2FA wallet on Blockstream Green wallet

[_act_]

On Election 2FA wallet, you can bypass the TrustedCoin by using 2 of your keys for signing transaction. It is a 2 of 3 multisig wallet. But Green 2FA wallet is made up of 2 of 2. It has a tool that can be used to bypass the Blockstream server after the time set for 2FA is over, but it is 2 of 2. I want to know if the recovery tool is used, the wallet will still remain 2 of 2 or become 1 of 2 when the 2FA is disabled.

[jrrsparkles]

There are two types of multi sig wallet offered by Blockstream wallet which are Standard Accounts (2-of-2) and 2-of-3 Accounts.



Suppose you lost your recovery seeds which is either 12 or 24 words seeds. In that case, I don't think there is any way that you can access the funds even though the standard 2 of 2 wallet disabled if there is no transactions made in 1-year time frame it becomes a regular wallet this means you can access the funds with only 12 or 24 words seeds that you supposed to keep safe.

Without seeds, there is no way you can recover anything and I bet Blockstream doesn't have backup of your seed words.

[Pmalek]

If you create a 2 out of 3 multisig account, then you don't need Blockstream's help and signing keys to make transactions. You'll have two keys with the needed privileges to spend your coins. But with a 2 out of 2 wallet, you also need Blockstream's signature. There is a timelock period with these wallets. The 2FA will remain active if you make at least one transaction within 12 months approximately. If not, the timelock will expire, and you can spend from the wallet using ONLY your key.   

You can read more about it here:
https://help.blockstream.com/hc/en-us/articles/900001391763-How-does-Blockstream-Green-s-2FA-multisig-protection-work

[nc50lc]

-snip- I want to know if the recovery tool is used, the wallet will still remain 2 of 2 or become 1 of 2 when the 2FA is disabled.

This is tricky to answer since their new script is more than just 2-of-2 MultiSig and no recovery tool can edit UTXOs.
It actually has a ELSE condition that when a certain time/block has passed, the script in it will be valid rather than IF.

Without looking at their low level documentation, I believe that the locking script is something like this: (or close)

Code:

IF
    2 <Your pubKey> <Blockstream's pubKey> 2 CHECKMULTISIG
ELSE
    "51840" CHECKSEQUENCEVERIFY DROP
    <Your pubKey> CHECKSIG
ENDIF

If it's the script that they used, after an approximate of 360 days,
you can spend the output(s) as a simple single-sig (CHECKSIG) without even requiring Blockstream's public key like that of a 1-of-2 MultiSig.
If this is the case, the answer is closer to "it become Single Sig" than "it become 1-of-2 MultiSig".

[_act_]

There are two types of multi sig wallet offered by Blockstream wallet which are Standard Accounts (2-of-2) and 2-of-3 Accounts.

I am not asking if there are two types of multisig wallet on Blackstream Green, I am referring to 2 of 2 wallet. You can know that I explained it already that we know the mechanism 2 of 3 multisig is working but I want to know about 2 of 2 multisig. The question is that if it is 2 of 2, that what mechanism will be used to spend from it if you lost the 2FA because there is no way you can use Blockstream server to sign the  PSBT transaction.

Suppose you lost your recovery seeds which is either 12 or 24 words seeds. In that case, I don't think there is any way that you can access the funds even though the standard 2 of 2 wallet disabled if there is no transactions made in 1-year time frame it becomes a regular wallet this means you can access the funds with only 12 or 24 words seeds that you supposed to keep safe.

Without seeds, there is no way you can recover anything and I bet Blockstream doesn't have backup of your seed words.

I am not saying if someone lost the seed phrase. What I am asking is if the wallet will turn to 1 of 2 or a single public key wallet? I think nc50lc understand what I am talking about. I will prefer to stick to 2 of 3 multisig.

If you create a 2 out of 3 multisig account, then you don't need Blockstream's help and signing keys to make transactions. You'll have two keys with the needed privileges to spend your coins. But with a 2 out of 2 wallet, you also need Blockstream's signature. There is a timelock period with these wallets. The 2FA will remain active if you make at least one transaction within 12 months approximately. If not, the timelock will expire, and you can spend from the wallet using ONLY your key.   

You can read more about it here:
https://help.blockstream.com/hc/en-us/articles/900001391763-How-does-Blockstream-Green-s-2FA-multisig-protection-work

I knew, all the explanations can easily be seen on the wallet. I know that I can be able to recover it but with a tool.



If you click on the recovery tool in green, it will take you to the tool on GitHub. The question is that how is the tool working? I know that I can use the tool for the recovery if the time I set for it without spending has passed.

If it's the script that they used, after an approximate of 360 days,
you can spend the output(s) as a simple single-sig (CHECKSIG) without even requiring Blockstream's public key like that of a 1-of-2 MultiSig.
If this is the case, the answer is closer to "it become Single Sig" than "it become 1-of-2 MultiSig".

Another thing that I guess is that the tool can be used to recover the second private key instead of using Blockstream server for the signing, making it possible for the person to be able to use the key that the server supoose to use for the signing.

Thank you all for your answers.

[Pmalek]

If you click on the recovery tool in green, it will take you to the tool on GitHub. The question is that how is the tool working? I know that I can use the tool for the recovery if the time I set for it without spending has passed.

Blockstream Green isn't a very popular wallet in these parts, so besides interpreting their documentation and looking at the code, like nc50lc did, I don't think you will find many people with hands-on experience. Perhaps the best thing to do would be to contact Blockstream's customer support and ask them directly. You could also check if they have quality personnel attending reddit, Telegram, or some other medium where you could ask such questions.

[nc50lc]

If it's the script that they used, after an approximate of 360 days,
you can spend the output(s) as a simple single-sig (CHECKSIG) without even requiring Blockstream's public key like that of a 1-of-2 MultiSig.
If this is the case, the answer is closer to "it become Single Sig" than "it become 1-of-2 MultiSig".

Another thing that I guess is that the tool can be used to recover the second private key instead of using Blockstream server for the signing, making it possible for the person to be able to use the key that the server supoose to use for the signing.

A good guess, but my post is rather based from their FAQ which states that they are using OP_CSV and a period of 365 days for the output to be spendable by the user's key alone.

So I'm confident that it's close to the provided script, (may be using relative lock time ("365d") than relative block height ("51840"))
and all the recovery software does is to construct the script with the user's keys derived from his mnemonic and create transactions set with the correct nSequence from associated UTXOs that it found.

And a slight correction, Blockstreams public key is still required in the "redeem script", but the condition that should be fulfilled is still OP_CHECKSIG, not the OP_CHECKMULTISIG on top.