Topic: Multi-signature plugin for Electrum - How much would it cost to develop? (Read 2738 times)

Copay is also great and it has an Android version + desktop browser plugin version.

Don't mean to triple post, but looks like there is an app for HD wallets and multisig transaction signing. Currently runs on android, and on the play store: Onchain.io's transaction signer - https://github.com/onchain/onchain-android

Works a charm, and really hoping to see more like it!

Any updates?

I wrote a CLI script to sign multisignature tx's given a redeem script, raw transaction, and electrum seed. It looks up UTXO info if you're online, otherwise you need bitcoin core compatible JSON inputs data. I've only used it a small bit, it's mainly provided as example usage of my library. I posted about it a while ago but I expect people have reservations about entering their seed into PHP CLI scripts

https://github.com/Bit-Wasp/bitcoin-lib-php/blob/master/examples/electrum_sign_multisig.php

Another bump for multisig.

I´m also very interested in this.

I just found some work from maraoz about multisig creation.

Also I though Armory was implementing this in the last alpha release.

"My goal at the outset was simply to be able to sign a transaction so I could complete it as a user of the site without having to download the entire blockchain"
"If I had known about that javascript-based site, I would've likely never worked on this at all"
Yeah, it has definitely just saved people a lot of work.

BIP32 will eventually be the standard in all clients, from what I gather, but 'eventually' is the important word here. Plenty have the support in them, but still haven't made the change.

Electrum makes use of various chains, but you'd nearly be best taking some stuff from pybitcointools to do the deterministic generation IMO. But you could have it so it uses iteration:2:mpk, and the way of generating the private key (adding integer representations of sha256 hashes) - 2 is chosen because electrum won't ever use that chain, but it makes perfect sense for signing. That way, you could accept a master public key on the website, and do away with asking users for a public key each time - that is if you get all users using the plugin. Could also use stuff from other chains to receive coin from the site.

Best off waiting for BIP32 probably. I'll be doing the same. It'll make it so easy!

I will admit this idea had not occurred to me, due to my poor knowledge of BIP_32. Most end-users I don't think use two wallets as I have suggested several times -- and that is a serious security problem. In fact, most of them don't even take the simple precaution of backing up important info like their Electrum seed or their PGP keys or generating a separate revocation certificate in case of key compromise or loss.

One of the problems in trying to get new features into this is I am not the developer of the plugin that is being used. I knew virtually nothing about bitcoin before working on Electrum except that it used ECC and that the proof of work was used to do away with a central authority for processing transactions. I spent many hours trying to get my output from Electrum to match byte for byte bitcoind's output before I realized that ECDSA isn't always deterministic! My goal at the outset was simply to be able to sign a transaction so I could complete it as a user of the site without having to download the entire blockchain. Since the devs of the site turned it into a plugin, I have only supplied patches on their forums for problems users have had. If I had known about that javascript-based site, I would've likely never worked on this at all. Of course, if I knew what I know now I would've likely used pybtctools to accomplish my goal.

Bip32 and multisig support each other very well. I'm excited about whoever gets to the solution first. Have you seen https://coinb.in/multisig? Its an awesome site, although yet to try it out with mine. It has all the parts it needs for multisig. I'm glad someone was finally able to do this, because signing should only be done by a specific wallet (eventually bip32) or just random keys which don't need to be imported to the client, and in fact shouldn't.

Just a thought, have you thought about adding a non-standard chain in the plugin (0 for normal address, 1 for change, and 2, which the plugin only uses to sign)? If the concern is its using keys that handle coins, and only need to be signed, taking advantage of deterministic generation would be good.

Your plugin would generate pubkeys along this chain, look for transactions to be signed with a key from this chain (as specified in the json)

My eventual plan is accept a bip32 chain, and use internal addresses for generating keys for multisig/signing transactions, and the external for receiving coin.
Addresses for keys come from other extended keys. Who needs a live wallet now!

Since I have written the vast majority of the multi-sig part of that plug-in, I feel I need to respond to this.

The plugin works by generating new recieve addresses (beyond the gap limit), and then giving the public key to the user. This is passed into the web site, which creates the P2SH address to send the coin to as well as presenting them with the redeemScript (so that they could verify with the person they were purchasing from that the address was with their public key as well).

When you need to complete a transaction, you are provided with json that looks like

The plugin then signs the transaction and allows you to broadcast it or save it. If you used the plugin to create the public key it needs, it will be found automatically. If you created a public key somewhere else when you created the escrow address, then you are prompted to supply private key that will be used to sign the transaction.

The main problem with the implementation is it mixes up your keys for making p2sh wallets and the keys you use to handle your coin. I've suggested to all the users they create a seperate wallet that is only used for signing transactions that is kept offline. A full BIP_32 implementation would be a lot nicer, but the plugin is essentially a quick and dirty hack which allows people to use the site without having to use bitcoin-qt.

I saw this alright, I do need to have a look at the internals again however I was told it doesn't rely on the electrum wallet, keypairs for multsig address creation are randomly generated and not deterministically derived from the seed.

I don't see the point in asking users to sign a plugin that will soon be out of date. Eventually, this will be much easier to do and across all clients, there will be support for BIP32, meaning they'll have to support signing transactions where only one of the required keys is available locally.

While on the lookout for something I can use, I think haskoin is going to be a great help, and a realistic option for people using bitwasp to use in the future. The reason being, is it supports BIP32 entirely, and handles multisig accounts well. It also allows stateless signatures to be computed, so if supplied with the transactions hex, and a non-wallet key for signing, it will sign it! I'm already using it to help test a PHP library for BIP32.

ThomasV has told me, once electrum has BIP32 accounts he will be in a better position to release the multisig plugin. They work well together.

The Marketplace (a I2P SR clone) wrote an Electrum plugin for their transactions and use it today for their business.  The source is available at the forum, which unfortunately, you have to run I2P to get. 

http://www.reddit.com/r/themarketplace/comments/1tx26z/the_marketplace_simple_guide_with_pictures_latest/

I'm eagerly waiting for it anyway.. Can it handle signing a transaction where only one of the keys used in the p2sh address is in the wallet (ie, one key is derived from a master public key? If this is the case I would ask users to download it to use bitwasp, until proper support comes in the clients.

I wish to generate multsig addresses deterministically from 3 users master public keys. Users need to be able to sign a transaction spending the funds in the multisig address, where they only have one key of the 3 in their wallet.

Any issues with the gap limit, or will your plugin account for this?

@ThomasV - could you test your plugin against something for me? Please see here: https://bitcointalksearch.org/topic/m.4666722

I am currently working on such a plugin. Expect an announcement soon.

Plugins offload the work of the client developers to others. Client developers should be working to expose the multisig functionality as much as possible.

I did suggest something different in another thread. An application, GUI or CLI, which takes a raw transaction hex (unsigned or partially signed), Json inputs, and an arbitrary private key and tries to sign the transaction

It must parse the redeem script and script pubkey to understand the type of address its dealing with, then see how many keys it can sign with, and return the raw signed transaction. If its fully signed, they can broadcast using any client. If its not fully signed, they pass it to the other parties.

I am looking for security options to professionally manage BTC investor funds (a bit like the guys from Exante).
It would be extremely helpful to have Gui-based Multi-Sig functionality. How much effort would it be to create a plug-in for Electrum that could also be used by a non power-user? Can anybody point me to developers who are currently working on this or who are willing to work as contractors?
Or is there already and open-source solution I just do not know about?