[Guide] How to Create MultiSig Electrum Wallet for Beginners

[butka]

I wasn't able to find a beginner's guide to creating a MultiSig Electrum Wallet, so I'm going to try to explain how it goes here.

This is the first time I've ever created a multiSig wallet, so I'd appreciate your feedback.

This guide will be specifically tailored to a 2 out of 2 solution, but I think you can easily extrapolate it to any other M out of N signature wallet.

Why would you want to create a MultiSig Wallet?

For one, it improves security. You need both signatures for any outgoing transaction, so if one of the wallets gets compromised, the other hopefully won't be and this may save your coins.  

You can install 2 wallets on 2 different computers by yourself, without any other person involved. In this case, you will control both private keys. This is what I did in this guide.

Of course, you can create this multisig solution together with someone else, for example, with your spouse or friend. In that case, you will control just one of the private keys, while your spouse the other. However, this is NOT the best idea if you ask me, considering how a good marriage (or friendship) may turn sour very quickly.

Multisig wallets are probably the most useful in various business endeavors, where several partners (cosigners) control mutual funds by holding one of the several keys necessary to unlock the funds. Exchanges store the majority of their coins off-line in multisig wallets as well. Some exchanges, like Bitmex, use 2 out of 3 multisig solutions for all customer funds all the time. So there is no doubt that multisig wallets are very useful.

For the purpose of demonstrating this concept (and because I won't use this wallet in real life), I selected my normal PC to install Wallet 1. Wallet 2 was installed in a virtual machine [Linux]. (You can also use a hardware wallet as wallet 2 Ref. [1].)

1) Start the Creation of Wallet 1

This section is essentially just to get the seed and Master Public Key of Wallet 1. We will stop the creation of Wallet 1 half way down the road, to return to it after creation of Wallet 2.

1. Choose New/Restore



2.Give it a name



3. Choose Multi-signature Wallet



4. Choose the number of signatures



The first slider indicates the total number of cosigners (wallets). The second slider indicates how many of them are needed for signing. We have here 2 of 2.

If we wanted to create a 2 out of 3 multisig wallet, it would look like this: https://i.imgur.com/N8CqQre.jpg

5. Choose Standard



6. Write down the seed and store it somewhere safe. Remember, this is equivalent to your private key. Don't share it with anyone.



7. Next comes the Master Public Key (MPK)



The MKP starts with xpub... You should save the MPK in a file and transfer it to the other computer. This is the only thing you should share with your cosigners in case you are creating MultiSig Wallet with someone else.

8. Now it asks for cosigner's info



You can stop here, because you don't have the MPK of wallet 2 just as yet. Just abort the creation.

Two important things are:

a) we have our seed of wallet 1 written down
b) we have our MPK of wallet 1 saved in a file

2) Start and Finish the Creation of Wallet 2

In this step, we go to the second computer and pretty much repeat the steps as for Wallet 1. But now, since we know MPK of wallet 1, we can finish the creation of wallet 2.

For example, we start here:

1.



....

we write down the seed of Wallet 2, and save the MPK of wallet 2 in a file
....

and follow the steps as in the previous chapter to this point:


9.



Here we enter the MPK of Wallet 1 saved from earlier.

This concludes the creation of Wallet 2. You can go to Addresses tab and something like this will appear.



3) Finish the Creation of Wallet 1

We go back to the first computer and finish what we have started with  Wallet 1.

Choose I already have a seed



enter the seed of wallet 1, and then enter MPK2 when asked for it in step 8.

When the creation of Wallet 1 is completed, compare the addresses. They should be the same as in Wallet 2.




Notes

• The fact that the addresses are equal, means that you now have a working 2 out of 2 multisignature wallet.
• Anyone can send you coins to one of these addresses. You should learn how to spend coins from this type of wallet, as described in Ref [2].
• The seed is virtually identical to your private key. Keep it safe. In this guide we own both private keys, so we should probably store them in two different physical locations. For example, you can use a bank's safety deposit box as one of these locations, as indicated in the post of @pooya87 below.
  
• If you create a multisig together with someone else, never show them your seed. If you do, they will have full control over the funds.
• If you create a multisig together with someone else, give them only your MPK. You should also receive their MPK.
• If you create a multisig together with someone else, show your MPK only to them. If you share it with a third person, they will know all your addresses and you will potentially lose your anonymity/privacy.

References

[1] https://freedomnode.com/blog/109/how-to-create-and-use-a-multi-signature-wallet-with-electrum-and-trezor
[2] http://docs.electrum.org/en/latest/multisig.html

[1714951606]

1714951606

[1714951606]

1714951606

[1714951606]

1714951606

[butka]

As usual you made thread which really easy to understand, i might need this since i never use multi-sig wallet.

Thanks a lot.

I wonder if you made this thread after other member confused with MultiSig wallet on Electrum?

No, I didn't know about that. A couple of weeks ago I tried to see if this forum had a guide about a creation of multisignature wallet, but I couldn't find it. So I decided to try to make one.

[pooya87]

For one, it improves security. You need both signatures for any outgoing transaction, so if one of the wallets gets compromised, the other hopefully won't be and this may save your coins. 

You can install 2 wallets on 2 different computers by yourself, without any other person involved. In this case, you will control both private keys. This is what I did in this guide.

it is worth mentioning that when you create a multisignature wallet for yourself, unless you keep the keys that you just created separately there wouldn't be any additional security gained. for example you should print 1 xprv on a paper and keep it in your home safe, and print the second xprv and keep it in a bank's safety deposit box or with a family member if you can trust any!

[butka]

it is worth mentioning that when you create a multisignature wallet for yourself, unless you keep the keys that you just created separately there wouldn't be any additional security gained. for example you should print 1 xprv on a paper and keep it in your home safe, and print the second xprv and keep it in a bank's safety deposit box or with a family member if you can trust any!

Thanks a lot. I was thinking about this idea myself. It makes perfect sense, of course, the only requirement is that the bank is reliable enough (not to be robbed or something). I will edit the OP to include this.

[pooya87]

it is worth mentioning that when you create a multisignature wallet for yourself, unless you keep the keys that you just created separately there wouldn't be any additional security gained. for example you should print 1 xprv on a paper and keep it in your home safe, and print the second xprv and keep it in a bank's safety deposit box or with a family member if you can trust any!

Thanks a lot. I was thinking about this idea myself. It makes perfect sense, of course, the only requirement is that the bank is reliable enough (not to be robbed or something). I will edit the OP to include this.

the idea is to hold them separately and preferably not in one place. bank safety deposit box was just an example. you can leave it with your parents for example. and there is always encryption option where you encrypt your private key (or your seeds) with a strong password then even if you leave it in the open nobody can rob you.
for example it will look like this:

Code:

6PRW8vhrrQ5gosZEceEYPUqGhd3hxnsaYKcKmquzv9EJBFhmkbGNHbSZ1u

this is the private key in bitcoin wiki that i encrypted using BIP38 and the password is

Code:

Dhfj@8$65GHdb43$9)jdb

as you can see it is base58 (like a private key) but starts with 6 and it is pretty convenient to print or write down and store.

[butka]

...for example. and there is always encryption option where you encrypt your private key (or your seeds) with a strong password then even if you leave it in the open nobody can rob you....

Thanks for bringing this up. I have been planning to look into BIP38 a little bit more. Is there a recommended software for encrypting/decrypting of this type?

[pooya87]

...for example. and there is always encryption option where you encrypt your private key (or your seeds) with a strong password then even if you leave it in the open nobody can rob you....

Thanks for bringing this up. I have been planning to look into BIP38 a little bit more. Is there a recommended software for encrypting/decrypting of this type?

first thing you need to know about encrypting is that it is not something bitcoin specific. you basically have a text that you want to encrypt so you can use any tool that does that for you. for example you can play around in this site: http://cryptojs.altervista.org/secretkey/aes_cryptojs-v3.html (obviously it is not safe for private keys since it is online).
for instance Electrum wallet uses AES-256-CBC for encrypting the wallet file/keys.

as for BIP38 it is using the same scheme as AES-256 (i believe without padding) and then does a bunch of other stuff, adds a prefix and encodes it with base58 so that it looks like a private key.

all the wallets have encryption feature although they don't have an interface for you to easily use it if you want to export encrypted. the only thing that is focused on this that i know of is bitaddress.org. which you can take a copy and run offline. then go to the last tab saying "wallet details" enter your private key, select BIP38 Encrypt" enter a password and click the "encrypt BIP38" button. then copy the result from the bottom of the page.

[Abdussamad]

The easiest way to add 2fa protection to your seed in electrum is to use the seed extension feature. On the seed re-entry step click on options and choose to extend the seed with custom words. Then in the following steps you will have the option to add your own password/passphrase as a seed extension. Your backup will then consist of the seed words that your right down and the seed extension that you memorize. Without both of those your wallet cannot be recovered.

Alternatively if you're comfortable with soft copy backups simply putting a password on your wallet (wallet menu > password) will encrypt it and then you can place a copy of that encrypted wallet file on a removable drive via file > save copy. Each co-signer will have to do this with their wallet file separately.

[bob123]

The easiest way to add 2fa protection to your seed in electrum is to use the seed extension feature. [...] Your backup will then consist of the seed words that your right down and the seed extension that you memorize.

The seed extension feature does NOT replace 2FA protection.
Data secured with 2FA needs 2 things to be accessed: Something you know (seed, password, secret information, ...) and something you have (token, mobile phone, ...).

Using the seed extension just adds another thing you need to know. This adds plausible deniability, but that's not 2FA - by definition.

Without both of those your wallet cannot be recovered.

I wouldn't be too sure about that.
Depending on the extended word (which basically is just a password) it might be able to be bruteforced.
The whole security (if you rely on the seed extension as security factor) is dependent from the password (lenght, char set, comlexity, ...) used. And humans are known to choose weak passwords.

If someone has access to the seed, bruteforcing a medium password is definitely an option.

[Abdussamad]

The easiest way to add 2fa protection to your seed in electrum is to use the seed extension feature. [...] Your backup will then consist of the seed words that your right down and the seed extension that you memorize.

The seed extension feature does NOT replace 2FA protection.
Data secured with 2FA needs 2 things to be accessed: Something you know (seed, password, secret information, ...) and something you have (token, mobile phone, ...).

The seed is something you have in this case since you are not memorizing it but writing it down and relying on that written copy alone. The extension is something you know.

If someone were to discover the seed you've written down they would not be able to restore your wallet since they lack the second factor which is the seed extension.

Yes it's possible that if a committed attacker discovers your seed they can attempt to bruteforce your seed extension.  However this applies to any encryption you apply on the seed too. Once again the weak point is the human generated password/seed extension. So non of these methods will stop a committed attacker only casual snoopers.

If you want something more secure you need to create a multisig wallet and store the seed backups in different locations so that the compromise of one backup does not compromise your whole wallet.

[pooya87]

even if you are using a seed extension you still have to write down that extension too to prevent forgetting it and being locked out. writing it alongside seed wouldn't provide any security. and if you want to store them separately then you can always split your seed itself and store parts in different locations instead.

there are other ways of obfuscating the 'thing" you write down too. for example:

Code:

1631 1735 1047 1358 1703 438 135 110 925 192 333 1375

is the seed from wiki pages and the numbers are indexes in the wordlist (starting from 1 not 0)
and since these are just numbers you can have more fun with them:

Code:

065f06c70417054e06a701b60087006e039d00c0014d055f

which is the hex representation of it...
or with dashes

Code:

065f-06c7-0417-054e-06a7-01b6-0087-006e-039d-00c0-014d-055f

[bob123]

The seed is something you have in this case since you are not memorizing it but writing it down and relying on that written copy alone.

The fact that YOU are relying on a copy, doesn't change the fact.
A seed is pure information. Something you know. Not something you have.

No one can take the seed away from you. Once you have (know) the seed, it is yours. Therefore it is something you know, not something you have.

If someone were to discover the seed you've written down they would not be able to restore your wallet since they lack the second factor which is the seed extension.

Again, it is not really a second factor. It is just an additional part which is missing.
This is like writing down a password except for the last 2 characters. This is not something they have to steal from you.
They just have to get to that information.. Either via stealing OR through different techniques (e.g. bruteforce).

It is pure information. Something you know (again).

Yes it's possible that if a committed attacker discovers your seed they can attempt to bruteforce your seed extension.  However this applies to any encryption you apply on the seed too.

Of course it does. Noone said encryption is a 2FA (this wouldn't make any sense at all).

If you want something more secure you need to create a multisig wallet and store the seed backups in different locations so that the compromise of one backup does not compromise your whole wallet.

Not necessarily. A non-multisig wallet, whose seed is split via shamir's secret sharing is also a safe solution.

[Abdussamad]

The seed is something you have in this case since you are not memorizing it but writing it down and relying on that written copy alone.

The fact that YOU are relying on a copy, doesn't change the fact.
A seed is pure information. Something you know. Not something you have.

No one can take the seed away from you. Once you have (know) the seed, it is yours. Therefore it is something you know, not something you have.

Do you know how google authenticator codes work? You and the website you are trying to authenticate yourself with both posses a secret called the shared secret. Everytime you want to log in you combine the secret with the current timestamp and run it through a hash function. The output of that hash function is then reduced to a few digits and that is the OTP code you enter to authenticate yourself. Despite you knowing this shared secret it's called "2fa". So what I'm talking about is similar to that.

Yes it's possible that if a committed attacker discovers your seed they can attempt to bruteforce your seed extension.  However this applies to any encryption you apply on the seed too.

Of course it does. Noone said encryption is a 2FA (this wouldn't make any sense at all).

I thought that was what we were discussing here. cipher text + password sounds like 2fa to me. something you have and something you know.

If you want something more secure you need to create a multisig wallet and store the seed backups in different locations so that the compromise of one backup does not compromise your whole wallet.

Not necessarily. A non-multisig wallet, whose seed is split via shamir's secret sharing is also a safe solution.

Electrum doesn't support that out of the box. The two solutions I talked about are ones electrum supports out of the box. Extending the seed or multisig.

There is another one the revealer plugin but you have to trust your printer not to keep a copy of the output or buy some sheets from the revealer company.

[bob123]

Do you know how google authenticator codes work? You and the website you are trying to authenticate yourself with both posses a secret called the shared secret. Everytime you want to log in you combine the secret with the current timestamp and run it through a hash function. The output of that hash function is then reduced to a few digits and that is the OTP code you enter to authenticate yourself. Despite you knowing this shared secret it's called "2fa". So what I'm talking about is similar to that.

Google authenticator is a software 2FA.
A proper (real) 2FA consists of a hardware token (similar to a hardware wallet) which shows the current code to enter.

Just because it is common to use GA as 2FA, this doesn't mean now that anything you know can be a 2 FA. This is a cheap way to realize a hardware token.


Additionally not every GA is generating time-based one-time passwords.
Besides TOTP, GA also supports HOTP (hmac-based one-time passowrds). Those are not dependent on the current time, but on a counter.

I thought that was what we were discussing here. cipher text + password sounds like 2fa to me. something you have and something you know.

As already mentioned.. encryption and 2FA are two different things. They are not comparable and are independent from each other.

Cipher text + password simply is the cipher text + the password to decrypt. That's comparable with a lock and the key to open it. This has NOTHING to do with 2FA.

Electrum doesn't support that out of the box. The two solutions I talked about are ones electrum supports out of the box. Extending the seed or multisig.

Why would you need it to be supported by electrum ?
This is kind of trivial and can be done using a seed (obviously) and a fresh linux with the basic tools.

Extending the seed and multisig are both different to using SSSS. Each has it's own purpose.
You can't compare them with each other the way you are doing it.

There is another one the revealer plugin but you have to trust your printer not to keep a copy of the output or buy some sheets from the revealer company.

Or you do it yourself using basic linux command line tools and write it per hand instead of using the printer..
Writing down 40 words shouldn't be a problem..