Author

Topic: Multisig derivation paths and xpubs (Read 396 times)

jr. member
Activity: 59
Merit: 31
August 08, 2023, 10:53:02 AM
#30
Quote
I was thinking less about forgetting your derivation path and more about if you ever needed to use some different piece of software.

As I said above, you can easily back up your derivation path alongside your seed phrase, and therefore have no additional risk of losing your coins. The issue would come if you want to import your multi-sig in to a different piece of software for whatever reason that does not let you specify arbitrary derivation paths.

If you back up your full descriptors and always use the same version of Sparrow then of course there will be no problems. But it is fairly easy to imagine a scenario where you need emergency access to your funds and you are forced to recover the seed phrases using different software, perhaps on a different OS, perhaps on mobile instead of a computer, and so on. In such a case it is always going to be an easier process if you have used the widely accepted standards rather than done something unique.

It is of course up to you - just explaining my rationale behind preferring to stick to standard practices.

I appreciate that. I have Electrum back ups too and a watch only Blue Wallet, but I know what you're saying.
legendary
Activity: 2268
Merit: 18711
August 08, 2023, 10:22:30 AM
#29
However, I think so long as I backup the derivation path I should be ok. This thread will serve as an extra back up Wink
I was thinking less about forgetting your derivation path and more about if you ever needed to use some different piece of software.

As I said above, you can easily back up your derivation path alongside your seed phrase, and therefore have no additional risk of losing your coins. The issue would come if you want to import your multi-sig in to a different piece of software for whatever reason that does not let you specify arbitrary derivation paths.

If you back up your full descriptors and always use the same version of Sparrow then of course there will be no problems. But it is fairly easy to imagine a scenario where you need emergency access to your funds and you are forced to recover the seed phrases using different software, perhaps on a different OS, perhaps on mobile instead of a computer, and so on. In such a case it is always going to be an easier process if you have used the widely accepted standards rather than done something unique.

It is of course up to you - just explaining my rationale behind preferring to stick to standard practices.
jr. member
Activity: 59
Merit: 31
August 07, 2023, 06:26:49 PM
#28
Quote
Simply because it is the standard. I am not aware of a single wallet which derives P2SH address at m/49/0/x by default, while there are hundreds which follow the BIP39 standard of m/49'/0'/x'.

Just like there is nothing stopping me deriving a single sig wallet at m/3894329'/284760'/1609266' and backing up my derivation path, it is much safer to just stick to the standard m/84'/0'/0'.

Ah ok, yes that is a fair point. However, I think so long as I backup the derivation path I should be ok. This thread will serve as an extra back up Wink
legendary
Activity: 2268
Merit: 18711
August 07, 2023, 10:55:24 AM
#27
Forgive my ignorance, but how does a hardened path help wallet recovery? I have the output descriptors and Sparrow and Electrum wallet files backed up on multiple media.
Simply because it is the standard. I am not aware of a single wallet which derives P2SH address at m/49/0/x by default, while there are hundreds which follow the BIP49 standard of m/49'/0'/x'.

Just like there is nothing stopping me deriving a single sig wallet at m/3894329'/284760'/1609266' and backing up my derivation path, it is much safer to just stick to the standard m/84'/0'/0'.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
August 06, 2023, 09:34:36 AM
#26
Quote
-snip-
Thanks for the above. So ultimately unhardened vs hardened doesn't matter a great deal in multisig?
Yes, safer than SingleSig.
The difficulty on getting the necessary number of xprv keys is harder,
but it still depends on how the cosigners handle their individual private keys.

For example:
Since each cosigner wallets contain (e.g. 2-of-3) all three xpubs, if one cosigner wallet is compromised, the attacker will need to get one private keys from one of the other two cosigners.
Still good since it's still safe as long as the other two cosigners are secured.

In case that the attacker is one of the cosigner, all he need to do is "ask" for a single private key from either cosigner to get full control of their funds.
By saying "ask", I mean mislead the cosigners into giving him a private key like of a used address which seem harmless if the person doesn't know the risk.
jr. member
Activity: 59
Merit: 31
August 06, 2023, 09:04:01 AM
#25
Quote
However, I would highly recommend sticking to the standard of using hardened paths for the first three levels if you are using 49 at the purpose level, not least of all to make your life easier when recovering your wallet in the future.

Forgive my ignorance, but how does a hardened path help wallet recovery? I have the output descriptors and Sparrow and Electrum wallet files backed up on multiple media.
legendary
Activity: 2268
Merit: 18711
August 06, 2023, 08:31:49 AM
#24
Which one you choose matters less when it comes to this particular attack vector for multi-sig wallets, yes.

However, I would highly recommend sticking to the standard of using hardened paths for the first three levels if you are using 49 at the purpose level, not least of all to make your life easier when recovering your wallet in the future.
jr. member
Activity: 59
Merit: 31
August 06, 2023, 08:15:12 AM
#23
Quote
Of course in MultiSig, it needs the "N" number of cosigners, not just one.
And the other cosigner's xpub and private keys are unrelated to each other, that unhardened derivation vulnerability isn't applicable to each cosigner's keys.

Thanks for the above. So ultimately unhardened vs hardened doesn't matter a great deal in multisig?
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
August 06, 2023, 12:11:05 AM
#22
Right. So after doing a little digging, it seems that the unhardened path can compromise all the coins in a wallet if the xprv of one address is compromised.
If it's the xprv that's compromised, it doesn't matter if it's unhardened or not, hacker can just derive the private keys from it.
You must be talking about the parent xpub and one of its xprv pair's child private key.
Basically, the wallet's "extended public key" and a "private key".

Of course in MultiSig, it needs the "N" number of cosigners, not just one.
And the other cosigner's xpub and private keys are unrelated to each other, that unhardened derivation vulnerability isn't applicable to each cosigner's keys.
jr. member
Activity: 59
Merit: 31
August 05, 2023, 06:19:58 PM
#21
Quote
The relevance is that unhardened levels can be derived only using public keys, while hardened levels require the private keys. In short, they are entirely different numbers and will derive entirely different addresses.

Right. So after doing a little digging, it seems that the unhardened path can compromise all the coins in a wallet if the xprv of one address is compromised. However, this seems less of a risk for a multisig wallet?
legendary
Activity: 2268
Merit: 18711
August 05, 2023, 01:48:14 PM
#20
Thanks. So, the xpubs will point to the right addresses with or without the derivation paths?
Not necessarily, no. It depends where you get the xpubs from.

If you are using the xpub already at m/49'/0'/4', then it will derive the right addresses. If you are using the xpub at m, then you will need to specify the derivation path.

What is the difference between m/49' and m/49? So far as I can see, the derivation paths for all my multisig wallets are hardened (i.e., m/49).
m/49 is unhardened. m/49' is hardened. The relevance is that unhardened levels can be derived only using public keys, while hardened levels require the private keys. In short, they are entirely different numbers and will derive entirely different addresses.
jr. member
Activity: 59
Merit: 31
August 05, 2023, 01:03:12 PM
#19
Quote
If your output descriptors either include your derivation path, or are using the xpubs already derived from the relevant derivation paths, then yes.

Just be careful with hardened paths. You've said m/49/0/4, but I suspect you mean m/49'/0'/4'.

Thanks. So, the xpubs will point to the right addresses with or without the derivation paths?

What is the difference between m/49' and m/49? So far as I can see, the derivation paths for all my multisig wallets are hardened (i.e., m/49).

legendary
Activity: 2268
Merit: 18711
August 05, 2023, 11:16:24 AM
#18
However, so long as I have the output descriptors and private keys fully backed up, I should always be able to sign from this wallet, correct?
If your output descriptors either include your derivation path, or are using the xpubs already derived from the relevant derivation paths, then yes.

Just be careful with hardened paths. You've said m/49/0/4, but I suspect you mean m/49'/0'/4'.
jr. member
Activity: 59
Merit: 31
August 05, 2023, 08:46:51 AM
#17
Just revisiting this topic for verification/reassurance.

As my (thoroughly backed up and tested) keys are geographically distributed, I have used the derivation path (m/49/0/4) and xpubs derived by my collaborative custodian to create a 2 of 3 fully self-sovereign multisig. It signs fine. My one concern is that I'm using a non-standard derivation path (I would have preferred to have used m/84/0/0). However, so long as I have the output descriptors and private keys fully backed up, I should always be able to sign from this wallet, correct?
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
July 01, 2023, 02:46:25 AM
#16
-snip- Now, my wallet software has three xpubs, but it may or may not have any idea the derivation paths used to reach the two xpubs from the hardware wallets. But actually, it doesn't need to know. All it needs to do is calculate a child key at /0/0 for each one and combine them in to a multi-sig address.

So it can do seed phrase + m/48'/0'/0'/2'/0/0 to generate the first key itself, and then it can do hardware-wallet-xpubs/0/0 to generate the second and third keys. One it has all three keys at /0/0, it combines them to create an address. It does the same thing at /0/1 and combines the three keys to generate the second address, and so on.
...And this is where some "signing issue" came from.
This setup can generate address without any issue, good enough for watching-only wallets.

Problem is, hardware wallets need to know the derivation path to be able to sign the transactions linked to the provided xpub.
This is why MultiSig descriptors with hardware wallets starts from "m" and not directly from xpub.
Ref: github.com/bitcoin/bitcoin/blob/master/doc/descriptors.md#bip32-derived-keys-and-chains

No, it is on. BIP 49 is a multisig derivation path though.
BIP49 is for Nested-SegWit Purpose field but most wallets aren't strict on the derivation path used.
Since it's still set 'on', then the path must have been different from the single-sig Nested-SegWit default m/49'/0'/0' and higher account index which Sparrow wont accept for MultiSig. (test it)
(or maybe it was setup in older versions when the feature isn't implemented yet)
jr. member
Activity: 59
Merit: 31
June 30, 2023, 10:31:56 AM
#15
Quote
So the derivation path is used both in the generation of the xprvs/xpubs, and also in the generation of individual addresses from those xprvs/xpubs. Allow me to explain.

Take the following familiar derivation path: m/84'/0'/0'.

m stands for your master private key, which is generated from your seed phrase. Technically speaking, this is the only key which should ever be called your master private key, but a lot of people and software also use the term master private key to refer to your account extended private key (which I'll come to in a second).

The next three numbers are, in order, your purpose, coin type, and account. 84 is the number assigned to P2WPKH segwit addresses. 0 is the coin type for mainnet bitcoin. The next 0 simply means the first account. As I explained previously, that derivation path tells your wallet software to generate the extended key at the 85th hardened index,* use that to generate the extended key at the 1st hardened index, and then use that to generate the extended key at the 1st hardened index. The extended key you end up with after doing all that is your account extended private key. Account because it is at the account level, extended because you have an extra part which allows you to continue to derive at further levels. But as I said above, lots of places incorrectly refer to this key as your master private key. When you extract an xprv from a wallet, it is almost always this key that you are extracting - your account extended private key.

Now, to get actual addresses from that key, we need to derive through a further two levels. The derivation path of the very first address in your wallet will look like this: m/84'/0'/0'/0/0. The first extra zero is change (0 for not being a change address, 1 if it is a change address), and then the second extra zero is in the index of the individual address itself.

m/84'/0'/0'/0/0 - 1st non-change address
m/84'/0'/0'/0/1 - 2nd non-change address
m/84'/0'/0'/1/0 - 1st change address
m/84'/0'/0'/1/3 - 4th change address
And so on.

Note that multi-sig sometimes add in an additional field called the script type, so instead of something like m/84'/0'/0' you would have m/48'/0'/0'/2'. (48 is the purpose number for such multi-sig paths, and 2 is the script type for P2WSH.)

So, in the case of HD wallets, you can import keys in two ways. The first is that you can either import a seed phrase, and tell the wallet the exact derivation path you used to get the account extended private key. So for example I could give you the following seed phrase:
Code:
tray expect pact quantum junior chronic nation topple boy today maid syrup
And tell you I used the derivation path m/84'/0'/0', meaning you can calculate the following xprv:
Code:
xprv9zScb44VdRkzpdV8djUnNzD69QWRCA3iMvMm29UaouknnXxH3KRrnpN9QAyzEbqgMSVUVUavpki aWuBhTBpefXXX5kg4tUvSQpd2dDHKFFX
The wallet then knows to start there and add on the extra /0/0 derivations to reach individual addresses.

The second option is I can just give the wallet the xprv directly, and not tell it about the seed phrase or the derivation path I used to get to the given xprv. The wallet will take the xprv and add on the extra /0/0 as above, without knowing the derivation path used to reach that xprv.

Now let's say, for example, I'm setting up a 2-of-3 multi-sig. In this particular multi-sig, I'm using one seed phrase on my computer, and two hardware wallets. Let's say the seed phrase on my computer is using the derivation path m/48'/0'/0'/2'. Great. So my software knows to use this deviation path to calculate the first xprv from the seed phrase it has, and the corresponding xpub. Now my two hardware wallets come along. For the sake of argument, the first uses m/84'/0'/0', and the second uses uses m/0'. What a nightmare! Each hardware wallets generates an xprv at the given derivation path, calculates the corresponding xpub for the xprv, and then feeds the xpub to the wallet software on my computer. Now, my wallet software has three xpubs, but it may or may not have any idea the derivation paths used to reach the two xpubs from the hardware wallets. But actually, it doesn't need to know. All it needs to do is calculate a child key at /0/0 for each one and combine them in to a multi-sig address.

So it can do seed phrase + m/48'/0'/0'/2'/0/0 to generate the first key itself, and then it can do hardware-wallet-xpubs/0/0 to generate the second and third keys. One it has all three keys at /0/0, it combines them to create an address. It does the same thing at /0/1 and combines the three keys to generate the second address, and so on.


*Hardened indices, indicated by the ' symbol, are actually the number you see plus 231, but the reasons behind that are not relevant for this.

Wow, thanks for this. I think I'm going to have to read it taking notes several times.
legendary
Activity: 2268
Merit: 18711
June 29, 2023, 08:07:25 AM
#14
I think the fatal flaw in my understanding was that I thought the xpubs were generated solely by the hardware devices and were independent of the derivation path, and that the derivation path specified the receive and change keys from the child xpubs of the devices.
So the derivation path is used both in the generation of the xprvs/xpubs, and also in the generation of individual addresses from those xprvs/xpubs. Allow me to explain.

Take the following familiar derivation path: m/84'/0'/0'.

m stands for your master private key, which is generated from your seed phrase. Technically speaking, this is the only key which should ever be called your master private key, but a lot of people and software also use the term master private key to refer to your account extended private key (which I'll come to in a second).

The next three numbers are, in order, your purpose, coin type, and account. 84 is the number assigned to P2WPKH segwit addresses. 0 is the coin type for mainnet bitcoin. The next 0 simply means the first account. As I explained previously, that derivation path tells your wallet software to generate the extended key at the 85th hardened index,* use that to generate the extended key at the 1st hardened index, and then use that to generate the extended key at the 1st hardened index. The extended key you end up with after doing all that is your account extended private key. Account because it is at the account level, extended because you have an extra part which allows you to continue to derive at further levels. But as I said above, lots of places incorrectly refer to this key as your master private key. When you extract an xprv from a wallet, it is almost always this key that you are extracting - your account extended private key.

Now, to get actual addresses from that key, we need to derive through a further two levels. The derivation path of the very first address in your wallet will look like this: m/84'/0'/0'/0/0. The first extra zero is change (0 for not being a change address, 1 if it is a change address), and then the second extra zero is in the index of the individual address itself.

m/84'/0'/0'/0/0 - 1st non-change address
m/84'/0'/0'/0/1 - 2nd non-change address
m/84'/0'/0'/1/0 - 1st change address
m/84'/0'/0'/1/3 - 4th change address
And so on.

Note that multi-sig sometimes add in an additional field called the script type, so instead of something like m/84'/0'/0' you would have m/48'/0'/0'/2'. (48 is the purpose number for such multi-sig paths, and 2 is the script type for P2WSH.)

So, in the case of HD wallets, you can import keys in two ways. The first is that you can either import a seed phrase, and tell the wallet the exact derivation path you used to get the account extended private key. So for example I could give you the following seed phrase:
Code:
tray expect pact quantum junior chronic nation topple boy today maid syrup
And tell you I used the derivation path m/84'/0'/0', meaning you can calculate the following xprv:
Code:
xprv9zScb44VdRkzpdV8djUnNzD69QWRCA3iMvMm29UaouknnXxH3KRrnpN9QAyzEbqgMSVUVUavpkiaWuBhTBpefXXX5kg4tUvSQpd2dDHKFFX
The wallet then knows to start there and add on the extra /0/0 derivations to reach individual addresses.

The second option is I can just give the wallet the xprv directly, and not tell it about the seed phrase or the derivation path I used to get to the given xprv. The wallet will take the xprv and add on the extra /0/0 as above, without knowing the derivation path used to reach that xprv.

Now let's say, for example, I'm setting up a 2-of-3 multi-sig. In this particular multi-sig, I'm using one seed phrase on my computer, and two hardware wallets. Let's say the seed phrase on my computer is using the derivation path m/48'/0'/0'/2'. Great. So my software knows to use this deviation path to calculate the first xprv from the seed phrase it has, and the corresponding xpub. Now my two hardware wallets come along. For the sake of argument, the first uses m/84'/0'/0', and the second uses uses m/0'. What a nightmare! Each hardware wallets generates an xprv at the given derivation path, calculates the corresponding xpub for the xprv, and then feeds the xpub to the wallet software on my computer. Now, my wallet software has three xpubs, but it may or may not have any idea the derivation paths used to reach the two xpubs from the hardware wallets. But actually, it doesn't need to know. All it needs to do is calculate a child key at /0/0 for each one and combine them in to a multi-sig address.

So it can do seed phrase + m/48'/0'/0'/2'/0/0 to generate the first key itself, and then it can do hardware-wallet-xpubs/0/0 to generate the second and third keys. One it has all three keys at /0/0, it combines them to create an address. It does the same thing at /0/1 and combines the three keys to generate the second address, and so on.



*Hardened indices, indicated by the ' symbol, are actually the number you see plus 231, but the reasons behind that are not relevant for this.
jr. member
Activity: 59
Merit: 31
June 29, 2023, 07:11:06 AM
#13
Quote
Maybe you have the safety setting "Validate Derivations" disabled that enabled you to use the single-sig derivation paths to MultiSig.

No, it is on. BIP 49 is a multisig derivation path though.

Quote
I have no means to test this but you may be able to sign by creating a new MultiSig wallet with the correct derivation paths to the provided extended public keys.

I think you're right. The $30 locked in that wallet is the cost of tuition.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
June 29, 2023, 06:52:41 AM
#12
So, given I imported two xpubs from a BIP 49 setup and one from a BIP 84 wallet, then used the derivation path BIP 48 to derive all the receive and change keys, have I just made a huge spaghetti soup that I won't be able to sign?
I have no means to test this but you may be able to sign by creating a new MultiSig wallet with the correct derivation paths to the provided extended public keys.

Quote
BTW, in Sparrow, you can't use the standard derivation path of BIP49 in a MultiSig setup by design.
That's strange, I currently use BIP 49 in a collaborative multisig 3 of 5 setup, and imported it into Sparrow with no issue. I was also able to form a 2 of 3 setup using the same xpubs and derivation path in Sparrow.  
I checked and that safety check can indeed be disabled.
Maybe you have the safety setting "Validate Derivations" disabled that enabled you to use the single-sig derivation paths to MultiSig.
jr. member
Activity: 59
Merit: 31
June 29, 2023, 05:58:20 AM
#11
Quote
Perhaps.
If those Nested SegWit extended public keys are derived from your master private key with m/49'/0'/0' path,
But used it in a MultiSig setup and provided the standard path of m/48'/0'/0'/1' (BIP48 - Nested SegWit), then your hardware wallet will derive a different xpub key than what you've provided.

What does the descriptor looks like? You can edit the extended public keys for privacy reasons.
BTW, in Sparrow, you can't use the standard derivation path of BIP49 in a MultiSig setup by design.

I think the fatal flaw in my understanding was that I thought the xpubs were generated solely by the hardware devices and were independent of the derivation path, and that the derivation path specified the receive and change keys from the child xpubs of the devices.

So, given I imported two xpubs from a BIP 49 setup and one from a BIP 84 wallet, then used the derivation path BIP 48 to derive all the receive and change keys, have I just made a huge spaghetti soup that I won't be able to sign?

Quote
BTW, in Sparrow, you can't use the standard derivation path of BIP49 in a MultiSig setup by design.
That's strange, I currently use BIP 49 in a collaborative multisig 3 of 5 setup, and imported it into Sparrow with no issue. I was also able to form a 2 of 3 setup using the same xpubs and derivation path in Sparrow.  


legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
June 29, 2023, 02:33:04 AM
#10
I took what I know to be valid xpubs from my three keys and used the derivation path for nested segwit. However, I can't sign from that quorum. I'm thinking this is probably because the xpubs I am using were not generated by the derivation path I specified?
Perhaps.
If those Nested SegWit extended public keys are derived from your master private key with m/49'/0'/0' path,
But used it in a MultiSig setup and provided the standard path of m/48'/0'/0'/1' (BIP48 - Nested SegWit), then your hardware wallet will derive a different xpub key than what you've provided.

What does the descriptor looks like? You can edit the extended public keys for privacy reasons.
BTW, in Sparrow, you can't use the standard derivation path of BIP49 in a MultiSig setup by design.
jr. member
Activity: 59
Merit: 31
June 28, 2023, 07:18:18 PM
#9
I have the master fingerprints, so could sign. That’s not the issue. The private keys are stored in my hardware wallets.
legendary
Activity: 1526
Merit: 1032
Up to 300% + 200 FS deposit bonuses
June 28, 2023, 07:13:21 PM
#8
Ok, so I'm learning through doing here. I took what I know to be valid xpubs from my three keys and used the derivation path for nested segwit. However, I can't sign from that quorum. I'm thinking this is probably because the xpubs I am using were not generated by the derivation path I specified?
You can't sign because you don't have the private key, So is not because of different xpubs or public keys.
jr. member
Activity: 59
Merit: 31
June 28, 2023, 05:18:15 PM
#7
Ok, so I'm learning through doing here. I took what I know to be valid xpubs from my three keys and used the derivation path for nested segwit. However, I can't sign from that quorum. I'm thinking this is probably because the xpubs I am using were not generated by the derivation path I specified?
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
June 28, 2023, 10:16:30 AM
#6
My question is, can each device in a multisig setup have a different derivation path? I always thought every device had to refer to the same one.
A derivation scheme is just one of the ways to organize the storage or relationship of keys: each key in such a scheme will have its own place within this huge hierarchy, but they all can be derived from the common ancestor. The entropy (single signature wallet) or a bunch of entropies (multi-signature wallet) serve as an entry point from which to generate information needed for wallet creation and signing of transaction data. While you are absolutely free to determine how initial entropy and derived keys should relate to each other, it is advisable to follow standards described in BIPs and similar specifications because this helps wallet software to remain interoperable and interchangeable.
legendary
Activity: 2268
Merit: 18711
June 28, 2023, 12:48:01 AM
#5
My question is, can each device in a multisig setup have a different derivation path?
Absolutely.

The derivation path tells your software how to turn a seed phrase in to an extended private key and extended public key. So if you use m/49/0/3, this tells the wallet to derive the extended key at the 50th index, then use that to derive the extended key at the 1st index, then use that to derive the extended key at the 4th index. This final extended key is the xprv/xpub used in your multi-sig wallet.

It doesn't matter if every seed phrase in your multi-sig uses a different derivation path - each one will end up with an xprv/xpub which are combined to create your multi-sig. In fact, the wallet does not even need to know the derivation paths at all. Indeed, there doesn't even need to be a seed phrase in the first place. You could just generate an xprv directly from some entropy source.

As long as you feed it it the same xprvs/xpubs, it will always generate the same addresses, regardless of where these xprvs/xpubs came from.
legendary
Activity: 2534
Merit: 6080
Self-proclaimed Genius
June 27, 2023, 10:53:36 PM
#4
My question is, can each device in a multisig setup have a different derivation path? I always thought every device had to refer to the same one.
Technically, it's not an issue since each of your MultiSig Addresses are derived from each cosigner's individual child keys.
The derivation path is just a way to tell the client a way to derive child keys.

Signing wont be an issue either as long as the client know how to derive those child keys from the master key.

As for Sparrow, it's using "Descriptors" to take note of the derivation path for each cosigner master keys.
legendary
Activity: 1526
Merit: 1032
Up to 300% + 200 FS deposit bonuses
June 27, 2023, 09:04:27 PM
#3
My question is, can each device in a multisig setup have a different derivation path? I always thought every device had to refer to the same one.
I believe every wallet has a different costume path, so be careful about that. we've discussed it here: https://bitcointalksearch.org/topic/m.54314948
jr. member
Activity: 59
Merit: 31
June 27, 2023, 05:10:34 PM
#2
My current multisig (with a third-party provider) uses m/49/0/3. I took the derivation paths and xpubs from that and created a smaller multisig quorum, which has signed fine.
jr. member
Activity: 59
Merit: 31
June 27, 2023, 04:12:05 PM
#1
I am having trouble wrapping my head around derivation paths in multisig setups. I had a multisig wallet with the derivation path m/49/0/3 (i.e., each key used that path). I wanted to swap a key to set up a new wallet. I used Sparrow and, even though the new device used the derivation path m/48/0/0/2 and the other two had m/49/0/3, it still generated the multisig wallet (i.e., Sparrow detected no error).

My question is, can each device in a multisig setup have a different derivation path? I always thought every device had to refer to the same one.
Jump to: