero member
Activity: 714
Merit: 1298
I
Thus,  to reconstruct MultiSig  wallet your need to keep safe only one mnemonic , i.e Master SEED.
If all keys can be derived from a single seed phrase, it would defeat the purpose of a multi-signature wallet. What you are proposing is like a single signature wallet, but with bigger transaction fee.

The major purpose of multisig approach is to have wallet which is more  resistant to a potential backdoor in a single device. Thus, if you create child mnemonics from Master SEED and import each of them into different BIP39 compliant wallets further used in signing  multisig transaction , such multisig wallet would serve purpose. It seems to me  that such  logic would work. Correct me if this logic is wrong.
legendary
Activity: 2380
Merit: 5213
I did not know that this is in bitcoin protocol before until I was corrected on this forum.
It may worth mentioning that there is no seed phrase in bitcoin protocol.


I mean to use the same seed phrase to generate m-of-n multisig wallet. On Electrum, it is not possible as it will bring up error, which is likely because it is not secure at all.
Right. But just to be more accurate:

Electrum doesn't allow two co-singers have the same master public keys.
Therefore, it's possible to use a single seed phrase with different derivation paths to create a multi-signature wallet in electrum.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
If all keys can be derived from a single seed phrase, it would defeat the purpose of a multi-signature wallet. What you are proposing is like a single signature wallet, but with bigger transaction fee.
I did not know that this is in bitcoin protocol before until I was corrected on this forum. I mean to use the same seed phrase to generate m-of-n multisig wallet. On Electrum, it is not possible as it will bring up error, which is likely because it is not secure at all. I also will not recommend it.
legendary
Activity: 2380
Merit: 5213
I also disagree.
If you know what exactly you are doing, then there's nothing to worry about.


Thus,  to reconstruct MultiSig  wallet your need to keep safe only one mnemonic , i.e Master SEED.
If all keys can be derived from a single seed phrase, it would defeat the purpose of a multi-signature wallet. What you are proposing is like a single signature wallet, but with bigger transaction fee.
hero member
Activity: 714
Merit: 1298

Each person involved in a MultiSig setup must have adequate backups of the seeds used to create the MultiSig address. Becasue losing a seed can lead to a dangerous failure mode where the MultiSig cannot be reconstructed. From what he said which we already know, MultiSig addresses are generated from a script involving multiple public keys, and the address requires all public keys to be provided for spending, even though only a subset is needed for signing.



Strange as it may appear, at this point I'm against Antonopoulos view. If you use multisig approach  by yourself to make your stash a bit safer you may take child SEEDs ( derived from one master/deterministic  SEED) to build relevant multisig wallet.  Thus,  to reconstruct MultiSig  wallet your need to keep safe only one mnemonic , i.e Master SEED.
legendary
Activity: 2268
Merit: 18748
Imagine a 2-3 multi sig, you have a 3 private keys and 3 seeds to backup making it six backup places to store them
That's not necessary. For any m-of-n multi-sig, the minimum number of back ups you need is equal to n. Each back up will contain one seed phrase, and a specific arrangement of n minus m master public keys such that any m back ups is sufficient to completely restore your wallet.

What this means is that for a 2-of-3, you need three back ups in the formulation that Charles-Tim has shared above, each containing one seed phrase and one master public key. There is no need to have three different back ups just for the public keys, and there is no need to back up raw private keys at all.

You could of course duplicate all your back ups if you wanted and end up with six back ups for a 2-of-3, but you would have to weigh the increased redundancy against the increased risk of discovery.

Yeah with two or more different device it is most suitable, what I meant and stated Above is using a single device to set it up, this defeats the purpose of multi sig entirely.
Of course. The whole point of a multi-sig is to remove any single points of failure. As soon as you bring the threshold number of keys together on the same device or in the same location, then you have a single point of failure.
hero member
Activity: 868
Merit: 952
I have two mobile devices and a laptop, I can think of 2-of-3 multisig wallet. Or if you have a hardware wallet, a phone and a laptop, you may prefer a multisig wallet.

Yeah with two or more different device it is most suitable, what I meant and stated Above is using a single device to set it up, this defeats the purpose of multi sig entirely.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
when you think of burden you will consider it not that worth it.
If you have experience about how you can setup a multisig wallet, it is worth it.

Imagine using one device to sign the transactions from the multi sig, once the device become compromised you the other co signer keys also get affected since it is on this device.
You will setup the multisig wallet on different devices. Example is the 2-of-3 multisig wallet, it requires 3 devices. Multisig wallet is one if the safest bitcoin wallet, even if created on online devices.

As for paper storage it is also a burden because how will one back up the seeds and keys. Imagine a 2-3 multi sig, you have a 3 private keys and 3 seeds to backup making it six backup places to store them ( although you can have one single seed for all ). And if a passphrase is added then it adds to the number of backs. Storing all of them will definitely leave some vulnerable to been seen
Read what I posted above.

With 2-of-3 multisig wallet, I do not think a passphrase is necessary.

The convenient of will be a single sig with probably a passphrase on an airgapped devices.
I have two mobile devices and a laptop, I can think of 2-of-3 multisig wallet. Or if you have a hardware wallet, a phone and a laptop, you may prefer a multisig wallet.
hero member
Activity: 868
Merit: 952
Do you agree with him that multi-sig strategy is not the ideal solutions for individuals? What do you think?

This has actually been discussed by some prominent members or say experienced members before. It is simply burdensome to have a multi sig for personal use, the risk somehow lessens but when you think of burden you will consider it not that worth it. Imagine using one device to sign the transactions from the multi sig, once the device become compromised you the other co signer keys also get affected since it is on this device.

As for paper storage it is also a burden because how will one back up the seeds and keys. Imagine a 2-3 multi sig, you have a 3 private keys and 3 seeds to backup making it six backup places to store them ( although you can have one single seed for all ). And if a passphrase is added then it adds to the number of backs. Storing all of them will definitely leave some vulnerable to been seen

The convenient of will be a single sig with probably a passphrase on an airgapped devices.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
If you want to increase the security of your wallet, you can go for multisig. Although, it is very useful for multiple users purposes. For individual, we have suggested 2-of-3 multisig wallet several times on this forum with the appropriate backups like this:

Seed 1, MPK 2
Seed 2, MPK 3
Seed 3, MPK 1

Backups in different locations. If you lose one of the backups, you can still use the other two to recover your wallet.
sr. member
Activity: 574
Merit: 310
In one of Antonopoulos recent video, he questioned the idea that having a multi-sig strategy to keep you bitcoin is not the ideal solution. For summary, in the video, I have provided the link at the footnote, he stated that MultiSig's primary purpose is to provide separation of concerns or duties for controlling funds in scenarios with multiple independent actors. According to him, MultiSig is suitable for cases where corporate executives or board members jointly control funds, and a certain number of them must collaborate to access funds without the risk of a single individual stealing everything which makes sense.

Each person involved in a MultiSig setup must have adequate backups of the seeds used to create the MultiSig address. Becasue losing a seed can lead to a dangerous failure mode where the MultiSig cannot be reconstructed. From what he said which we already know, MultiSig addresses are generated from a script involving multiple public keys, and the address requires all public keys to be provided for spending, even though only a subset is needed for signing.

He goes further to say that while MultiSig provides redundancy for spending (e.g., 2 out of 3 signatures required), it demands full redundancy for public keys, and it is therefore risky for individual users who may not have the necessary backup redundancy, because if they lose a single seed, they have lost all access to funds. Do you agree with him that multi-sig strategy is not the ideal solutions for individuals? What do you think?

YouTube Video link: https://www.youtube.com/watch?v=sjS5qF65Yos
Jump to: