summaryrefslogtreecommitdiff
path: root/65/211a00975f69b1ed56b71d2606f58ed42bebc7
blob: 264635c824896093376b7123deb462d5fd64b571 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
Return-Path: <hugo@nunchuk.io>
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id E8643C013A
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue,  9 Feb 2021 10:58:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by fraxinus.osuosl.org (Postfix) with ESMTP id D022086191
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue,  9 Feb 2021 10:58:19 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id PT-LFVXS2u8D
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue,  9 Feb 2021 10:58:19 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail-ua1-f41.google.com (mail-ua1-f41.google.com
 [209.85.222.41])
 by fraxinus.osuosl.org (Postfix) with ESMTPS id D762E8618F
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue,  9 Feb 2021 10:58:18 +0000 (UTC)
Received: by mail-ua1-f41.google.com with SMTP id 30so1394591uac.7
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 09 Feb 2021 02:58:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=nunchuk-io.20150623.gappssmtp.com; s=20150623;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=byKCl/YbiLSJ80ktQcqR9j+1yAT+4NNtmywGNYZuOIE=;
 b=ZRb+nEz+hUex8v2KZGSW9voy76OZQsloiKUwPv94xOG5VBERVPDNfAQs1e23nDUQ3w
 qdxFgrzxh9UCBkLpeQ2LGXMSPjv7ZcWoF798n5noruxK7BAaaAohnXVdg1/Y+NbjtaYC
 pXJm2fiWps//J9eFTAciJEmEYCUO90xKsB22qE9RC0pRnDMzOTWDQFdtCv9TiPM5ER8L
 MxcVEoHTEtEcfIFeOItlq0ivoqk8Cx56NGIlhZp6DLVt8HHmHYvWFErdgDEtQwKdUvpK
 CelaO6XAQBvqqVfQsr05wVNmzYSitEzIRttn6RLq9XTvwiItaMNU8TTOwaLuM5peR0r8
 83tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=byKCl/YbiLSJ80ktQcqR9j+1yAT+4NNtmywGNYZuOIE=;
 b=HACNfIgbq3iYXXgRgE28pc2Ro8a3p6IIytvaIf4vLg5Jjtj2i3U5BsdJwkG2Nlt1RW
 4UxRWiTepZPjulB9uddvZY+AEg47yQtmcn7hLgpt8T+rW4c9OP5xWsGwAoUvd+EOO95s
 bQXpmagEiUrn/vqnP9GpVftIySkMRiwuPmarF1rB6Yv5Ds6M1Pk72fBjjeZi1ejYsXKo
 uA9nl6r5Os23kPkB7+p1x+1JMhG3SlqO178nX3jhgyHyEnYFi7AS0B9SSAAx+nr44HZe
 DHZ7nadZEaXFkJ+RH2QRnz4yHTQjyyjYcby5j5/RnblltncikQSVfBRC7XHvAVfJbfqt
 oPIQ==
X-Gm-Message-State: AOAM533fCnLrjHTw4BhLiuZc05PrVH7MtWI4HBVSxzonY6vJJRDlyUij
 BoxkletkCiPGGoF+I9XFJQyv59Uq1FQpZnYwXXHFnA==
X-Google-Smtp-Source: ABdhPJxgQihlxQz6WzSVDGZnzwp1hfM31pOrZ3KF7VSmUQ/XpnaU6gp3I5faZ9e1kHa62X5An/nvHsVAbjPbArL/N+Q=
X-Received: by 2002:ab0:7022:: with SMTP id u2mr4083998ual.63.1612868297913;
 Tue, 09 Feb 2021 02:58:17 -0800 (PST)
MIME-Version: 1.0
References: <CAPKmR9uyY70MhmVCh=C9DeyF2Tyxibux1E_bLPo00aW_h+OjLw@mail.gmail.com>
 <CACrqygA1JRA293joYOxxpSepiuFD=uVvQQy3wpuosYyLQHff-A@mail.gmail.com>
 <CAPKmR9tcR7gBfJ=EqJ60J=XvsreZgByL+HEfR0_YvwadJRWNhg@mail.gmail.com>
 <CACrqygDhuateDtJMBSWd9sGRu1yzrZBw2yZ75OyKD1Xmzix3Cw@mail.gmail.com>
In-Reply-To: <CACrqygDhuateDtJMBSWd9sGRu1yzrZBw2yZ75OyKD1Xmzix3Cw@mail.gmail.com>
From: Hugo Nguyen <hugo@nunchuk.io>
Date: Tue, 9 Feb 2021 02:58:06 -0800
Message-ID: <CAPKmR9sUFJqsxKQS_x9rYZzkEO7hXr6vwAyPnysQPzA91TDjMA@mail.gmail.com>
To: Christopher Allen <ChristopherA@lifewithalacrity.com>
Content-Type: multipart/alternative; boundary="000000000000f7897405bae52989"
X-Mailman-Approved-At: Tue, 09 Feb 2021 11:38:02 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Proposal: Bitcoin Secure Multisig Setup
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2021 10:58:20 -0000

--000000000000f7897405bae52989
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 9, 2021 at 2:19 AM Christopher Allen <
ChristopherA@lifewithalacrity.com> wrote:

>
>
> On Tue, Feb 9, 2021 at 2:06 AM Hugo Nguyen <hugo@nunchuk.io> wrote:
>
>>
>> I don't think reusing XPUBs inside different multisig wallets is a good
>> idea... For starters, loss of privacy in one wallet will immediately aff=
ect
>> privacy of other wallets. I think multisig wallets should be completely
>> firewalled from each other. That means one unique XPUB per wallet. This =
is
>> what we have been doing with the Nunchuk wallet.
>>
>
> To be clear, I have stated repeatedly that xpub reuse into multisig is a
> poor practice. However, finding a trustless solution when a wallet is
> airgapped with no network, or is stateless like Trezor, is quite hard.
>
> The challenge also includes how does an airgapped or stateless wallet kno=
w
> that it is talking to the same process on the other side that that it gav=
e
> the xpub to in the first place. Without state to allow for a commitment, =
or
> at least a TOFU, a cosigner who thought he was part of a 3 of 5 could
> discover that he instead is in a 2 of 3, or in a script with an OR, as so=
me
> form of scam.
>

The shared secret approach that I mentioned in the proposal actually can
help you here. The TOKEN doubles as a session ID - thereby establishing a
common state on both sides.

Best,
Hugo


>
> =E2=80=94 Christopher Allen
>
>>

--000000000000f7897405bae52989
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Tue, Feb 9, 2021 at 2:19 AM Christ=
opher Allen &lt;<a href=3D"mailto:ChristopherA@lifewithalacrity.com">Christ=
opherA@lifewithalacrity.com</a>&gt; wrote:<br></div><blockquote class=3D"gm=
ail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,=
204,204);padding-left:1ex"><div><br></div><div><br><div class=3D"gmail_quot=
e"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, Feb 9, 2021 at 2:06 AM Hug=
o Nguyen &lt;<a href=3D"mailto:hugo@nunchuk.io" target=3D"_blank">hugo@nunc=
huk.io</a>&gt; wrote:</div><blockquote class=3D"gmail_quote" style=3D"margi=
n:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex=
"><div dir=3D"ltr"><div class=3D"gmail_quote"><div dir=3D"auto"><br>I don&#=
39;t think reusing XPUBs inside different multisig wallets is a good idea..=
. For starters, loss of privacy in one wallet will immediately affect priva=
cy of other wallets. I think multisig wallets should be completely firewall=
ed from each other. That means one unique=C2=A0XPUB per wallet. This is wha=
t we have been doing with the Nunchuk wallet.</div></div></div></blockquote=
><div dir=3D"auto"><br></div><div dir=3D"auto">To be clear, I have stated r=
epeatedly that xpub reuse into multisig is a poor practice. However, findin=
g a trustless solution when a wallet is airgapped with no network, or is st=
ateless like Trezor, is quite hard.</div><div dir=3D"auto"><br></div><div d=
ir=3D"auto">The challenge also includes how does an airgapped or stateless =
wallet know that it is talking to the same process on the other side that t=
hat it gave the xpub to in the first place. Without state to allow for a co=
mmitment, or at least a TOFU, a cosigner who thought he was part of a 3 of =
5 could discover that he instead is in a 2 of 3, or in a script with an OR,=
 as some form of scam.</div></div></div></blockquote><div><br></div><div>Th=
e shared secret approach that I mentioned in the proposal actually can help=
 you here. The TOKEN doubles as a session ID - thereby establishing a commo=
n state on both sides.<br><br>Best,<br>Hugo</div><div>=C2=A0</div><blockquo=
te class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px =
solid rgb(204,204,204);padding-left:1ex"><div><div class=3D"gmail_quote"><d=
iv dir=3D"auto"><br></div><div dir=3D"auto">=E2=80=94 Christopher Allen=C2=
=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8e=
x;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"=
><div class=3D"gmail_quote"><div dir=3D"auto"></div></div></div></blockquot=
e></div></div>
</blockquote></div></div>

--000000000000f7897405bae52989--