@nc50lc
"A client/wallet will not be able to sign by having only the private key of a single signer without the redeem script or cosigner's public key to reproduce it."
Clear! It's essential to store the public key of each cosigner. If they are not leaked, the private key can't move funds.
Just to clarify, since you're using Electrum, you need the cosigner's 'Master Public Key' listed under "
keystore" in your wallet info window (
Menu: Wallet->Information).
The public keys leaked in your spend transactions' redeem script are for the specific MultiSig address used in the input, can't be used to your other addresses.
And to expand that quote, it's possible to generate a signature without the redeem script because the 'message hash' can be generated without it.
But (
for example) an Electrum wallet that only contains the signer's private key without the pubkey of the cosigner will not try since the signed raw transaction has to include the redeem script for the transaction to be valid.
It can be tested by creating a sample 1-of-2 MultiSig Electrum wallet and restore one of the seed phrase as a standard Electrum wallet.
Despite having the correct private keys, it will not sign the (
unsigned) PSBT provided by the MultiSig wallet.
In Bitcoin Core (
legacy), you can test by using
signrawtransactionwithkey and provide only the private key without the redeem script.
Or
signrawtransactionwithwallet using a wallet containing only the private key imported via
importprivkey without the redeem script from
addmultisigaddress command.
Both will fail to sign the raw transaction.