Bitcoin Forum
June 23, 2024, 11:52:16 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: I'd like to do a multi sig wallet  (Read 769 times)
glub0x (OP)
Legendary
*
Offline Offline

Activity: 892
Merit: 1013



View Profile
March 26, 2013, 02:40:53 PM
 #1

Hello it's all in the title.
I'd like to print on 5 papers some part of the btc private key and someone in possession of 3 of thoose paper should be able to easily recover the funds.
Is there any simple way to do so?

The cost of mediation increases transaction costs, limiting the
minimum practical transaction size and cutting off the possibility for small casual transactions

Satoshi Nakamoto : https://bitcoin.org/bitcoin.pdf
jackjack
Legendary
*
Offline Offline

Activity: 1176
Merit: 1255


May Bitcoin be touched by his Noodly Appendage


View Profile
March 26, 2013, 03:03:31 PM
 #2

With non-standard transactions it would have been easy to do

Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2
Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc.
Bitobsessed
Sr. Member
****
Offline Offline

Activity: 291
Merit: 250



View Profile
March 26, 2013, 03:26:15 PM
 #3

Are you saying you want to have a private key that is split into 1/5's, and any of the 3 can redeem the private key?  Bitaddress.org can generate a Vanity address (have not tried it myself) that will generate a 2 way split key.  Not sure about a 3/5 split key but this might help with what you are looking for.

https://bitcointalk.org/index.php?topic=43496.0
kjj
Legendary
*
Offline Offline

Activity: 1302
Merit: 1025



View Profile
March 26, 2013, 03:36:02 PM
 #4

Personally, I think you would be better off making 5 new private keys and then making a P2SH multisig 3-of-5 address from them.

17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs.  You should too.
glub0x (OP)
Legendary
*
Offline Offline

Activity: 892
Merit: 1013



View Profile
March 28, 2013, 09:14:03 AM
Last edit: March 28, 2013, 09:37:12 AM by glub0x
 #5

So would there be a point in making a service such as bitcoinadress that would work as follow :
1 choose how many block you want
2 choose how many block is needed to reform the key
3 random words are created for each block.

For example i choose 3 block and 2 are needed.
Block 1: AB_
Block 2: _BC
Block 3: A_C

2 out of thoose 3 would allow you to reform the word ABC wich can be used as a private key.

Then you can print each block and save them this way.
I only have a problem figuring how to do so in a generic way. (for instance what would be the solution of 6 block and 3 is needed)


For me this solution is much more convenient as:
Brain Wallet --> you can forget the password. If you write it down, someone can stole you. what if you get an accident?
Paper wallet --> canot be spread so much. if someone take a simple picture of it they can stole you. If you keep them at home, what if you get a fire?
If you give to someone, what if he turns rogue?What if your house get stolen? Soon bitcoin will be more wanted than gold!
Encrypted wallet on cd -->  hard to check integrity. same problem as brain wallet

The cost of mediation increases transaction costs, limiting the
minimum practical transaction size and cutting off the possibility for small casual transactions

Satoshi Nakamoto : https://bitcoin.org/bitcoin.pdf
willphase
Hero Member
*****
Offline Offline

Activity: 767
Merit: 500


View Profile
March 28, 2013, 09:37:52 AM
 #6

you could use P2SH or Shamir's secret sharing but those are probably a bit heavyweight.  A lighter weight solution that you can just do with your calculator, but requires more storage (3 c 5 = 10x256bits) would be in this case:

Generate a random 256 bit key for each of the participants.

Go through all the permutations of how you wish the unlock to happen - e.g. in your case there are ten combinations:

{a,b,c} {a,b,d} {a,b,e} {a,c,d} {a,c,e} {a,d,e} {b,c,d} {b,c,e} {b,d,e} {c,d,e}

and XOR the keys against each other e.g. for A, B and C to unlock you generate K(A|B|C).  Then XOR each of these generated intermediate with the master private key you wish to secure (obtain the bitcoin private key from dumprivkey RPC command, then convert to raw 256bit value).  You will end up with ten, 256 bit values which you then publish to all participants, or on a website (it can be public).

EDIT: in fact, you should put the intermediate keys through a SHA256 hash before XORing with the bitcoin private key - this avoids a depth attack where you can just XOR the public values against each other to leak information.  Sorry.
 
Now when three participants wish to decode the public key, they XOR their three secrets with each other along with the correct value from the public intermediate list, and this recovers the private key.

Will

glub0x (OP)
Legendary
*
Offline Offline

Activity: 892
Merit: 1013



View Profile
March 28, 2013, 11:03:25 AM
 #7

Not sure i understand very well.
With your system, let s say the owner of {a,b,c} and {b,d,e} met. They are only 2 yet they can manage to rebuild the whole message (abcde). So this should not work does it?

The cost of mediation increases transaction costs, limiting the
minimum practical transaction size and cutting off the possibility for small casual transactions

Satoshi Nakamoto : https://bitcoin.org/bitcoin.pdf
willphase
Hero Member
*****
Offline Offline

Activity: 767
Merit: 500


View Profile
March 28, 2013, 04:21:00 PM
 #8

Not sure i understand very well.
With your system, let s say the owner of {a,b,c} and {b,d,e} met. They are only 2 yet they can manage to rebuild the whole message (abcde). So this should not work does it?

I think you might be misunderstanding - the notation {a,b,c} is the group of people comprising of person a, person b, person c.

Will

DBordello
Sr. Member
****
Offline Offline

Activity: 349
Merit: 250


BTCPak.com - Exchange your Bitcoins for MP!


View Profile WWW
March 28, 2013, 05:37:03 PM
 #9

I share your desire to do an n-of-m wallet.

The closest thing I have found are some python scripts that let you backup an Armory wallet to n-of-m paper backups.  

At the moment I am waiting for the Offline bundle to be updated to support it.

See: https://bitcointalk.org/index.php?topic=139625.0

www.BTCPak.com - Exchange your bitcoins for MP: Secure, Anonymous and Easy!
dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
March 29, 2013, 07:56:57 AM
 #10

I share your desire to do an n-of-m wallet.

The closest thing I have found are some python scripts that let you backup an Armory wallet to n-of-m paper backups.  

At the moment I am waiting for the Offline bundle to be updated to support it.

See: https://bitcointalk.org/index.php?topic=139625.0

This is newer than that.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!