Multisig wallet

[dhs]

Hi,

I have a question about creating a multisig with electrum wallet. Do I need the master public keys of the cosigners in order to recover my wallet? The plan is to create a multisig with two hardware devices send some btc and then reset the devices and keep only the seed phrases. Thanks in advance.

[1714654097]

1714654097

[1714654097]

1714654097

[1714654097]

1714654097

[1714654097]

1714654097

[Charles-Tim]

If it is 2-of-2, you will need the 2 seed phrases.
If it is 2-of-3, you will need the first and second seed phrases and the master public key generated by the third seed phrase. You can make anyone the first or second but I think you should understand what I mean.

Using two devices, it is 2-of-2 that you want to create. Make sure you backup your seed phrase differently in like two or three different locations.

But the best is 2-of-3 which can make the backup better. But you will need three devices for it. Like 2 hardware wallets and 1 online wallet should be good and have the backup in different locations in this order:

Seed phrase 1, master private key 2
Seed phrase 2, master private key 3
Seed phrase 3, master private key 1

[EL MOHA]

Adding to the reply above, make sure the seed option is on bip39 and since it is multi sig hardware wallet the derivation should be changed from the standard wallet which is m/44'/0'/0' to that of hardware wallet which is m/45'/0

[Charles-Tim]

Adding to the reply above, make sure the seed option is on bip39 and since it is multi sig hardware wallet the derivation should be changed from the standard wallet which is m/44'/0'/0' to that of hardware wallet which is m/45'/0

This is BIP39 derivation paths for legacy address and multisig. Electrum is using different derivation paths.

If you want to know if the multisig setup is correct, the wallets on all the devices you used to setup the multisig wallet will have the same bitcoin addresses.

[nc50lc]

Do I need the master public keys of the cosigners in order to recover my wallet? The plan is to create a multisig with two hardware devices send some btc and then reset the devices and keep only the seed phrases.

It's not necessary since the master public key can be derived from the seed phrase or master private key,
but in 'N-of-M' when 'N' is lower than 'M', you must back them up to guarantee that you can still restore the wallet in case one of the cosigner seed became inaccessible.

In terms of 2-of-2 MultiSig, don't bother backing up the master public key since as I've mentioned, Electrum will show you the derived xpub during wallet restoration.
Moreover, losing one seed phrase will lock you out of your funds.
You don't need to include the other cosigner's xpub with the seed since a single backup of "Cosigner1 seed" + "Cosigner2 xpub" will just restore the wallet but wont let you spend.
Just keep the seed phrases safe in this case.

In terms of 2-of-3 MultiSig (in case you want to include another cosigner), you can back them up as:
(don't replace xpub with xprv since one backup will have two cosigner secrets)

• "Cosigner1 seed" + "Cosigner2 xpub"
• "Cosigner2 seed" + "Cosigner3 xpub"
• "Cosigner3 seed" + "Cosigner1 xpub"

That way, even if you lose one backup, you can still restore the wallet since you still have access to the lost seed's xpub.
Since it only requires two signatures, having two seed phrases is enough to spend.

[dhs]

Thanks a lot for the replies. I have already created 2 of 2, did some test transactions and deleted and recovered the wallet no problem so far. The thing is that when I created the wallet i didn't need the first master public key for the second cosigner although in the instructions it was clear that I would need that. I will try to recover the wallet with exodus this time and see what happens.

But the best is 2-of-3 which can make the backup better. But you will need three devices for it. Like 2 hardware wallets and 1 online wallet should be good and have the backup in different locations in this order:

I think it can be done with 2 devices since I can create a seed phrase reset the device and create a new one. But I think 2 of 2 is ok.

[moderator's note: consecutive posts merged]

[Charles-Tim]

Thanks a lot for the replies. I have already created 2 of 2, did some test transactions and deleted and recovered the wallet no problem so far. The thing is that when I created the wallet i didn't need the first master public key for the second cosigner although in the instructions it was clear that I would need that. I will try to recover the wallet with exodus this time and see what happens.

One the devices, you used the seed phrases for recovery, although with the master public key of the other device. That means you used the two seed phrases to recover or setup the wallet again. Also you will need the two seed phrase (private keys) to spend on the wallet.

I think it can be done with 2 devices since I can create a seed phrase reset the device and create a new one. But I think 2 of 2 is ok.

If I have two hardware wallets, I will prefer to create 2-of-3 multisig wallet instead. The third device will either be my laptop or phone, the one that I know to be more secure between both. I will prefer my laptop which I do not use to browse than to watch Netflix and YouTube no ad version.

The reason I will prefer to go for 2-of-3 is the backup which I posted above, it is better than 2-of-2 backup that I will have to backup the seed phrases differently in different locations.

[nc50lc]

The thing is that when I created the wallet i didn't need the first master public key for the second cosigner although in the instructions it was clear that I would need that. I will try to recover the wallet with exodus this time and see what happens.

Have you setup the cosigners on different Electrum wallet on separate machines?
Because if so, Electrum will ask your the other cosigner's master public key which will be displayed after setting up the hardware wallet.
This must be what the instructions are for.

But if it's on the same Electrum wallet and machine, the master public key is already saved there with the first cosigner so it wont have to ask during the set-up of the second cosigner.

[ranochigo]

I would advocate for 2-of-2 as well. 2-of-3 introduces redundancies, but that model is more suitable for situations where you're facing the problem with uncooperative signers and doesn't necessarily improve your security. It just seems like an overkill. It might just provide the same security if you're using on a device than something less secure than the two current devices that you have.

Backing up your seeds multiple times in secured locations would be a given, no matter how redundant your Multisig system is.

[o_e_l_e_o]

The thing is that when I created the wallet i didn't need the first master public key for the second cosigner although in the instructions it was clear that I would need that.

This means you have imported both seed phrases in to the same wallet. While this will certainly let you spend your coins, it is a bad idea since it removes all the benefits you gain from a multi-sig wallet. Importing both seed phrases in to a the same wallet means that you now have a single point of failure, and compromise of that one wallet will lead to your coins being stolen. You should only import a single seed phrase and use the master public keys from the other cosigners. That wallet will then only be able to provide one signature, and not both. You would then move your partially signed transaction to a wallet on a different device which can provide the second signature.

[dhs]

But if it's on the same Electrum wallet and machine, the master public key is already saved there with the first cosigner so it wont have to ask during the set-up of the second cosigner.

Yeah you're right that's exactly what I did.

This means you have imported both seed phrases in to the same wallet. While this will certainly let you spend your coins, it is a bad idea since it removes all the benefits you gain from a multi-sig wallet. Importing both seed phrases in to a the same wallet means that you now have a single point of failure, and compromise of that one wallet will lead to your coins being stolen. You should only import a single seed phrase and use the master public keys from the other cosigners. That wallet will then only be able to provide one signature, and not both. You would then move your partially signed transaction to a wallet on a different device which can provide the second signature.

I don't really get that. There are two devices and when I spend I need to sign the transaction both with ledger and trezor. Am I missing something here?

One the devices, you used the seed phrases for recovery, although with the master public key of the other device. That means you used the two seed phrases to recover or setup the wallet again. Also you will need the two seed phrase (private keys) to spend on the wallet.

Yeah maybe I didn't explain that right. I did reset the hardware wallets but the electrum wallet that I used was the same so when I had to move funds I just signed the transaction with ledger and trezor. 

[Charles-Tim]

I don't really get that. There are two devices and when I spend I need to sign the transaction both with ledger and trezor. Am I missing something here?

What Leo means is that:

How you setup the wallet?
On device one, you use seed phrase one and the seed phrase from device 2.
On device two, you use the seed phrase two and the seed phrase from device one.

That means you expose your seed phrase on the two devices and that makes it to be less secure.

This is how it supposed to be:
On device one, use seed phrase one and master public key from device two seed phrase.
One device two, use seed phrase two and the master public key from device one seed phrase.

For the setup which is more secure, it should be like it. This in summary:

Device one
Seed phrase one. Master public key two

Device two
Seed phrase two. Master public key one.

So, this is not about the signature but about how you setup your 2-of-2 multisig wallet in a way that you will not expose the other seed phrases on the other devices.

[dhs]

As I see it right know this multisig seems like unnecessary risk. I already have my funds in a wallet that I created with ledger and then immediately reset but the recent ledger upgrade (although not happening) got me thinking alternatives. Though even if there is a backdoor as long as I don't recover the wallet in a ledger device I should be ok. As for the seed phrase I have so many backups that it is almost impossible to lose it and if somebody gets his dirty hands on it good luck getting the words out of something like this *sd67HqwΓχ9>11!äqQ7/&.0ψAξ.

How you setup the wallet?
On device one, you use seed phrase one and the seed phrase from device 2.
On device two, you use the seed phrase two and the seed phrase from device one.

I don't know if I can do that. I will try to be more clear. Ledger and trezor two different devices. I follow this guide https://electrum.readthedocs.io/en/latest/multisig.html and as nc50lc correctly pointed I used the same electrum wallet and laptop when i set up the wallet that's why I didn't need public master keys. then I reset both devices and import one seed phrase to ledger and one to trezor. but then I use the same electrum wallet and I have been asked to sign the transaction with both devices. So I still don't understand how would that be possible to import both seed phrases in one device. 

[moderator's note: consecutive posts merged]

[Charles-Tim]

I don't know if I can do that. I will try to be more clear. Ledger and trezor two different devices. I follow this guide https://electrum.readthedocs.io/en/latest/multisig.html and as nc50lc correctly pointed I used the same electrum wallet and laptop when i set up the wallet that's why I didn't need public master keys.

From the link is this:

After generating a seed (keep it safely!) you will need to provide the master public key of the other wallet.

You can use the seed phrase instead, but not safe like using master public key.

But for backup, you will backup the two seed phrases differently in like two or three different locations because it is 2-of-2.

[nc50lc]

-snip-

I don't really get that. There are two devices and when I spend I need to sign the transaction both with ledger and trezor. Am I missing something here?

He just thought that you've created the 2-of-2 MultiSig wallet with seed phrases rather than hardware wallets.

In case of the latter, it's safe since the wallet only contains both device's mater public keys and master fingerprint.
For the former; it's what they've explained, a MultiSig containing the two cosigner master private keys defeats the purpose of a MultiSig wallet.

[o_e_l_e_o]

I don't really get that. There are two devices and when I spend I need to sign the transaction both with ledger and trezor. Am I missing something here?

Sorry - as nc50lc explained, I assumed you were importing two seed phrases in to the same copy of Electrum, rather than connecting two hardware devices. Using two hardware devices with the same copy of Electrum is perfectly fine - the two hardware wallets will only share their respective extended public keys with Electrum, with the seed phrases and private keys remaining secured within the hardware devices themselves.

So I still don't understand how would that be possible to import both seed phrases in one device.

Because you can import seed phrases directly in to Electrum itself. If you did this, then you would be completely negating the point of the hardware wallets.

As for the seed phrase I have so many backups that it is almost impossible to lose it and if somebody gets his dirty hands on it good luck getting the words out of something like this *sd67HqwΓχ9>11!äqQ7/&.0ψAξ.

What do you mean by that? Are you back ups encrypted? I hope you've also securely backed up you decryption key if that's the case.

[dhs]

I don't really get that. There are two devices and when I spend I need to sign the transaction both with ledger and trezor. Am I missing something here?

Sorry - as nc50lc explained, I assumed you were importing two seed phrases in to the same copy of Electrum, rather than connecting two hardware devices. Using two hardware devices with the same copy of Electrum is perfectly fine - the two hardware wallets will only share their respective extended public keys with Electrum, with the seed phrases and private keys remaining secured within the hardware devices themselves.

So I still don't understand how would that be possible to import both seed phrases in one device.

Because you can import seed phrases directly in to Electrum itself. If you did this, then you would be completely negating the point of the hardware wallets.

As for the seed phrase I have so many backups that it is almost impossible to lose it and if somebody gets his dirty hands on it good luck getting the words out of something like this *sd67HqwΓχ9>11!äqQ7/&.0ψAξ.

What do you mean by that? Are you back ups encrypted? I hope you've also securely backed up you decryption key if that's the case.

Yeah it was a little bit confusing since it was pretty clear in my question that I'm using hardware wallets. I'm by no means an expert but I use hardrware wallets the last five years and found really weird to import two seed phrases at the same hardware wallet.

No, they are encrypted by me, like you add something you multiply something and you get the word. It is really simple but really hard to crack it.

[o_e_l_e_o]

No, they are encrypted by me, like you add something you multiply something and you get the word. It is really simple but really hard to crack it.

No offense, but this is a terrible idea.

You are in one of two situations here. Situation one is that you have backed up your method and the numbers/patterns/whatever used on a separate piece of paper. If this is the case, then whatever system you have come up with will be vastly inferior to using a proper encryption method such as AES, with the decryption key backed up on paper. Situation two is that you are relying on your brain remembering what you did to transform your seed phrase. It's widely known that you should never rely on your memory alone for something as important as your back ups, and I've spoken about why before: https://bitcointalk.org/index.php?topic=5402270.msg60342177#msg60342177.

So either you have much less security than you think you do, or you have a much higher risk of being unable to access your back ups if you need them. If you want to use something like this, then you should use a proper encryption method with the decryption key backed up on paper separately.

[dhs]

No, they are encrypted by me, like you add something you multiply something and you get the word. It is really simple but really hard to crack it.

No offense, but this is a terrible idea.

You are in one of two situations here. Situation one is that you have backed up your method and the numbers/patterns/whatever used on a separate piece of paper. If this is the case, then whatever system you have come up with will be vastly inferior to using a proper encryption method such as AES, with the decryption key backed up on paper. Situation two is that you are relying on your brain remembering what you did to transform your seed phrase. It's widely known that you should never rely on your memory alone for something as important as your back ups, and I've spoken about why before: https://bitcointalk.org/index.php?topic=5402270.msg60342177#msg60342177.

So either you have much less security than you think you do, or you have a much higher risk of being unable to access your back ups if you need them. If you want to use something like this, then you should use a proper encryption method with the decryption key backed up on paper separately.

None taken. The idea behind this is mostly to mislead. Like you see all the gibberish but you actually need very few of them, it's impossible to forget (though I have instructions in case I die or something) plus you would need another phrase (again impossible to forget it) in order to crack  it. I read all sorts of things people do for extra security only to overcomplicate things and end up losing their coins and made it really simple. The decryption key would be impossible to remember and losing it would cause the same problem as losing my seed phrase so why not just keep my seed as it is and store it somewhere safe?  Anyway the risk here is that my wife, brother and mother conspire all together to complete the puzzle, get my private keys and steal my money and all that over few sats? Then so be it I am ok with that. Thanks for everything I learned a lot of new things I will keep experimenting.

[Cricktor]

I'm not a fan of homebrewed obfuscation schemes because sometimes it doesn't provide the security the inventer thinks it should have and it might easily shoot you in your foot. Good to read you have presumably documented it well in case something happens to you or memory fades. As long as your heirs know where to find that documentation and all necessary other details, it should be fine.

I strongly advise to experiment and test every recovery procedure, be it something standard or be it homebrewed. Testnet bitcoins and wallets are also very neat for such desaster or heir recovery checks. If it doesn't work, you know you've done something wrong but it will only hurt your pride and not your real wallet. It doesn't make much sense to me to risk real coins for experiments and testing.
Not saying that Testnet coins aren't real but they are supposed to be worthless and the Testnet blockchain is made for, wait for it, testing!

Electrum e.g. can be invoked in Testnet mode simply by adding a command line switch --testnet. You can get free Testnet bitcoins from a faucet like https://testnet.coinfaucet.eu.