In a phone usage case could 2 of 2 multisig be used where the phone is one key and the NFC tag the other?
Yes, this is my proposal for the first "product" for the sigSafe technology (refer to the pitch in the video). The phone signs with its private key, and then requests that the user taps his tag against his phone to produce the second signature (which is signed internally within the sigSafe tag and then relayed over NFC back to the phone).
I need to give credit to DeathAndTaxes who actually suggested something like this to me when he reviewed the sigSafe white paper back in May. But the simplicity of this solution didn't hit me until recently.
The tag gives hardware security where the phone key allows me to see the transaction I'm signing?
Yes, this solution provides low-cost/simple hardware security by allowing the tag to piggyback off of the phone's screen.
A bonus side effect is I don't have to trust the hardware as much.
That was exactly the intent: since the sigSafe only has one of the two required keys, you don't need to trust the hardware as much.
A multisig solution like this permits something quite interesting: in production, these sigSafe keys could be sold with a random seed already stored in EEPROM and a back-up of that seed printed on archival-quality paper (folded in some tamper-evident packaging). Although advanced users could upload their own keys, new users could actually just use the one that came with the device (even if the sigSafe manufacturer was malicious, the chances that they are also in cahoots with a malicious wallet provider is slim). I really don't want to rely on new users
actually making a properly-verified backup of their seed, so I'd rather the default behaviour be something like:
- tap the tag to the phone to initially create your multisig wallet
- enter the last 6 digits on the front of your paper back-up
I'm assuming here ^^ that the pubkey is printed on the front of the tamper-evident package and the private key is inside. This would allow the phone to ensure that the sigSafe corresponds with the paper back-up.- store the paper back-up some place private and secure. THIS IS THE ONLY WAY TO RECOVER YOUR FUNDS SHOULD YOU LOSE YOUR SIGSAFE.
As long as the user puts the paper backup somewhere safe, I think this solution should be pretty foolproof even if the user loses or destroys his sigSafe.