Are MultiSig wallets just for pros?

9 replies 317 views
gas_gangFull Member
Posts: 23 · Reputation: 275
#1May 31, 2020, 06:56 PM
Are MultiSig wallets actually insecure and meant only for those who know what they're doing? I just came across a post that made me rethink my plans to create a MultiSig wallet for my security. Now I'm kinda worried. Is what this person claims valid? Do MultiSig wallets require way more effort to manage? Or is this just fearmongering? Are there ways to tackle these issues? I always thought MultiSig wallets were super secure. Like, if one wallet got hacked, I’d still have two others showing me the right address. 1) In a 2-of-3 setup, the address includes public keys from all three cosigners. To generate the correct address, you need to trust all cosigners equally. But even with two hardware wallets, the software wallet might trick you into using a fake public key to create the receiving addresses. The hardware wallets just accept info from the other cosigners and can’t verify it. So, the address you get wouldn’t actually belong to your MultiSig wallet but to some wallet you don’t have access to. This could put the hacker, or whoever took control of the software wallet, in a position to extort you for the third key that was inserted by that fake software. Not a great situation, right? It really makes you question how “secure” it all is. Sure, those scenarios may sound a bit far-fetched at first, but they highlight the risks involved.
5 Reply Quote Share
coin777Senior Member
Posts: 143 · Reputation: 970
#2May 31, 2020, 08:51 PM
In case of Taproot, it doesn't have to, because Schnorr signatures can be combined into a single signature. If you don't know the Script behind your multisig, then don't deposit coins there. Because if you have for example only your key to some P2WSH address, and you don't know the Script, then you don't know, if coins are yours or not (and then, this address could contain any keys at all). If you don't verify the Script behind your address, then how would you know, that the address in question contains any multisig at all? It is a must have, to check somehow, that your key matches a given address. That's why I don't use hardware wallets. I have just another laptop, specifically assigned for handling Bitcoin, and nothing else. Then, I can install anything I want, and upgrade it when needed. Because hardware wallets are usually quite limited, and when new features (like Taproot) are released, then it takes some time, to get it supported properly. But if you use software wallets, then you can just upgrade your client, and even add some additional software, to handle special cases. That's why software wallets are better: it is easier to upgrade your software, when needed. Also, you probably don't need fresh keys every time, because you can just use Silent Payments. And if you agree upfront on the way of deriving keys, then you can just increase your nonce, and everyone can derive his Nth key, for the Nth multisig address. Guess what: we already have the whole network, which is built on top of multisig. It is called Lightning Network. Just open a channel, and use 2-of-3 multisig, if you want, and then apply all rules of LN here. If multisig would be that hard, then LN wouldn't exist. And if you have a proper LN client, then it won't accept a fake public key. So, to sum up: if you can handle Lightning Network, then you can handle multisig. You don't have to do everything manually, there are many ready to use clients. And if you feel more comfortable with 2-of-3 multisig, instead of 2-of-2, then just change it. Most rules will stay the same.
2 Reply Quote Share
silentchainHero Member
Posts: 473 · Reputation: 2317
#3May 31, 2020, 11:25 PM
Please note that all cosigners can be yours. If you choose such option you will mitigate the risk of being break down  as the probability that two of three have became (simultaneously) malicious somehow equals to the product of the relevant probabilities for each cosigner. Let's say you have two hardware wallets (HW1 and HW2) and one software wallet (SW) and afraid that during their upgrade one of them is infiltrated with malicious code that could steal you money. You may eliminate such risk by constructing multisig using HW1 , HW2 and SW as your cosigners.
3 Reply Quote Share
im_apeHero Member
Posts: 629 · Reputation: 3824
#4Jun 1, 2020, 04:56 AM
Nothing Bitcoin related is just secure or insecure on its own. They are secure if you do it correctly and insecure if you don't. It comes down to why you are doing this. Are the 3 cosigners 3 members of a company board? Or are you using something like what Electrum 2FA offers? These are different scenarios. For example the Electrum 2FA is a 2-of-3 multisig and you control 2 of the keys so there is no way the "server" that has one key to scam/blackmail you. You see, it depends on how you use it and why. Not all. Only keys at non-hardened paths. As for the problems you are listing involving hardware wallets, the thing is you always want to use tools that are open source and trustable. Like @vjudeu I don't use hardware wallets either, I only stick to 100% open source software that can be verified. That way you know all the issues you described can not happen.
0 Reply Quote Share
gas_gangFull Member
Posts: 23 · Reputation: 275
#5Jun 1, 2020, 05:45 AM
I know the script, it is a 2 of 3 MultiSig where all 3 wallets belong to me. This is more about the fact that 1 wallet out of the 3 was infected with a malicious code. what do I do in this case? Is my entire setup unsafe then? Or do the other two wallets then show me the correct address so that I know that something is wrong and I can set up the MultiSig again All 3 are mine, and all 3 have been hired as CoSigners. The problem here is based on: If I install an update and that update infects my wallet with malicious code. I thought that the 2 other wallets would show me the correct address, but the post I read says that all 3 wallets show the same address even if it is wrong. All 3 CoSigners belong to me, but the post I read says that if 1 CoSigner was infected, then the security of the entire wallet is ruined, because the attacker can then display a false address to which I transfer money, and the 2 CoSigners have to accept it because they can't verify it, they can only verify their own xpub. I thought that if 1 signer was infected and showed a wrong address, that the other 2 signers would show the correct address so I would know, okay, something is wrong here. But the post says that all 3 signers then show the wrong address.
0 Reply Quote Share
coin777Senior Member
Posts: 143 · Reputation: 970
#6Jun 1, 2020, 09:52 AM
Partially. Because if one key is weak, then if another key is strong, then still: 2-of-3 multisig means, that you need two signatures. A single signature will not suffice. Which means, that the security will be simply downgraded to a single key in that case. So: it would be as safe, as 1-of-2 multisig on the remaining two keys. If you won't get exactly the same keys, then you will get different addresses, and you will then notice, that something is wrong, if one wallet gives you one address, and a different wallet gives you something completely different. But obviously, if some wallet is compromised, then it won't need to send coins to any multisig at all, it could just be locked straight into the attacker's address. No, because if you use a different public key, then you will get a different address. Even writing the same public keys in a different order, will lead you to a different address. Why not? If you use HD wallet in all three wallets, and you imported xpubs into other wallets, then you know exactly, what is the previous public key, the current public key, and the next public key. Then, public keys are known by all wallets, and if any of them is compromised, then it will show you a different address. Each public key should be known by each wallet, the only difference is which private keys they have. Why? Let's see some example: If you change anything, then you will see a different address, even if you just shuffle your keys: As you can see, the address is different, even if you just put the same keys in a different order. So, if all wallets will have all xpubs, then they will know upfront, that on index zero, they should get bcrt1qxxy0vyalwl889eyzdeq6m8l4tlfhj5jknkwa34wp4279ztwsrars36v26t. If they will get something else, then they will reject it. So, you can only compromise the system by having a weak xprv. But then, it will be just as safe as 1-of-2 multisig on remaining keys.
1 Reply Quote Share
gas_gangFull Member
Posts: 23 · Reputation: 275
#7Jun 1, 2020, 12:59 PM
What if you can't store the public keys of all cosigners on the hardware wallet? Or can this be stored at every HWW? Would you then see the wrong address on all devices?
2 Reply Quote Share
sage777Full Member
Posts: 102 · Reputation: 305
#8Jun 1, 2020, 01:41 PM
You should. If you cannot, then you can see, why hardware wallets are worse than software wallets. If you cannot store all xpubs, then you cannot verify a new address. More than that: you cannot even create it, because how are you supposed to do that? And then, the question is: how this hardware wallet can support multisig properly, if it doesn't have required features?
4 Reply Quote Share
leo.wolfHero Member
Posts: 540 · Reputation: 2813
#9Jun 1, 2020, 04:04 PM
If I get your question correct you ask of there is exploit on one of the co-signer’s public what will happen to the address, if this  I think the address of that wallet will change. It is the combination of all the public keys that actually generate that address so one of them Changing simply means it is not the same again. It is the major reason why you even safe or backup the public keys of other co-signer with your own seed phrase or private key. The wallet is restored with the three public key wallets and as such an exploited public key is different from the original public which means it will create a different address
1 Reply Quote Share
max_atlasSenior Member
Posts: 132 · Reputation: 834
#10Jun 1, 2020, 05:58 PM
I agree with the points you have made. Multisig wallets still have some risks that anyone would need to consider before fully committing to using it. However, I would argue that this is much safer than using traditional wallets. Obviously we would need to learn a lot and use it properly to minimize all the risks it imposes. Which is why if you are not yet ready for such responsibilities then you can press pause and start learning first. The process of using this might be tedious and inconvenient, it must be said but again if we know what we are doing then we can maximize the benefits of multisig wallets.
3 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics