[solved] Electrum 2 out of 3 multi-sig wallet needs only one signature

[Michiel]

Hi,

I'm playing around with a multi-sig wallet and I've the following setup.

• PC with a view-only wallet W with internet.
• Old laptop with 3 wallets (A, B & C) with seed and without internet
• They a list the same addresses

When I create a transaction (with just 10sats/vbyte to confirm it gets into the mempool, but it's not executed anytime soon if at all) from wallet W it's unsigned. I store the transaction on a usb stick and copy it to the laptop. When I load it in wallet A and sign it, it says partially signed. The same holds for wallet B.

When I do the same for wallet C (based on the same unsigned transaction), it says it's (fully) signed. I can even copy the (signed) transaction to the PC and broadcast it from there. I verified it twice and I'm sure I didn't import a transaction that was already partially signed by wallet A or B.

How is it possible that a 2 out of 3 setup only needs one signature? Please let me know if you need more details.

[Z-tight]

How is it possible that a 2 out of 3 setup only needs one signature? Please let me know if you need more details.

I am having a hard time understanding you. But from your story, you already signed the tx with wallet A and B and that is the 2 signatures that is required to broadcast the tx out of the 3 keys. In a 2 of 3 multisig wallet, you only need two keys to sign and broadcast your tx and i believe that is what you have done here, except i myself is missing something.

[Michiel]

@Z-tight

Thank you for your response.

Let me clarify.
1. I signed the unsigned transaction with wallet A and it said partially signed. I didn't save the partially signed transaction.
2. I repeated this for wallet B, so I signed the unsigned transaction again (so not the partially signed transaction of wallet A, because that one I did not save.) and it said again that is was partially signed. Again, I didn't save the partially signed transaction.
3. I repeated it again for wallet C. I signed the unsigned transaction and it said (full) signed! It was not necessary to sign it with another wallet in order to broadcast it.

I thought, this is not possible, but I repeated this process 2 times again to verify.

Hope it's clear now.

[BitMaxz]

It seems that there is an issue with your Electrum that makes the wallet C think that the unsign transaction you are trying to sign is already signed or it might be a bug or the wallet C is a different wallet?
Or possible you might have made some mistakes during 2of3 wallet creation?
The wallet C should be include the master public key of both A and B if you did mistakes here then that's the reason why it detected as fully signed.

What version of Electrum wallet you are currently using?

[Michiel]

@BitMaxz

If wallet C thinks that's a unsigned transaction, although it's a signed transaction, that would mean wallet W could sign transactions, but that would be wrong because it's a view-only wallet. I even re-created the view-only wallet just to be sure it would use only public keys.

I don't think there are any mistakes made during creation if all addresses across all four wallets are the same right?

Not sure yet where my mistake is. 

The wallets are all created with 4.5.3 and yesterday I updated to 4.5.4, but no effect.

[BitMaxz]

How did you create the unsigned transaction? is this a raw tex you just copy and paste into Notepad and move it to a USB stick?
Or did you save the unsigned transaction into the PSBT file?

This is the first time to heard that the unsign transaction becomes fully signed even without signing it with the two keys. My guess is this is a bug so it is better to report this issue directly to the Electrum Github page so that they can start investigating it and release a fixed version.

- https://github.com/spesmilo/electrum/issues

[AB de Royse777]

@Z-tight

Thank you for your response.

Let me clarify.
1. I signed the unsigned transaction with wallet A and it said partially signed. I didn't save the partially signed transaction.
2. I repeated this for wallet B, so I signed the unsigned transaction again (so not the partially signed transaction of wallet A, because that one I did not save.) and it said again that is was partially signed. Again, I didn't save the partially signed transaction.
3. I repeated it again for wallet C. I signed the unsigned transaction and it said (full) signed! It was not necessary to sign it with another wallet in order to broadcast it.

I thought, this is not possible, but I repeated this process 2 times again to verify.

Hope it's clear now.

After signing from wallet A which one you did (image on the screenshot)?



Copy to clipboard
Show as QR code
Or one from the rest.

Then did you use the clipboard copy or QR to sign from the next wallet?

[Abdussamad]

Wallet C was probably created with 2 out of 3 seeds so it can generate all the required signatures all on its own. Wallet menu > information will probably tell you how many seeds it has.

[nc50lc]

I don't think there are any mistakes made during creation if all addresses across all four wallets are the same right?

Since those are in an "Air-Gap" laptop which should be safe, do this experiment to make sure:

• Open 'Wallet C' and remove its password by setting a blank New Password in "Wallet->Password".
• Then find Wallet C's wallet file in 'wallets' folder inside Electrum's data directory (location), open it as text.
• Find the strings "x1", "x2" and "x3" which represent the three cosigners.
• Check if 'x2' or 'x3' of Wallet C has a seed or xprv key (should be "null") because if it has,
  it can sign the transaction by itself and you've made an error during cosigner setup by providing it with a seed or a private master key.

-snip- Wallet menu > information will probably tell you how many seeds it has.

The "Wallet->Seed" menu only shows the wallet's main seed phrase, the cosigner's seed can be seen in the wallet file (if unencrypted) instead.

[Michiel]

Wonderful! Thank you all so much, especially nc50lc.

Wallet C (actually it was the first one that I created) contained all 3 seeds, I didn't know that was possible.
I assumed when creating a wallet and you insert the 3 seeds, it would store the first seed and compute the public key of the other two and store them.
It's confusing the UI is showing the "main seed" and not the others.

[Cricktor]

Apparently your assumption was wrong and maybe you also don't know enough how multi-sig wallets for each signer work.

Did you follow some tutorial or recipe to setup your co-signer wallets? I ask, because I've never seen in a tutorial to paste more than one seed for a particular signer or co-signer.

And don't forget, to generate the multi-sig wallet's addresses details of all signers are mandatory and required. As an example: for a 3-of-5 multi-sig wallet to be able to derive the addresses you need either all five extend public master keys or more commonly a signer's seed words (this gives you the extended private master key from which the extend public master key can be derived) and the extended public master keys from the four other co-signers. You can never afford to loose all details of any one co-signer.
This is something that is easily misunderstood for multi-sig wallets. Yes, in above example you only need the private keys of three individual co-signers to sign a transaction, but to know the addresses you always need details (private or public master key) from all five co-signers.

[nc50lc]

Wallet C (actually it was the first one that I created) contained all 3 seeds, I didn't know that was possible.
I assumed when creating a wallet and you insert the 3 seeds, it would store the first seed and compute the public key of the other two and store them.

Fair enough, the option doesn't have the same message in "Enter consigner key" where it's explicitly noted that putting a "master private key" will enable you to sign for that particular cosigner.
The "Enter cosigner seed" option is listed as another option without a note.
That may actually confuse someone who's new to Electrum or Bitcoin in general / in terms of safety.

-snip- It's confusing the UI is showing the "main seed" and not the others.

It's noted with the message "Your wallet generation seed is:" because that's created when you make that wallet.
The seed phrases of the second and third cosigners are created by their respective wallets.

[Michiel]

@Cricktor I didn't follow a tutorial exactly, but I've read https://electrum.readthedocs.io/en/latest/multisig.html and https://bitcoinelectrum.com/creating-a-multisig-wallet and of course I made a mistake. I didn't consider the consequences of the "Enter cosigner seed" option.

Thank you for the reminder. I'll store the seeds in different locations and all public keys in multiple places.

@nc50lc
That's exactly what I mean. I'm glad I checked this (and asked about the confusion) before doing any valuable transactions.

That's true, and I think it would be a nice addition to the information dialog to show for which cosigners the current wallet can also sign the transaction.

[nc50lc]

That's true, and I think it would be a nice addition to the information dialog to show for which cosigners the current wallet can also sign the transaction.

Although confusing for newbies,
It's a given that if a cosigner handed-over the seed phrase to begin with, he's already willing to share access to his private keys to that cosigner.

Besides, the previous window explicitly instructs the user to share the (extended) master public key: