Return-Path: Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id E8643C013A for ; Tue, 9 Feb 2021 10:58:19 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id D022086191 for ; Tue, 9 Feb 2021 10:58:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PT-LFVXS2u8D for ; Tue, 9 Feb 2021 10:58:19 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ua1-f41.google.com (mail-ua1-f41.google.com [209.85.222.41]) by fraxinus.osuosl.org (Postfix) with ESMTPS id D762E8618F for ; Tue, 9 Feb 2021 10:58:18 +0000 (UTC) Received: by mail-ua1-f41.google.com with SMTP id 30so1394591uac.7 for ; Tue, 09 Feb 2021 02:58:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nunchuk-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=byKCl/YbiLSJ80ktQcqR9j+1yAT+4NNtmywGNYZuOIE=; b=ZRb+nEz+hUex8v2KZGSW9voy76OZQsloiKUwPv94xOG5VBERVPDNfAQs1e23nDUQ3w qdxFgrzxh9UCBkLpeQ2LGXMSPjv7ZcWoF798n5noruxK7BAaaAohnXVdg1/Y+NbjtaYC pXJm2fiWps//J9eFTAciJEmEYCUO90xKsB22qE9RC0pRnDMzOTWDQFdtCv9TiPM5ER8L MxcVEoHTEtEcfIFeOItlq0ivoqk8Cx56NGIlhZp6DLVt8HHmHYvWFErdgDEtQwKdUvpK CelaO6XAQBvqqVfQsr05wVNmzYSitEzIRttn6RLq9XTvwiItaMNU8TTOwaLuM5peR0r8 83tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=byKCl/YbiLSJ80ktQcqR9j+1yAT+4NNtmywGNYZuOIE=; b=HACNfIgbq3iYXXgRgE28pc2Ro8a3p6IIytvaIf4vLg5Jjtj2i3U5BsdJwkG2Nlt1RW 4UxRWiTepZPjulB9uddvZY+AEg47yQtmcn7hLgpt8T+rW4c9OP5xWsGwAoUvd+EOO95s bQXpmagEiUrn/vqnP9GpVftIySkMRiwuPmarF1rB6Yv5Ds6M1Pk72fBjjeZi1ejYsXKo uA9nl6r5Os23kPkB7+p1x+1JMhG3SlqO178nX3jhgyHyEnYFi7AS0B9SSAAx+nr44HZe DHZ7nadZEaXFkJ+RH2QRnz4yHTQjyyjYcby5j5/RnblltncikQSVfBRC7XHvAVfJbfqt oPIQ== X-Gm-Message-State: AOAM533fCnLrjHTw4BhLiuZc05PrVH7MtWI4HBVSxzonY6vJJRDlyUij BoxkletkCiPGGoF+I9XFJQyv59Uq1FQpZnYwXXHFnA== X-Google-Smtp-Source: ABdhPJxgQihlxQz6WzSVDGZnzwp1hfM31pOrZ3KF7VSmUQ/XpnaU6gp3I5faZ9e1kHa62X5An/nvHsVAbjPbArL/N+Q= X-Received: by 2002:ab0:7022:: with SMTP id u2mr4083998ual.63.1612868297913; Tue, 09 Feb 2021 02:58:17 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Hugo Nguyen Date: Tue, 9 Feb 2021 02:58:06 -0800 Message-ID: To: Christopher Allen Content-Type: multipart/alternative; boundary="000000000000f7897405bae52989" X-Mailman-Approved-At: Tue, 09 Feb 2021 11:38:02 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Proposal: Bitcoin Secure Multisig Setup X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Feb 2021 10:58:20 -0000 --000000000000f7897405bae52989 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Feb 9, 2021 at 2:19 AM Christopher Allen < ChristopherA@lifewithalacrity.com> wrote: > > > On Tue, Feb 9, 2021 at 2:06 AM Hugo Nguyen wrote: > >> >> I don't think reusing XPUBs inside different multisig wallets is a good >> idea... For starters, loss of privacy in one wallet will immediately aff= ect >> privacy of other wallets. I think multisig wallets should be completely >> firewalled from each other. That means one unique XPUB per wallet. This = is >> what we have been doing with the Nunchuk wallet. >> > > To be clear, I have stated repeatedly that xpub reuse into multisig is a > poor practice. However, finding a trustless solution when a wallet is > airgapped with no network, or is stateless like Trezor, is quite hard. > > The challenge also includes how does an airgapped or stateless wallet kno= w > that it is talking to the same process on the other side that that it gav= e > the xpub to in the first place. Without state to allow for a commitment, = or > at least a TOFU, a cosigner who thought he was part of a 3 of 5 could > discover that he instead is in a 2 of 3, or in a script with an OR, as so= me > form of scam. > The shared secret approach that I mentioned in the proposal actually can help you here. The TOKEN doubles as a session ID - thereby establishing a common state on both sides. Best, Hugo > > =E2=80=94 Christopher Allen > >> --000000000000f7897405bae52989 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Tue, Feb 9, 2021 at 2:19 AM Christ= opher Allen <Christ= opherA@lifewithalacrity.com> wrote:


On Tue, Feb 9, 2021 at 2:06 AM Hug= o Nguyen <hugo@nunc= huk.io> wrote:

I don&#= 39;t think reusing XPUBs inside different multisig wallets is a good idea..= . For starters, loss of privacy in one wallet will immediately affect priva= cy of other wallets. I think multisig wallets should be completely firewall= ed from each other. That means one unique=C2=A0XPUB per wallet. This is wha= t we have been doing with the Nunchuk wallet.

To be clear, I have stated r= epeatedly that xpub reuse into multisig is a poor practice. However, findin= g a trustless solution when a wallet is airgapped with no network, or is st= ateless like Trezor, is quite hard.

The challenge also includes how does an airgapped or stateless = wallet know that it is talking to the same process on the other side that t= hat it gave the xpub to in the first place. Without state to allow for a co= mmitment, or at least a TOFU, a cosigner who thought he was part of a 3 of = 5 could discover that he instead is in a 2 of 3, or in a script with an OR,= as some form of scam.

Th= e shared secret approach that I mentioned in the proposal actually can help= you here. The TOKEN doubles as a session ID - thereby establishing a commo= n state on both sides.

Best,
Hugo
=C2=A0

=E2=80=94 Christopher Allen=C2= =A0
--000000000000f7897405bae52989--