[ANN] Armory Multi-Sig with Simulfunding [BOUNTY 0.03 per bug]

[etotheipi]

Just to offer some clarification on this:

The multi-sig system being introduced here is not intended to be the most convenient way to do multisig.  It's intended to be the most convenient way to do private, decentralized, trustless multisig between any number of online or offline devices without any third-party dependencies and with maximum control over the entire process.

This is an important distinction -- because it is possible to add extra services to automate these steps, but then the whole process becomes dependent on the availability of that service.  And questions arise about the connections between clients, what data is being stored where, who else might be seeing it, are there vulnerabilities in the networking code, etc.  

For the maximum security, privacy, flexibility and control over your multi-sig funds,  this is the way to go.  Not only that, but the services that we will provide to automate this process will simply build on top of this solution, so we needed to build this first anyway.  But our goal for this release (as is with most of Armory, in general) is to provide a system that maximizes security and privacy first with a set of minimum usability requirements (i.e. GUI inteface), then make the result as usable as possible.  

[FrozenBit]

 Truely outstanding releasing this guys! I can only imagine the work required to fully implement this and of course I hope it succeeds! You guys truely are becoming the beacon of bitcoin. Satoshi would be proud.

Truely, this is an outstanding innovation for an amazing team. You guys are the bomb!

[etotheipi]

If I wanted to add, my redeem script that was generated from another client, is this possible?

Armory's multi-sig interface not only handles a plethora of subtle complexities in the process, but it also bundles along all the data that is needed for an offline device to securely review and sign the transaction.  For instance, if the TxOut being spent is P2SH, the offline device might be a signing authority for it, but it wouldn't know without having the serialized script associated with it.  It can't compute the transaction fee unless it is fed all the full, supporting transactions.   Armory also needs a way to identify that multiple inputs and outputs are related.      For example, if someone contributes to a simulfunding transaction using 3 inputs and a change output, it would otherwise look like 3 different funders and there would be a mysterious extra recipient.  The extra bundled data guarantees that Armory can tell you that someone is funding 1 BTC, not a bunch of random inputs adding up to 1.3 and a mysterious output of 0.3. 

These blocks of ASCII text passed around by Armory handle all of these things complexities gracefully.    As such, it will not sign a bare transaction.  All this data must be supplied.  Once we do an official release, we will document these formats and then look at who else is doing multisig and see if we can standardize.

[Corelianer]

Just to offer some clarification on this:

The multi-sig system being introduced here is not intended to be the most convenient way to do multisig.  It's intended to be the most convenient way to do private, decentralized, trustless multisig between any number of online or offline devices without any third-party dependencies and with maximum control over the entire process.

This is an important distinction -- because it is possible to add extra services to automate these steps, but then the whole process becomes dependent on the availability of that service.  And questions arise about the connections between clients, what data is being stored where, who else might be seeing it, are there vulnerabilities in the networking code, etc.  

For the maximum security, privacy, flexibility and control over your multi-sig funds,  this is the way to go.  Not only that, but the services that we will provide to automate this process will simply build on top of this solution, so we needed to build this first anyway.  But our goal for this release (as is with most of Armory, in general) is to provide a system that maximizes security and privacy first with a set of minimum usability requirements (i.e. GUI inteface), then make the result as usable as possible.  

I understand.

[PRab]

I don't think this is actually related to anything Multi-Sig related, but I found it while I was trying to test Multi-Sig.

I have a a normal install of Armory setup on my machine (Windows 7 64bit). I didn't want to mess that up at all so I downloaded the standalone zip version. I unzipped it and used the TestNet shortcut to launch it. Armory automatically launched bitcoind, but showed that it was offline.

After a little bit of experimenting, I was able to fix the issue by copying the settings from C:\Users\PRabahy\AppData\Roaming\Bitcoin\bitcoin.conf to C:\Users\PRabahy\AppData\Roaming\Bitcoin\testnet3\bitcoin.conf. My guess is that Armory writes to the correct file (because the testnet one had data), but reads from the wrong one.

[PRab]

Bug found.

I can add the same public key to the same lockbox more than once. I made a 2 of 3 lockbox, but all 3 public keys are 049cdf7dc590734dff3fbf3c6a3ef086a31a5371a444370fdc4a9661019648e1072fcb05948223c ed0265671ce46a0792bfc9c2289c64c457c5449b5ec419e0276 resulting a lockbox with address 2NG7aR2ovqtsi7Xn6VLxGKUSpkVAjGooub8

Once I made that wallet I funded it using the testnet faucet (http://blockexplorer.com/testnet/tx/4e2a5204fb490bfbef933daf045c9998949dee32e61810d14900a294854f9a96) and asking for a donation on IRC (http://blockexplorer.com/testnet/tx/ed7920520a129de3de91efae210882f4958fa45af05e2a88e1303fe7769f9772). Both of these transactions showed up just fine.

I then went to send some coins back to the testnet faucet and ran into trouble. I click Spend Funds -> Create Transaction, then enter the address and amount and click Continue. On the next screen, I see 3 "Sign" buttons and 3 green key holes. I click the first "Sign" button and enter my password. The first "Sign" button disappears and the key hole turns grey. I click the middle "Sign" button and enter my password. The screen stays the same! (The middle "Sign" button is still there and the key hole is still green.)

At this point my funds are stuck in the lockbox.

1J4RV95hjkUNLaZdY2s1TBNuoxNryXvtjf

[PRab]

Not really a Multi-Sig bug.

Launch Armory in testnet mode. Goto Lockboxes screen and switch to the Transactions tab. Right click a transaction and select "View on www.blockchain.info". Results in "Transaction not found" error in web browser (https://blockchain.info/tx/ed7920520a129de3de91efae210882f4958fa45af05e2a88e1303fe7769f9772).

I recommend either hiding the "View on www.blockchain.info" button in testnet mode or linking to blockexplorer instead (http://blockexplorer.com/testnet/tx/ed7920520a129de3de91efae210882f4958fa45af05e2a88e1303fe7769f9772).

[PRab]

Bug found.

Sorry this description is going to be a little more brief. Feel free to ask questions if you need.

Create 3 wallets. Use 2 of them to create a 2 of 2 lockbox. Send funds from the multisig wallet. Check the "Use existing address for change" box and select specify a change address. Pick an address from the 3rd wallet that is not part of the lockbox.

On the validation/signing screen I would expect to see something about the change address not being part of the lockbox.

1J4RV95hjkUNLaZdY2s1TBNuoxNryXvtjf

Edit: After further investigation, it looks like it just ignored the change address that I gave it. The send address was msj42CCGruhRsFrGATiUuh25dtxYtnpbTx and the change was supposed to be mwoDMoqU8j871Ezi8WE4UAQBQrRKgAdmXq, but https://blockexplorer.com/testnet/tx/131f744225a3641ab7a01fb65877a513f58275ee6da869576dbbb3fe2888d854 shows that the change was sent back to the lockbox.

[Simcom]

Hi etotheipi,

Quick question - I have a laptop running Ubuntu 14.04 LTS, and I want to make it my dedicated cold offline computer. Should I install this Offline bundle release?  I first tried to install Ubuntu 12.04.3 as your website suggests to be compatible with the 0.91.1 Offline Bundle, but my laptop would not run this old version of ubuntu, only the newest version of ubuntu supports the computers hardware. So would it be ok to safely use this alpha release on my 14.04 system?  Alternatively I could try to get the 0.91.1 Offline Bundle installed but your website suggests only Ubuntu 12.04.3 (exact) will work.

Thanks!

[PodBayDoors]

FEATURE DISCUSSION

91.99.2 has some very good features, but it makes one key assumption that reduces its usefulness in enterprise situations. Once installed, a user can do anything he/she likes. It assumes that there will only ever be one all-powerful central user, and that user can do everything, create addresses, import wallets, create transactions, and spend coins.

A better assumption for enterprise users would be a hierarchy of login permissioning. Admin-level login that can do everything; maybe even password protected or 2FA controlled (so multiple sign-ins are required for any admin-level changes). Then, the ability to set up users with different permissions (spend Yes/No, create address Yes/No, modify whitelist spend addresses Yes/No, etc).

Even the first-level login control would be a big step, Armory is difficult to use in a risk-managed enterprise fashion without it.

Any Armory experts who want to create such a feature set (or can construct workarounds) please get in touch

[etotheipi]

Awesome, somehow my notifications were turned off on this thread!   Sorry for being unresponsive (especially PRab)!

First of all, I wanted to mention that I haven't forgotten about this bounty.  We've been working hard to fix bugs in lockboxes and make it easier to use without third-party services.  Check out the new dashboard!



And we started some documentation on using lockboxes, and will even be making some videos as soon as we're done tweaking the interface (nothing like creating videos that walk you through an outdated interface!).

@PRab

Thanks for the feedback.  You'll definitely get some bounties!  I just want to respond to a couple points:

(1) Repeated public keys in lockboxes:  this is actually intentional!  Consider this scenario:  There's a CEO and four other officers of an organization.  Realistically, the CEO's signature should carry more weight than the others, but he still shouldn't have complete access to the funds.  So what we do is set up a 3-of-6 lockbox:  his key is repeated twice, and each of the other four officers' keys are included once.  The result is that you need three signatures from the lower-level officers to move the money or only two signatures if the CEO is one of them  (still three sigs but the CEO is providing two of them).  We refer to this as "asymmetric signing authority" and is a useful feature of lockboxes, especially in situations where you may have higher- and lower-security devices, perhaps using the higher- security devices as backup in case the worst happens.

(2) About change addresses:  this is fixed in the latest version which I will release into this thread shortly.  There was some logic that needed to be re-implemented for every user-address-entry widget, which was getting unwieldy, and we hadn't update the change addr box.  We've now consolidated the logic and all address-entry widgets use it (and have the little autodetect label to let you know that Armory recognizes what you entered).  0.91.99.4+ will have this.


@ Simcom

The offline bundle is simply the regular Armory installer bundled with all the dependencies needed to run on 12.04.3.  If you really need to use the latest Ubuntu on your hardware, you can manually fetch the dependencies the same way we do it for the offline bundles.  There's a command-line way and a GUI way ... can describe the CLI way later if needed.  The GUI way is to use Synaptic.  At least in older version of Ubuntu, there was an option in the File menu like "Generate Offline Download Script".  You select the dependencies you need to install (listed below), and it will list all downloads needed for the dependency tree.  The script is just a bunch of wget calls.  When you bring that script to an online computer, it will download all the .debs.  Take it back to the offline computer and again within synaptic, something like File->"Install Packages".   The packages you need are:  libqtcore4 python-qt4 python-twisted python-psutil

@ PodBayDoors

What you describe is what Armory lockboxes are all about.  Armory has made the literal security for single-signature wallets as strong as we can.  Anything else we do to implement things like "segregation of duties" for organizations would be purely artificial -- i.e. we could have Armory enforce multi-factor auth for access to wallets, etc, but anyone with physical access to the machine could bypass all of it by pulling the data off the harddrive, etc.  This could be solved with phsyical- and electronic-tamperproof HSMs used for protecting SSL private certificate data (for like Verisign, etc).  And I hope one day we'll have that.  But until then, we don't want to give anyone a false sense of security about their single-signature wallet(s).

However this thread is all about multi-sig lockboxes which does exactly what you're talking about.  You can have the multiple parties manage the systems separately, so that no one party has access to more than one signing authority for funds.  Again, if you use HSMs you could have each signing authority protected with further access control (like 2 people per device needed to execute signing), but even without that you have all the segregation of duties you need, here.  Each party sets up their own device and merges their public keys into a lockbox.  No one has access to anyone else's.  They might not even know who the other holders are, or how the other devices are secured!   Fully-decentralized, no single points of failure.

[helgabutters]

Approximately 4 seconds into the video, when hitting "Cancel" in the "Import Multi-Spend Transaction" on Windows 7 32-bit, the "Bitcoin Wallet Management" window will pop up and then close.

https://www.youtube.com/watch?v=4xR6ghvsL9c

[etotheipi]

Approximately 4 seconds into the video, when hitting "Cancel" in the "Import Multi-Spend Transaction" on Windows 7 32-bit, the "Bitcoin Wallet Management" window will pop up and then close.

https://www.youtube.com/watch?v=4xR6ghvsL9c

1CpZpDhoFciGCydqw3S73iF8rqbX9D6sxs

Ack, you just reminded me that I need to do something with that menu.  It is tough to describe why thy are there -- mainly you use them if you want to simulfund a regular address or lockbox you don't have loaded.  The lockbox manager requires you to select the lockbox to be simulfunded, and if you try to switch the simulfunding to another address or lockbox, you get an error (it seems unnecessary, but implementation was much simpler).   

In other words, if you want to simulfund a lockbox that you have loaded, you use the lockbox manager.  If you want to simulfund anything else (such as matching donations to a regular bitcoin address), you currently have to use those menu options.  I'd like to figure out how to make both available in a coherent way.

Nothing really to do with your bug, simply stating that I meant to figure out how to clean those up or remove those menu items, and actually forgot they were there, so they've been neglected.  You will get your bounty nonetheless. 

[PodBayDoors]

Thanks Alan for responding, OK I get your points. But if I had Admin privileges and could turn on/off or limit user functions based on login it would be even more useful. Certainly someone compromising the machine as Admin is still a threat (HSM etc would help that as you say).
Here's my scenario: I want a User to be able to create, import, sign, and broadcast multi-sig txns, but not be able to import new public addresses, and not be able to spend single sig from his wallet, or at least only be able to spend to whitelist addresses maintained by Admin. Only Admin can import new public addresses, change whitelist etc. Even better would be daily spending or txn number limits.
Am I missing something? Will pay BTC to someone who wants to consult and figure this out, thx

[helgabutters]

Bug 1: "Manage Multi-Sign Lockbox Info" window in Linux doesn't gracefully stay behind certain other windows. Two examples: https://www.youtube.com/watch?v=j0QoJ3aYjdw

Bug 2/3: Really long "Extended Lockbox Details" on Windows will cause odd resizing issues https://www.youtube.com/watch?v=Q9Qs9qVaKk4
On Linux you won't be able to read all of the details and there is way of knowing if there is any more. You may not agree with what is not being displayed.
I'm not sure if this is considered one or two bugs since they would both be fixed by adding scroll bars.

Bug 4: For all "Required Signatures" lockbox pictures up to 6 have no numbers in them. The 7th one does and makes it very difficult to see anything well.
https://i.imgur.com/3EUHJ3T.png

https://i.imgur.com/Lt1VpU9.png

Bug 5: Non-ascii can be edited in the export of a lockbox and will be imported successfully. Many of the places have "Armory does not currently support non-ASCII characters in most text fields (like £¥áöé).  Please use only letters found on an English(US) keyboard.  This will be fixed in an upcoming release". One example that changes the ID of Wallet #3

Code:

=====LOCKBOX-tcu7JNJJ===========================================================
AAAAAAsRCQcNIplTAAAAAMlSQQRookyi5xjlzOMcwWUFLK6hdg8PrWHG779NPNuc3e2RgyGzriiST4sL
UmbUC/WyMpivrI6/fGdSR9O4nbE78uN9QQRs5JgypL26AhFkb1FHRi+bUCa6YbiQrqz/LTAzYV0ZshUt
EaW/S8l8pkV9V26J6BnaXu1Iu5S0ZladEYLnHWn2QQSJMq+Jy4dAr6tfgZgJs7NT79i9RiVCvj5fVlQw
apUcME/5/ZauRxApiNiJVjsTe480a8QA3umBie+KZRGxK5JRU64FVGVzdDIFdGVzdDIDAAAAGlByaW1h
cnkgV2FsbGV0ICgyanFmUDhuRGspGlByaW1hcnkgV2FsbGV0ICgyanFmUDhuRGspGlByaW1hcnkgV2Fs
bGV0ICgyanFmUN6+HgMp
================================================================================

Minor Bug 1: There is no period after "Click this button to copy a link directoy into Armory" in "Sending from Wallet"

[PRab]

(1) Repeated public keys in lockboxes:  this is actually intentional!  Consider this scenario:  There's a CEO and four other officers of an organization.  Realistically, the CEO's signature should carry more weight than the others, but he still shouldn't have complete access to the funds.  So what we do is set up a 3-of-6 lockbox:  his key is repeated twice, and each of the other four officers' keys are included once.  The result is that you need three signatures from the lower-level officers to move the money or only two signatures if the CEO is one of them  (still three sigs but the CEO is providing two of them).  We refer to this as "asymmetric signing authority" and is a useful feature of lockboxes, especially in situations where you may have higher- and lower-security devices, perhaps using the higher- security devices as backup in case the worst happens.

Sounds like a good reason to add the same public key more than once, but that still leaves the bug that I can't sign the transaction more than once. I would love to return the coins to the testnet faucet, but right now, I can't figure out how to do that.

[helgabutters]

Bug 1: Description for "Sign Simulfunding Transaction" should either be "Reivew and sign a simulfinding ..." or "Review a signed simulfunding ...": https://i.imgur.com/zcqz8zq.png

Bug 2: The first paragraph has "Grey keyholes are already signed.Untitled" where "Untitled" should not be there: https://i.imgur.com/Aa7aVf3.png

Bug 3: Paste this into the Lockbox Extended Info: http://pastie.org/pastes/9285120/text?key=v5a6hwmyobmyh2tnulp7fq
Then sign and attempt to broadcast a transaction through Promissary Notes. This should be most of the relevant log: http://pastie.org/pastes/9285240/text?key=igfpoka4bh50gxpog
Video example: https://www.youtube.com/watch?v=ANn1N3I2J4o

Bug 4: Set a 3-of-3 lockbox and follow the steps in the video: https://www.youtube.com/watch?v=79qSj2K94K4
This should be most of the relevant log: http://pastie.org/pastes/9285250/text?key=p4tfturkj2zbtphysfgjg

[helgabutters]

Bug 1: Overly long names will not fully be shown on screen: https://www.youtube.com/watch?v=CBIwHxvicPM

Bug 2: Main Lockbox Management shows transaction is in block but transaction information displays not in block yet: https://www.youtube.com/watch?v=1a2GMHLKknU

Bug 3: Amount of BTC recieved through notification is showing both actual amount and change address amount (which is not controlled by anything in this wallet) / At about 17 seconds in: https://www.youtube.com/watch?feature=player_detailpage&v=fGqYngHGCYA#t=17

Bug 4: Trying to set a Lockbox Bare or P2SH as a change address: https://www.youtube.com/watch?v=3fuWzQmFmVs

Bug 5: In "Create Simulfunding Promissory Note" if no BTC amount is given and you hit "Continue":
'You did not specify an amount to promise!
The extra ' should be removed

[etotheipi]

Thanks Alan for responding, OK I get your points. But if I had Admin privileges and could turn on/off or limit user functions based on login it would be even more useful. Certainly someone compromising the machine as Admin is still a threat (HSM etc would help that as you say).
Here's my scenario: I want a User to be able to create, import, sign, and broadcast multi-sig txns, but not be able to import new public addresses, and not be able to spend single sig from his wallet, or at least only be able to spend to whitelist addresses maintained by Admin. Only Admin can import new public addresses, change whitelist etc. Even better would be daily spending or txn number limits.
Am I missing something? Will pay BTC to someone who wants to consult and figure this out, thx

Going forward, this kind of thing makes sense for us to do.  In fact, your comments inspired this thread, and I think that will be one of the first things we implement when we start figuring out how to better satisfy small-business type use cases.  I hadn't considered the idea before that you could make sure the key is encrypted with multiple passwords, thus enabling better access control on consumer hardware as long as there is operational security to back it up.

@PRab

Just fixed the repeated-public-key issue.  Will release an update this week that will enable you to sign your transactions back to the faucet

@helgabutters

Thanks so much for the feedback!  Especially for all the useful videos showing the bugs!  It's been extremely helpful. 

I think I fixed most of the issues you identified, except for some of the longstanding sizing issues and quirks running Armory on Linux.  Mostly what I've done is I've imposed a maximum character size on all the free-form entry fields (like prom note labels, etc), or limited the number of characters displayed. 



With the new lockbox dashboard and a bunch of these quirks fixed, I'll have a new version for you to test midweek and you can collect more bounties. 

[helgabutters]

With the new lockbox dashboard and a bunch of these quirks fixed, I'll have a new version for you to test midweek and you can collect more bounties. 

Awesome! I've been using Armory for years now and it is hands down my favorite bitcoin wallet.

You seem like you do a lot of the stuff yourself, if you need help with anything else give me a PM. I'm not a coder but I do network administration/security research/pentesting and I can help with things such as documentation, support, servers, maintenance, testing, etc.

Also, I just want to verify that as of now there is no way to getting armory on testnet in OSX, correct?