Solution for 2-of-3 paper wallets without multisig feature

[brenzi]

As the multisig feature is not yet supported by any bitcoin client (at least not for spending the coins) I was thinking about another way to get a 2-of-3 paper wallet.

edit: You can directly jump to the improved version

The basic idea is:

• split private key in two files
• use parchive to generate a recovery file
• generate qr codes for the three files

now you only need two of those three QR codes to recover your private key.

I tried this with the following detailed procedure:

Private Key: 5JYTix96fp8JtwWF1Vq3gBaM5p31GyYK94K5ezLdUaF3VBZkJ7G

file testprivkey1

Code:

5JYTix96fp8JtwWF1Vq3gBa

file testprivkey2

Code:

M5p31GyYK94K5ezLdUaF3VBZkJ7G

generate PAR recovery file

Code:

parchive a -n1 test.par testprivkey1 testprivkey2

you get an index file test.par and a recovery file test.p01. You don't need to keep the index file, it's only used for checksum validation

generate QR codes

Code:

cat testprivkey1 | qrencode -o testprivkey1.png
cat testprivkey2 | qrencode -o testprivkey2.png
uuencode test.p01 test.p01 > test.p01.uue
cat test.p01.uue | qrencode -8 -o test.p01.uue.png

print it. make sure you mark which code stands for which file

To decode with only testprivkey1 and test.p01:

Code:

zbarimg --raw testprivkey1.png > testprivkey1  
zbarimg --raw testp01.uue.png > back_test.p01.uue
cat back_test.p01.uue | uudecode
parchive r testprivkey1 test.p01

now you just need to concatenate the two sides. done.


The only question that remains is: Can I be sure that the private key cannot be recovered from only the recovery file itself? Not with parchive tool itself, but as parchive is not designed to make this impossible (quite the opposite) I would apprechiate educated comments on my proposal

One approach to make sure the recovery file is not sufficient to recover the private key could be to add random data to the files testprivkey1&2.
The amount of random data would be limited by reasonable QR code size. The recovery file should then have the same size as the input files

[prezbo]

I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.

[cbeast]

BIP38 is supported by http://www.bit2factor.org/
It can be saved and run offline.

[empoweoqwj]

I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.

yep - armory has the most advanced wallet features out there.

[brenzi]

I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.

Great, thanks. But it seems this is not yet an official, mature feature (and currently everybody's waiting for the next release including important fixes anyway). And I would prefer a very simple solution that could be run from a liveCD. Your hint leads me to the following:

Code:

cat testprivkey | ssss-split -t 2 -n 3 -w testkey -q

This seems like a very elegant solution to me, as it is very easy to reproduce. One could even print the necessary bash script next to the QR code on the paper wallet.

And there's more: This solution can be applied to any altcoin as well

[empoweoqwj]

I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.

And there's more: This solution can be applied to any altcoin as well

Well considering most altcoins are clones or near clones of bitcoin, that's not really much of a surprise

[prezbo]

I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.

And there's more: This solution can be applied to any altcoin as well

Well considering most altcoins are clones or near clones of bitcoin, that's not really much of a surprise

Since sss works on data of any kind there's really no limitations on where it can be used, altcoin or not

[brenzi]

I think armory already implemented m-of-n backups based on shamir's secret sharing algorithm. Check the armory subforum for details.

And there's more: This solution can be applied to any altcoin as well

Well considering most altcoins are clones or near clones of bitcoin, that's not really much of a surprise

No, not a surprise. But adapting armory for altcoins is out of reach for me. So I'm looking for a solution that solves my problem for any coin (or any secret)

[brenzi]

Here's an improved version of the OP: edit: See next post for further improved version

To generate the QR codes for the private key in file testprivkey

Code:

#!/bin/bash
CTR=1
# generate 2 of 3 secret
cat testprivkey | ssss-split -t 2 -n 3 -w testkey -q | while read -r line; do 
	echo $line | qrencode -o "testsplit.part$CTR.png"
	CTR=$[CTR+1]
done

To recover the private key:

Code:

#!/bin/bash
zbarimg --raw testsplit.part1.png  | tr -s '\n' > testjoin.part1
zbarimg --raw testsplit.part2.png  | tr -s '\n' > testjoin.part2
cat testjoin.part1 testjoin.part2 | ssss-combine -t 2

I will give this a go and probably add some comfort to the scripts

Unfortunately, not all tools used are on standard ubuntu liveCD. You need to

Code:

sudo apt-get install ssss qrencode zbar-tools

But anyway, I'd prefer to use the satoshi client to generate the bitcoin address (minimum trust)

[brenzi]

Ok, so here's the script that I use to generate 2-of-3 paper wallets (can easily be modified for N-of-M). Hopefully some people can use this until the time when bitcoin clients support multisig transactions.
It generates a html file with three parts of one paper wallet.

I've tested it for bitcoin and peercoin. Whatever vanitygen can generate is supported.
Linux Dependencies: vanitygen ssss qrencode (zbar-tools)

Code:

#!/bin/bash
CTR=1
# generate 2 of 3 secret

#remove old keys if file exists
echo "" > paperwallet.keys

#generate new bitcoin address
vanitygen -q -o paperwallet.keys 1 
#generate new peercoin address
#vanitygen -X 55 -q -o paperwallet.keys P

#generate QR code for bitcoin address
echo "bitcoin:" > paperwallet.pub
cat paperwallet.keys | sed '4d' | sed '1,2d'  | sed 's/^Address: //' >> paperwallet.pub 
cat paperwallet.pub | tr -d '\n'| qrencode -o "paperwallet.pub.png"

#start html output
echo "<html>" > paperwallet.html
echo "<header><style>" >> paperwallet.html
echo "		table {border-collapse:collapse; table-layout:fixed; width:800px}" >> paperwallet.html
echo "		table td {border:solid 1px #fab; width:400px; word-wrap:break-word;}"  >> paperwallet.html
echo "</style></header><body>" >> paperwallet.html

#split private key into 3 keys
cat paperwallet.keys | sed '1,3d' | sed 's/^Privkey: //' | ssss-split -t 2 -n 3 -w privatekeypart -q | while read -r line; do 
	echo $line | qrencode -o "paperwallet.priv.part$CTR.png"

	echo "This is <b>part $CTR</b> of a bitcoin paper wallet. two of three parts are needed to recover the original secret<br>" >> paperwallet.html
	echo "<table><tr><td>Public Key: " >> paperwallet.html
	cat paperwallet.pub >> paperwallet.html	
	echo "</td><td>" >> paperwallet.html
	echo "Private Key (one among three): " >> paperwallet.html
	echo $line >> paperwallet.html
	echo "</td></tr><tr><td>" >> paperwallet.html
	echo "<img src=paperwallet.pub.png width=150>" >> paperwallet.html
	echo "</td><td>" >> paperwallet.html
	echo "<img src=paperwallet.priv.part$CTR.png width=200>" >> paperwallet.html
	echo "</td></tr></table>" >> paperwallet.html
	echo "use linux command <i>ssss-combine -t 2</i> to recover original private key from two paper wallets<br><hr>" >> paperwallet.html
	CTR=$[CTR+1]
done

echo "</body></html>" >> paperwallet.html

use the following lines to test recovery

Code:

zbarimg --raw -q paperwallet.priv.part1.png | tr -s '\n' > testjoin.part1
zbarimg --raw -q paperwallet.priv.part2.png | tr -s '\n' > testjoin.part2
cat testjoin.part1 testjoin.part2 | ssss-combine -q -t 2 

be aware that the files generated contain your private key and are not cleaned up by this script. Only generate paper wallets on an offline computer running LiveCD.