Topic: MultiSig wallet vs Multiple SingleSig wallets (Read 145 times)

The derivation path is exactly why I asked, since it still feels obscure. I will look into antonopoulos' videos to understand what derivation paths are.

You ve been very helpful. Thanks

There's no reason you can't use 3-of-4 if that's what best fits your threat model. I simply used 2-of-3 and 3-of-5 as examples, as they are the most common. There's no downside to 3-of-4 when compared to 3-of-5, other than less redundancy and resistance to loss as you point out.

This is certainly possible, but there are a few issues. The first is the obvious security and privacy implications of reusing the same private key across multiple wallets. The less obvious issue is the derivation path issue. If you pull an individual private key from your multi-sig wallet and use it to generate a single-sig address, then you can run in to problems restoring that address from your seed phrase since that address will be at a multi-sig derivation path, rather than one of the common single-sig paths.

A better option would be to reuse the same seed phrase to generate both a single-sig wallet at a standard path such as m/84'/0'/0', as well as one cosigner of a multi-sig wallet at m/48'/0'/0'/2'. Although the seed phrase is the same, the private keys will be completely different.

Earlier you suggested 2-3 or 3-5 multisig. Even though I understand that it's the common use, I don't really understand why not using 3-4 for example. Is there any other downside apart from the obvious, that losing 2 seed phrases would lead you to losing all of your funds?

Finally, is there anything wrong if I used a private key both for a singlesig wallet and as a cosigner in a multisig wallet? I suppose this question must have already been asked somewhere in the forum

I've not used Bluewallet, but with Sparrow it is not necessary to back up the fingerprint. If you are entering a seed phrase for a cosigner then the master fingerprint can be derived, and if you are entering an xpub for a cosigner then you don't need to know the master fingerprint.

In terms of derivation path, Sparrow uses the following for it's multi-sig wallets which conform to both the BIP45 and BIP48 standards, so no need to back them up:

Legacy (P2SH) - m/45'
Nested Segwit (P2SH-P2WSH) - m/48'/0'/0'/1'
Native Segwit (P2WSH) - m/48'/0'/0'/2'

I don't know if you use or have used Bluewallet or Sparrow, but when you scan an xpub (to create a watch only wallet for example), then it shows you 3 attributes: the xpub, the master fingerprint and the derivation path. However, you are right about the derivation path.

I'm not certain what you are referring to by fingerprints. Bitcoin public keys generally don't use fingerprints like PGP keys do. Fingerprints are used in some descriptors, but that's not really relevant here when generating a multi-sig wallet using seed phrases.

In terms of the derivation path, the answer is maybe. Some people would say yes. I would say that as long as you are using a standard derivation path which will be easy to recover from, then probably not.

For example, I have a multi-sig wallet which was created using Electrum. The derivation paths Electrum uses for its multi-sig wallets are in the open source code and are widely known, so I didn't feel the need to back them up.

Awesome. Will I also need the fingerprints and the derivation paths except for the xpubs?

As hosseinimr93 says, you need the threshold number of seed phrases (so 2 in a 2-of-3 system, or 3 in a 3-of-5 system), and you also need the xpubs from the other cosigners.

There are two ways you can go about this. Some people simply back up all their xpubs together in addition to backing up their seed phrases separately. This isn't a great solution for me, because if someone discovers your xpub back up then they can generate your addresses and spy on your wallet. Although they won't be able to spend any coins, they can derive your addresses, see how many coins you have, watch your transactions, and so on.

The way I go about this is as follows. Alongside each seed phrase back up, I also back up a number of other xpubs, such that recovering the threshold number of back ups is enough to recover the entire wallet, but any one back up does not allow an attacker to spy on my wallet. So, for a 2-of-3 system, my back ups look like this:

Back up 1: Seed A, xpub B
Back up 2: Seed B, xpub C
Back up 3: Seed C, xpub A

As you can see, any two back ups will provide me with two seed phrases plus the third xpub, while any one back up does not allow an attacker to spy on my wallet.

For a 3-of-5 system, it would look like this:

Back up 1: Seed A, xpub B, xpub C
Back up 2: Seed B, xpub C, xpub D
Back up 3: Seed C, xpub D, xpub E
Back up 4: Seed D, xpub E, xpub A
Back up 5: Seed E, xpub A, xpub B

This has the same result, where any three back ups provide all the necessary information.

Obviously this can be a little complex to set up to ensure you are not mixing up your seed phrases and your xpubs, so if you plan to do this take your time, double check everything, and practice restoring your wallet from your back ups to ensure they are correct.

Thank you, this info can literally save me.

For generating your addresses, you need all the master public keys.
Assuming you have a 3 of 5 multi-signature wallet, you need three seed phrases and the two master public keys that are derived from the two other seed phrases.
If you have three seed phrases and nothing else, you won't be able to recover the wallet.

You literally said this:

Hello. I may have been misunderstood, but as I said, I don't have a digital backup of my seed phrase. However, it is obvious that since I use a hot wallet, my private key exists on my device, somewhere inside my Bluewallet's app storage. But, my backups are not digital. I think, and maybe I am wrong, that it is much more risky to have a picture of your seed phrase or a text file inside your smartphone, than having imported the seed phrase into an application that uses a specific location to store the keys. Again, it is obvious that if someone could hack my keys they would steal everything from me. But as far as backups are concerned, the only thing I wanted to say was that I don't have a digital copy of them.


The option for the 3-of-5 is very appealing. Thanks for the suggestion. Obviously this is exactly what I wanted. I wanted an idea or an option from someone more experienced than me.


I have a general question that is not clear to me. Let's say at some point that I want to recover my funds and I have nothing but the 3 of the 5 seed phrases. If I used them, importing the seed phrases to a software wallet, wouldn't that be enough? Wouldn't I be able to recover my funds, simply knowing the 3 seed phrases and nothing else? Or would I still need to know the xpub of the other 2?
I am asking because if that's the case, then except for the 5 seed phrases I also need to know all of the 5 xpubs.

A few points to consider.

In your current set up, you obviously have two back ups of each single sig wallet's seed phrase, because if you only had one back up and you lost it, then your wallet is unrecoverable. This is not the case with a multi-sig wallet. Even if you only had one back up of each seed phrase, then you can lose a single back up and still recover your wallet with the other two back ups. If you think your main weakness is one or more of your back ups being discovered, then you could reduce the number of back ups from six to three. You would have less redundancy, but you still would not have a single point of failure.

Alternatively, you could use a 3-of-5 system, again with a single back up of each seed phrase. This would require five back ups instead of six, but would require an attacker to access three of them instead of two of them in order to steal your coins. It would also allow you to lose up to two of your back ups and still recover your wallet.

It mostly depends on how secure your storage locations are against theft and against loss, and finding the balance between security against theft and redundancy against loss. Only you can answer that for your particular situation.

I don't understand why you are suggesting something knowing that it works almost the same like your current system.
If you want to increase security you can simply introduce additional passphrase on top of your 2 of 3 multisig setup, that would be more than enough.
Making so many complications can often result is losing of all your funds, so I would be very careful setting any multisig, especially if you are bitcoin newbie.

You literally said this:

It's a good idea to use a multi-signature wallet if you worry about your seed phrase being stolen.
Just note that if you lose the seed phrase A, seed phrases B and C won't be enough for recovering the wallet. You will need the master public key derived from the seed phrase A as well.

Thanks, although that's not really what I wanted to ask. You are right, but I never mentioned keeping a backup on a device that has access to the internet.

Never backup online or on any device that is connecting online. Backup on paper, or on flashdrive or USB card using airgapped device, you can even encrypt the flash or card which is one if the reasons some people may see it useful. Make sure you backup the seed phrase in two or three different locations. Making sure you check the flash or card monthly to make sure they are intact and not corrected.

Hello, my first post here.

My current system
I own 3 wallets, the keys of which are stored in 2 hardware devices and 1 smartphone.
Therefore, my 3 private keys are stored in 2 cold storage devices and 1 internet-exposed device.
I also hold dual backups of my 3 wallets, therefore 6 backups in total. But, if anybody gained access to one of my backups, they would be able to recover a portion of my money.

Suggested system
I figured I could create a multisig wallet, using a 2-of-3 schema and produce 3 keys using a signing device like a seedsigner for instance.
Then I could keep dual backups of my seeds and have 6 backups in total.
I would have 6 places where each backup is stored. Assume A1, A2, B1, B2, C1, C2, where A1 is the first backup of seed A, and A2 is the second backup of seed A etc.
The total number of pairs with 6 seed phrases is 30, but in order to unlock the multisig vault, there are 24 combinations that can be used.
Therefore, in that case, if anybody gained access to two of my backups that belong to the 24 out of 30 total backup combinations, they would be able to steal all of my money.

My plan in general is to stack sats and I will rarely sign a transaction with my wallet.

What do you suggest? I am very curious to listen to your ideas.