Multiple Devices, Part keys, Single Wallet Creation - Idea

[so98nn]

Has anyone thought about the Multi-Device wallet creation or something similar?
I think everyone today holds at least one laptop, a desktop, a tab, a smartphone, and a bunch of devices sometimes. I am getting a feeling that we should start exploring the possibility to synch these devices and then create one wallet with one owner of it.

Imagine the protocol:
Once you start the wallet creation process it will ask you the number of compatible devices you have, probably with more details such as OS, make, and model and it will tell you the exact steps to follow so that you can install the part wallets on different devices.

Once you have that in your hands, we can start installing the apps on various devices as per the tutorial.

So Device 1 should be able to generate a partial key, Device 2 will generate another part, and so on. Let us say we have 3 devices then they will have the key broken down in three ways.

It could be a pattern base:
Sometimes it will pick up the first 4 characters, sometimes the last first or middle first, and so on! The permutation and combination will play a great deal of role here in increasing the anonymous nature of the private key itself.

This part key will only work if these three devices are together, and we turn on the Synchronization with some of the passcode beforehand.

What do you think about such a sophisticated mechanism, will it work someday?

[1714277456]

1714277456

[1714277456]

1714277456

[1714277456]

1714277456

[Upgrade00]

I think everyone today holds at least one laptop, a desktop, a tab, a smartphone, and a bunch of devices sometimes. I am getting a feeling that we should start exploring the possibility to synch these devices and then create one wallet with one owner of it.

~Everybody has at least a smartphone. The other devices are not as popular among people depending on what part of the world you're in.

So Device 1 should be able to generate a partial key, Device 2 will generate another part, and so on. Let us say we have 3 devices then they will have the key broken down in three ways.

All devices are synched and can be compromised all together.
You can create a multi sig wallet and store the keys in different locations. I prefer not to deoenb so much on electronic means of securing wallets.

Sometimes it will pick up the first 4 characters, sometimes the last first or middle first, and so on! The permutation and combination will play a great deal of role here in increasing the anonymous nature of the private key itself.

This means each device has access to the whole key and defeats the purpose of using multiple.

[Zaguru12]

First of all this will seem to demanding for an average person. Needing close to three devices will only be exploited by a flamboyant person. Again if there is need to restore the wallet then all  devices will certainly be needed, what happens if don’t have them again.

Again I think once a device or two is compromised, the probability of getting the other keys from the other device will increase.
This your Technique is certainly covered with the idea of Muti sig wallet. You can easily create different keys and seeds from those different devices and it will have same security has you have thought about above

[Charles-Tim]

What you are looking for is a multisig wallet. Read more about it and use it to setup a wallet like this.

https://bitcoinelectrum.com/creating-a-multisig-wallet/

No other way is better than bitcoin multisig wallet.

So Device 1 should be able to generate a partial key, Device 2 will generate another part, and so on. Let us say we have 3 devices then they will have the key broken down in three ways.

There is nothing like this in bitcoin protocol.

Multisig will make your wallet most secure.

[so98nn]

@all, yes I know that a multi-sig wallet already exists but I wanted to see if there is any possibility to have an even higher version of the wallet with complex security. My purpose in asking this question was to understand the challenges only and it seems Charles has pointed out one hard issue with this idea and that's pre-existing protocol. However, I was more or less thinking that the private key will be generated by randomness meaning it will be generated by one device but after synchronization, it will be broken down into pieces as discussed in the OP text. The randomness will keep changing if there is a need for more Bitcoin addresses and more private keys are generated.

@Upgrade00, but it will be generated by one device and then redistributed to another with parts. Obviously, this can be done, I am more or less looking at the technical answer, what would be the pre-requisite to make such programming? Will it be popular?

[hosseinimr93]

However, I was more or less thinking that the private key will be generated by randomness meaning it will be generated by one device but after synchronization, it will be broken down into pieces as discussed in the OP text.

Take note that what you are looking for would be less secure than a multi-signature wallet, because you still generate your wallet in a single device and you have single point of failure. If the device you are using for generating the wallet has been compromised, you will lose everything. In a multi-signature wallet, you can generate the keys in different devices and if that's done in the correct way, you can increase your security.

Anyways, if you are looking for a method in which you can have multiple shares for accessing your wallet, you may want to consider SLIP39 method.
In SLIP39 method, your private keys are backed up by multiple shares. For example, in a 2 of 3 setup, there are three shares and you will need two of them for generating your wallet.

It may worth mentioning that SLIP39 seeds can be imported in electrum. However, electrum doesn't support generating them.

You can use iancoleman's SLIP39 tool for generating SLIP39 shares and see how it works.
Use the tool only for experimental purposes as I would never recommend a tool that is using javascript for generating a wallet.

[ranochigo]

The randomness will keep changing if there is a need for more Bitcoin addresses and more private keys are generated.

If the "randomness" is deterministic, then there is no need for randomness because it won't be. It would just be a fancy implementation of a HD wallet.

There is actually no added benefits with the schemes that you've mentioned. It would purely be implemented with a centralized server, because you need to have them communicate with one another.

Anyways, if you are looking for a method in which you can have multiple shares for accessing your wallet, you may want to consider SLIP39 method.
In SLIP39 method, your private keys are backed up by multiple shares. For example, in a 2 of 3 setup, there are three shares and you will need two of them for generating your wallet.

It may worth mentioning that SLIP39 seeds can be imported in electrum. However, electrum doesn't support generating them.

You can use iancoleman's SLIP39 tool for generating SLIP39 shares and see how it works.
Use the tool only for experimental purposes as I would never recommend a tool that is using javascript for generating a wallet.

Might be better to just split the seeds in a manner that doesn't allow a central point of failure. Whilst SLIP39 is a good implementation of Shamir's Secret Sharing, I find that manually splitting the seeds into different blocks would be simpler and doesn't require any complex math.

[hosseinimr93]

Might be better to just split the seeds in a manner that doesn't allow a central point of failure.

Whether you use SLIP39 method or you simply split the seed phrase into different parts, there's a single point of failure.
All parts of the seed phrase (or SLIP39 shares) are generated in a single device and at some point, you will have to enter all the parts in the single device.

Whilst SLIP39 is a good implementation of Shamir's Secret Sharing, I find that manually splitting the seeds into different blocks would be simpler and doesn't require any complex math.

Right. But there's an advantage when using SLIP39 method instead of simply splitting the seed phrase into different parts.
Assuming you have a 2 of 3 SLIP39 seed, you will still have access to your wallet, if you lose one of the shares.

[Cricktor]

There is another advantage of SLIP39 or more general any Shamir Secret Sharing (SSS) splitting: as long as you don't have the minimum amount of required parts, any SSS parts don't reveal any information of the encoded secret. Traditional splitting of mnemonic words always does reveal a certain amount of the words.

Regarding the proposed fancy sync of a wallet across multiple chosen devices, I'm not very excited of that idea for multiple reasons. The first is that it mostly sounds like being a hot wallet on all involved devices. I'm not a huge fan of wallets on potentially insecure mobile devices, particularly mobile phones, where most people do too much of their daily internet shit (me included).

Involved devices would have to recognize and authenticate each other to avoid having some central controller. This adds complexity and attack vectors.

As the setup doesn't sound like a multi-sig setup, it creates single points of failure effectively on every involved device as far as I understand it. This weakens security of the wallet a lot, particularly when easy to loose mobile devices are involved.

TL;DR I don't want to have this even as an optional feature of some fancy wallet software. A synced wallet with a hardware wallet as secrets keeper is already available and likely more secure even in single-sig configuration.

[ranochigo]

Whether you use SLIP39 method or you simply split the seed phrase into different parts, there's a single point of failure.
All parts of the seed phrase (or SLIP39 shares) are generated in a single device and at some point, you will have to enter all the parts in the single device.

Two points of failure: One for generating the seeds and one to convert it into SSS shares.

Right. But there's an advantage when using SLIP39 method instead of simply splitting the seed phrase into different parts.
Assuming you have a 2 of 3 SLIP39 seed, you will still have access to your wallet, if you lose one of the shares.

There is a way to ensure redundancy as well. The real benefit with SSS is that it provides information-theoric security and compromising the shares doesn't reduce security until you reach the threshold. However, it isn't exactly easy for people to understand.

A good way to ensure security and redundancy would be as follows: split the seeds into 10 different cards and remove certain words from each of the cards. If done correctly, it should provide sufficient security to ensure that compromising one share doesn't result in a failure of the security. Though I have to admit, because of the size of our seeds, you're fairly limited in terms of options and the only good way is to include more shares.

Another fairly well known method is to use XOR to combine different shares.

[rat03gopoh]

Do I have to activate all devices to use my wallet? I probably wouldn't use that kind of wallet. Increasing security does not mean reducing friendliness.
Or do you mean the need for multiple devices just to generate keys, then the usage steps will be as usual using passwords, biometrics, etc. of each device? It didn't change the security system any more than the existing wallets today.

[o_e_l_e_o]

However, I was more or less thinking that the private key will be generated by randomness meaning it will be generated by one device but after synchronization, it will be broken down into pieces as discussed in the OP text.

I'm not sure what you are hoping to achieve by doing this.

As explained above, this has all the disadvantages of SSS. The private keys are generated on a single device, and need to be combined on a single device in order to spend the coins. That device is a single point of failure, and compromise of that one device by malware will lead to compromise of your coins. All you seem to be achieving is increasing the risk you lock yourself out of your own wallet by losing one of the shares necessary to recover your private keys, unless you are duplicating each share across multiple devices (which will mean that you are going to need 6, 8, 10, devices, which is impractical for the vast majority of people).

If you want the protection of multiple devices, then multi-sig is the way to go. The only disadvantage of a multi-sig wallet over this kind of distributed single sig wallet is a multi-sig wallet would previously create larger (and thus more expensive) transactions, but with taproot that disadvantage has been eliminated.

[pooya87]

I have to repeat multi-sig option as being the better option for using "multiple devices" where each device has its own independent key generation scheme.
Even if we want to somehow find a way to combine keys in the way you explained, the partial entropy generation doesn't sound like the best idea ("pick 4 characters" as you put it). We could find a way to generate "full" key pairs on each device separately and then share the public key between the devices and come up with some sort of scheme that would "aggregate" these public keys and create a final singular key that would be used for the address.

This should work for ECDSA although it is harder to define the scheme but it is easier to use with Schnorr (ECSDSA) and the already existing key aggregation characteristics.
The idea would be similar to MuSig: https://eprint.iacr.org/2018/068

[Findingnemo]

You can read the replies above to understand why this idea is worse cause we already have the multi-signature wallet. In case you still want to let me break it down for you.

You are proposing creating one private key using 3 or more devices.

Private key = A + B + C

In a multi-sig wallet, you create three private keys via 3 different keys

Private keys= A and B and C

In your idea, you need to compile all the diversified keys into one device to execute a transaction which means if the attacker can access that one device the funds will be stolen at a single point of failure.

Whereas In multi-sig you need at least 2 of 3 keys to execute a transaction so even if your one device is promised still the hacker can' access your funds without compromising one more device so now it makes sense right why multi-sig is better.