Author

Topic: Solution for 2-of-3 paper wallets without multisig feature (Read 1720 times)

member
Activity: 113
Merit: 10
Ok, so here's the script that I use to generate 2-of-3 paper wallets (can easily be modified for N-of-M). Hopefully some people can use this until the time when bitcoin clients support multisig transactions.
It generates a html file with three parts of one paper wallet.

I've tested it for bitcoin and peercoin. Whatever vanitygen can generate is supported.
Linux Dependencies: vanitygen ssss qrencode (zbar-tools)

Code:
#!/bin/bash
CTR=1
# generate 2 of 3 secret

#remove old keys if file exists
echo "" > paperwallet.keys

#generate new bitcoin address
vanitygen -q -o paperwallet.keys 1
#generate new peercoin address
#vanitygen -X 55 -q -o paperwallet.keys P

#generate QR code for bitcoin address
echo "bitcoin:" > paperwallet.pub
cat paperwallet.keys | sed '4d' | sed '1,2d'  | sed 's/^Address: //' >> paperwallet.pub
cat paperwallet.pub | tr -d '\n'| qrencode -o "paperwallet.pub.png"

#start html output
echo "" > paperwallet.html
echo "
" >> paperwallet.html

#split private key into 3 keys
cat paperwallet.keys | sed '1,3d' | sed 's/^Privkey: //' | ssss-split -t 2 -n 3 -w privatekeypart -q | while read -r line; do
echo $line | qrencode -o "paperwallet.priv.part$CTR.png"

echo "This is part $CTR of a bitcoin paper wallet. two of three parts are needed to recover the original secret
" >> paperwallet.html
echo "
Public Key: " >> paperwallet.html
cat paperwallet.pub >> paperwallet.html
echo "
" >> paperwallet.html
echo "Private Key (one among three): " >> paperwallet.html
echo $line >> paperwallet.html
echo "
" >> paperwallet.html
echo "" >> paperwallet.html
echo "
" >> paperwallet.html
echo "" >> paperwallet.html
echo "
" >> paperwallet.html
echo "use linux command ssss-combine -t 2 to recover original private key from two paper wallets

" >> paperwallet.html
CTR=$[CTR+1]
done

echo "" >> paperwallet.html

use the following lines to test recovery

Code:
zbarimg --raw -q paperwallet.priv.part1.png | tr -s '\n' > testjoin.part1
zbarimg --raw -q paperwallet.priv.part2.png | tr -s '\n' > testjoin.part2
cat testjoin.part1 testjoin.part2 | ssss-combine -q -t 2

be aware that the files generated contain your private key and are not cleaned up by this script. Only generate paper wallets on an offline computer running LiveCD.
member
Activity: 113
Merit: 10
Here's an improved version of the OP: edit: See next post for further improved version

To generate the QR codes for the private key in file testprivkey
Code:
#!/bin/bash
CTR=1
# generate 2 of 3 secret
cat testprivkey | ssss-split -t 2 -n 3 -w testkey -q | while read -r line; do
echo $line | qrencode -o "testsplit.part$CTR.png"
CTR=$[CTR+1]
done

To recover the private key:
Code:
#!/bin/bash
zbarimg --raw testsplit.part1.png  | tr -s '\n' > testjoin.part1
zbarimg --raw testsplit.part2.png  | tr -s '\n' > testjoin.part2
cat testjoin.part1 testjoin.part2 | ssss-combine -t 2

I will give this a go and probably add some comfort to the scripts

Unfortunately, not all tools used are on standard ubuntu liveCD. You need to
Code:
sudo apt-get install ssss qrencode zbar-tools
But anyway, I'd prefer to use the satoshi client to generate the bitcoin address (minimum trust)
member
Activity: 113
Merit: 10
I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.

And there's more: This solution can be applied to any altcoin as well

Well considering most altcoins are clones or near clones of bitcoin, that's not really much of a surprise Wink

No, not a surprise. But adapting armory for altcoins is out of reach for me. So I'm looking for a solution that solves my problem for any coin (or any secret)
sr. member
Activity: 430
Merit: 250
I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.

And there's more: This solution can be applied to any altcoin as well

Well considering most altcoins are clones or near clones of bitcoin, that's not really much of a surprise Wink
Since sss works on data of any kind there's really no limitations on where it can be used, altcoin or not Smiley
hero member
Activity: 518
Merit: 500
I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.

And there's more: This solution can be applied to any altcoin as well

Well considering most altcoins are clones or near clones of bitcoin, that's not really much of a surprise Wink
member
Activity: 113
Merit: 10
I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.
Great, thanks. But it seems this is not yet an official, mature feature (and currently everybody's waiting for the next release including important fixes anyway). And I would prefer a very simple solution that could be run from a liveCD. Your hint leads me to the following:

Code:
cat testprivkey | ssss-split -t 2 -n 3 -w testkey -q

This seems like a very elegant solution to me, as it is very easy to reproduce. One could even print the necessary bash script next to the QR code on the paper wallet.

And there's more: This solution can be applied to any altcoin as well
hero member
Activity: 518
Merit: 500
I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.

yep - armory has the most advanced wallet features out there.
donator
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
BIP38 is supported by http://www.bit2factor.org/
It can be saved and run offline.
sr. member
Activity: 430
Merit: 250
I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.
member
Activity: 113
Merit: 10
As the multisig feature is not yet supported by any bitcoin client (at least not for spending the coins) I was thinking about another way to get a 2-of-3 paper wallet.

edit: You can directly jump to the improved version

The basic idea is:
  • split private key in two files
  • use parchive to generate a recovery file
  • generate qr codes for the three files

now you only need two of those three QR codes to recover your private key.

I tried this with the following detailed procedure:

Private Key: 5JYTix96fp8JtwWF1Vq3gBaM5p31GyYK94K5ezLdUaF3VBZkJ7G

file testprivkey1
Code:
5JYTix96fp8JtwWF1Vq3gBa

file testprivkey2
Code:
M5p31GyYK94K5ezLdUaF3VBZkJ7G


generate PAR recovery file
Code:
parchive a -n1 test.par testprivkey1 testprivkey2

you get an index file test.par and a recovery file test.p01. You don't need to keep the index file, it's only used for checksum validation

generate QR codes
Code:
cat testprivkey1 | qrencode -o testprivkey1.png
cat testprivkey2 | qrencode -o testprivkey2.png
uuencode test.p01 test.p01 > test.p01.uue
cat test.p01.uue | qrencode -8 -o test.p01.uue.png

print it. make sure you mark which code stands for which file

To decode with only testprivkey1 and test.p01:
Code:
zbarimg --raw testprivkey1.png > testprivkey1  
zbarimg --raw testp01.uue.png > back_test.p01.uue
cat back_test.p01.uue | uudecode
parchive r testprivkey1 test.p01

now you just need to concatenate the two sides. done.


The only question that remains is: Can I be sure that the private key cannot be recovered from only the recovery file itself? Not with parchive tool itself, but as parchive is not designed to make this impossible (quite the opposite) I would apprechiate educated comments on my proposal

One approach to make sure the recovery file is not sufficient to recover the private key could be to add random data to the files testprivkey1&2.
The amount of random data would be limited by reasonable QR code size. The recovery file should then have the same size as the input files
Jump to: