Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 5 from 3 users
Topic OP
MultiSig only intended for experienced people?
by
Bitcoiner2023
on 04/10/2024, 01:50:29 UTC
⭐ Merited by ABCbits (2) ,pooya87 (2) ,vjudeu (1)
Are MultiSig wallets insecure and only intended for experienced people?

I just read a post and wanted to ask what you thought about it.
wanted to set up a MultiSig wallet for my security, but after this post I'm afraid of it.

Is what he writes true?
Do you have to put in so much effort with a MultiSig Wallet?
Or is this just scaremongering?
Are there solutions to these problems?

I thought MultiSig wallets were very secure, and I thought if 1 wallet was hacked, then I still have 2 wallets that show me the correct address, for example.


1)
An address of a 2-of-3 setup therefore contains the public keys of all three cosigners. In order to generate a correct address, you have to be able to rely equally on all cosigners.

Despite using two hardware wallets, the software wallet from the example above could contribute a fake public key to generate the receiving addresses.
The hardware wallets ultimately have to simply accept the other cosigners' information and have no way to verify it.
The resulting address would no longer have anything to do with your own multisig wallet and would belong to another wallet to which you do not have access.

This would mean that the operator, or the person who compromised the software wallet, would be in a position where he could blackmail the user with a ransom in order to release the third key, which was foisted by the false software. A very unpleasant idea that no longer has much to do with “gained security”.

Such scenarios are of course quite contrived and seem unrealistic at first glance. But it is precisely against such sophisticated attacks that you want to protect yourself with a multisig wallet! Otherwise, you can just stick with a simple hardware wallet, which already provides sufficient protection against the vast majority of threats.

The security of a multisig wallet is always measured by the “most insecure” cosigner, i.e. the greatest vulnerability. Therefore, all cosigners should always have a comparably high level of security. Mixing hot and cold wallets is therefore contradictory and not recommended.


2)
With an “xpub”, an extended public key, all addresses of an account in a Bitcoin wallet can be derived. In a multisig setup, the cosigners have to exchange these keys with each other in order to be able to generate addresses. This exchange is forced to take place via a software wallet on a smartphone or computer, as the hardware wallets cannot speak to each other directly.

An individual cosigner receives information about the other cosigners indirectly via the software wallet, which simply has to be accepted. It is solely up to the user to ensure that the other cosigners' information has been correctly passed on by the software wallet. If this is not done, the software wallet can give you fake public keys, similar to the first stumbling block.

This either makes a blackmail attack possible, as above, or even worse: in this scenario, the software wallet can forge two of the three public keys and thus gain full control over the addresses generated by the hardware wallet.

To rule out this vulnerability, the user must first verify each extended public key individually on the hardware wallet displays. This means that each cosigner can be correctly assigned to an xpub.

In the next step, the user must verify the public keys of the other cosigners on the hardware wallet, which will later also generate addresses, by comparing them with each other. The software wallet theoretically has the possibility of passing on incorrect keys, which would be immediately noticeable at this point.

Only after this successful verification can the address displayed on the hardware wallet, here in the middle, be trusted.

With multisig wallets, it is not that easy to establish trust in receiving addresses, as this always depends on all cosigners and their secure communication with each other. Careful verification of the individual public keys, as well as mutual checking to see whether they were passed on correctly, are crucial in order not to endanger the security of the setup.


3)
The steps just described for verifying receiving addresses are easier said than done. Because some hardware wallets do not offer the necessary functions, such as displaying the cosigner xpubs, and therefore should not be used in a multisig setup.

Furthermore, a completely manual check is anything but practical in the long term. As a user, you are unlikely to go through the procedure described above over and over again for every address you want to use. Sooner or later, users are likely to become careless.

Hardware wallets that are used for a multisig setup should therefore be remembered by all cosigners after setup in order to remain trustworthy in the future without additional manual verification. This is also referred to as the “registration” of a multisig setup.

If you are looking for a beginner-friendly option for more security, you should think twice about whether Multisig is really your first choice. Many tripping hazards are not obvious at first glance and you quickly feel like you are feeling dangerously safe.