Multisig private keys and master public key

[testingelcrypto]

Hi

Is someone safe if only keeps their private keys and master public key or does it need more info like he derivation path to be safe in the long term?

Is it not possible to know the derivation path by only having the master public key ?

[1713293442]

1713293442

[1713293442]

1713293442

[1713293442]

1713293442

[pooya87]

Is someone safe if only keeps their private keys and master public key or does it need more info like he derivation path to be safe in the long term?

If it is a regular (single-sig) wallet then all you need is the mnemonic OR master private key.
If it is a multi-sig wallet then you need your own mnemonic OR master private key and the co-signers child master public keys.
Writing down the derivation path (and testing if it works) could help future recoveries although knowing what wallet created the said master key could give you the same information if you forgot the path.

Is it not possible to know the derivation path by only having the master public key ?

It could be very hard. As I said above the derivation paths are usually from a small finite list of paths so you can always try them all in matter of seconds and see which one was your path. But if the tool you used was using an uncommon derivation path then it is impossible to brute force it.

There is also another issue that involves hardened keys. If your derivation path contained any hardened index (eg. in m/1/2/3'/4/5 the third index 3 is hardened) you won't be able to derive child keys using the master public key, you will need the master private key (or mnemonic).

[o_e_l_e_o]

You also need to be careful about what you are referring to when you say "master public key".

Your master public key is at derivation path M. On its own it is often useless, because as pooya points out, most wallets use derivation paths which follow the BIP44 standard and therefore include three levels of hardened derivation, which you cannot perform only using a master public key. However, lots of users and lots of wallet incorrectly use the term "master public key" to refer to an account extended public key. This would be the extended public key at m/44'/0'/0', for example.

What software are you using to create your multi-sig? You will need to know each co-signer's account extended public key for the derivation path you are using. If you are using a standard derivation path then I see no need to back it up, but if you are doing something non-standard then you should definitely back up your derivation path along with your seed phrase.

[testingelcrypto]

i am testing electrum wallet. if i use a trezor or a ledger when creating the multisig on electrum is the derivation path diferent for each co signer?

[o_e_l_e_o]

i am testing electrum wallet. if i use a trezor or a ledger when creating the multisig on electrum is the derivation path diferent for each co signer?

It will tell you during the process of creating the multi-sig wallet, specifically on the screen where you select whether you want legacy multi-sig, P2SH-segwit multi-sig, or native segwit multi-sig.

The derivation paths are as follows:
Legacy (P2SH) - m/45'/0
P2SH-segwit (P2WSH-P2SH) - m/48'/0'/0'/1'
segwit (P2WSH) - m/48'/0'/0'/2'

Provided that you don't manually change them, then every co-signer should have the same derivation path.

[testingelcrypto]

I just created a new multi sig wallet i dont remember any derivation path is it possible to know what is the derivation path now? i used electrum wallet

[o_e_l_e_o]

I just created a new multi sig wallet i dont remember any derivation path is it possible to know what is the derivation path now? i used electrum wallet

Open the wallet, in the menu bar at the top click on "Wallet", then "Information". Select which cosigner's derivation path you are interest in, and it will display at the bottom of that window.

If you select a cosigner whose seed phrase is part of that wallet or a cosigner which linked a hardware wallet to that Electrum wallet, it will show you the derivation path used to go from the relevant seed phrase to the relevant extended private key. If you select a cosigner where you entered either an extended private key or an extended public key, it will simply show m or m/0, since Electrum does not know the derivation path you used to go from the initial seed phrase to that extended key (provided that the key in question was indeed derived from a seed phrase).

[testingelcrypto]

In my watch only wallet derivation path : unknown

Now i am having another problem. when i try to revover my multi sig i enter the first private key and its fine, then i try to put the cosigner2 master public key by copy paste and i cant click next. i am assuming eletrum doesnt accept cosigner 2 master public key


EDIT: now it gave me the possiblity to click next and i recovered my wallet, i dont know what happened but it took like 5 minutes for me to have the possibility to click next after i copy paste master public key for next cosigner

[o_e_l_e_o]

In my watch only wallet derivation path : unknown

How did you create this watch only wallet? If you have simply imported addresses, then Electrum does not know the derivation path those addresses came from.

when i try to revover my multi sig i enter the first private key and its fine, then i try to put the cosigner2 master public key by copy paste and i cant click next. i am assuming eletrum doesnt accept cosigner 2 master public key

Is your multi-sig 2-of-2? Are you trying to enter one private key and one public key, or two public keys? Electrum will quite happily accept 2 public keys and will create a watch-only multi-sig wallet.

If you can't click next at all (i.e. it is grayed out) then chances are the key you are pasting in is not a valid key. If you were to paste in the wrong type of key (e.g. xpub instead of Zpub), then Electrum would still let you click next but would return an error.


What are you trying to do here? Can you explain what kind of multi-sig you are trying to set up, and what devices or seed phrases you want for the all the co-signers? It sounds like you need to start from scratch.

[testingelcrypto]

I edited post above. i dont know what happened.

Now i can see the derivation path of 2 keys but not the other. its a 3-2 multi sig and i used 1 hardware wallet , 1 private key and 1 master public key ( i say MPK because when i click on info it says MPK but i think this is the xpub also) to recover this wallet

cosigner 1 : m/48'/0'/0'/2'
keystore 2: m/1'
keystore 3 : unknown

since i know the derivation path of one of the cosigner am i safe to save it only this one ? will i be able to know the other two cosigner derivation path by only save it 1 right derivation path for long term ?
i used electrum wallet and never changed any derivation path i just clicked next when i was creating the multisig

[o_e_l_e_o]

keystore 3 : unknown

How did you generate this key? It will presumably have come from a non-standard derivation path which Electrum does not know.

since i know the derivation path of one of the cosigner am i safe to save it only this one ?

Not necessarily. Since every one of your keys uses a different derivation path, then you need to know how to access all those keys again in the future. A derivation path tells Electrum how to go from the seed phrase to a specific key. If you are backing up seed phrases you must know the derivation path. If you are backing up individual keys and not the seed phrases, then you do not need to know the derivation path used to reach those keys.

Your cosigner 1 presumably came from a hardware wallet (or other source of BIP39 seed phrase), so uses the BIP39 standard path, which is fine. Your two keystores came from individual extended public keys. If you are backing up the associated extended private keys which pair with these extended public keys, then you don't need to know the derivation path to obtain those keys. If you are backing up the seed phrase which derives those keys, then you definitely need to know the derivation path.

[testingelcrypto]

key 2 was generated with electrum when i was creating the multisig, the key 3 i used trezor.
is keystore 2: m/1' a complete derivation path or is it missing some info ? i am asking because the cosigner 1 has a lot more numbers

"Your two keystores came from individual extended public keys. If you are backing up the associated extended private keys which pair with these extended public keys, then you don't need to know the derivation path to obtain those keys. If you are backing up the seed phrase which derives those keys, then you definitely need to know the derivation path."


 What are extended private keys? is it the 24 words?
What are extended public keys? Is it what electrum call master key when i am trying to restore the multisig wallet?
what is seed phrase which derives those keys?

[o_e_l_e_o]

is keystore 2: m/1' a complete derivation path or is it missing some info ? i am asking because the cosigner 1 has a lot more numbers

It is correct for seed phrases created by Electrum. Electrum uses different derivation paths to BIP39.

What are extended private keys? is it the 24 words?

No. The 24 words is a seed phrase. An extended private key is a long series of characters which would look something like this: ZprvAkszY9Wg6rcCciqTEHy9TouTtpv61e6q86qpWieX5n97eRni9PFUNBqUpA1tyJNzuGExkL72wL9 5KFrjoFe5QUc6cCoGEJ2ndsiCZhyUw1H. Your extended private key for a segwit multi-sig should begin with the characters "Zprv".

What are extended public keys?

They look similar to above, but would begin with the characters "Zpub". The private key can sign transactions; the public key can not. For a 2-of-3 multi-sig, you need access to at least 2 seed phrases OR private keys, and the third public key.

Is it what electrum call master key when i am trying to restore the multisig wallet?

Yes.

what is seed phrase which derives those keys?

Your 12 or 24 word phrase which will be generated by Electrum or by your hardware wallet.


Again, what are you trying to achieve here? A 2-of-3 multi-sig using your Trezor as one share and two Electrum wallets as the other two shares?

[testingelcrypto]

What i am trying to achieve and test is a multisig wallet with 1 hardware wallet and 2 wallet generated by electrum.

Then what i want to try to figure it out is what do i need to copy and have with me in case i lose my 2 hardware wallets. Can i only have the seed phrase of two wallets and the extended public key of the other wallet or even have the 3 extended public key or do i also need the derivation path of the 3 wallets ?

[o_e_l_e_o]

Then what i want to try to figure it out is what do i need to copy and have with me in case i lose my 2 hardware wallets.

I assume these two hardware wallets are both using the same seed phrase, since you said you are only using 1 hardware wallet in your multi-sig set up?

To restore a 2-of-3 multi-sig in which one of the three cosigners is a Trezor device and the other two cosigners are Electrum wallets, you need one of the following:

• Your Trezor device OR its seed phrase, AND one of the Electrum wallets OR its seed phrase, AND the other Electrum master public key
• Both Electrum wallets OR seed phrases, AND the master public key from your Trezor
• Your Trezor device OR its seed phrase, AND both Electrum wallets OR seed phrases

You can, technically, replace the seed phrases with master private keys, but these are harder to back up properly and easier to make a mistake with, so I wouldn't recommend doing this.

Can i only have the seed phrase of two wallets and the extended public key of the other wallet

Yes.

or even have the 3 extended public key

No. This will create a watch-only wallet which you cannot spend from.

You shouldn't need to back up derivation paths at all, provided you don't manually change them to something non-standard. When you set up this multi-sig in Electrum, when you use your hardware wallet you will have to choose the native segwit option for it to be compatibile with Electrum generated seed phrases, which will use the path m/48'/0'/0'/2'. Electrum seed phrases won't give you an option to change the derivation path, but they will use m/1'. All you need to back up is your three seed phrases and your three master public keys.

[testingelcrypto]

Since electrum doesnt give me the option to change the derivation path should i assume its a native segwit too but with a derivation path of m/1'?

Thanks for your patience and help

[o_e_l_e_o]

Since electrum doesnt give me the option to change the derivation path should i assume its a native segwit too but with a derivation path of m/1'?

Yes. Since version 4.1.0, Electrum will only create native segwit seed phrases by default, unless you go messing around with command line options. Further, Electrum won't let you create a multi-sig wallet using conflicting script types - if you choose native segwit when adding your hardware wallet, then try to add a legacy seed phrase/private key/public key, it will return an error.

All your public keys should start with "Zpub", which is unique for native segwit multi-sig.

Thanks for your patience and help

No problem!