pull down to refresh

Peritas: A Vision for Accessible Multi-sig

Introducing: Peritas

Let me preface this with the following disclaimer:
I am not a dev, I can't code and I've never written a white paper...
With that out of the way, let's talk multi-sig.
By day, I'm a maintenance tech. That is to say, I earn fiat by unclogging toilets, fixing broken dishwashers and refrigerators, and troubleshooting boiler systems and air conditioning units. I was scrolling through my nostr feed today having just fixed a leaking toilet and on my way to look at a stuck zone valve on a boiler line when I came across a note from Guy Swann:
So, I thought about it... kept thinking about it... and kept thinking about it until I felt compelled to reply. A few back-and-forths later, and I found myself responding to Guy with:
"A non-dev", yes, that's how I identify. And in that moment I realized the flaw in how I look at the world. 
Nothing in life brings me greater joy than finding a creative solution to a problem, yet, perhaps as a coping mechanism, I tend to avoid considering solutions to problems I deem outside my skill-sets.tside my skill-sets. All my life I have limited myself to the scope of my own ability, neglecting to consider that I can play a part in solving more complex problems by leveraging the abilities and talent of those around me who see the same problems in the world that I do.
I'm resolving to change this. The release of the Peritas White Paper represents my first step towards this.
As I stated in the beginning: "I am not dev, I can't code.". But after nearly four years of obsessive involvement in the Bitcoin space, I have a vision of the solutions I want to see made available. I will do what I can to bring these visions into reality.
This is a work in progress. The scope and details of this project will necessary evolve as needed to adapt to reality and community/user input.
With that said, I present Peritas for your review. 

Peritas: An Accessible Multi-Signature Wallet Proposal for Enhanced Self-Custody (Updated 867475)

Abstract

Peritas aims to provide or inspire simple, open-source, multi-platform applications designed to simplify the setup and management of multi-signature (multi-sig) wallets. It specifically targets new Bitcoin users, enhancing the security of their holdings without requiring additional hardware. By creating an accessible, intuitive interface and aligning with Web of Trust (WOT) principles, Peritas hopes to address a significant gap in the Bitcoin ecosystem, promoting higher security with minimal user friction.

1. Introduction

Bitcoin wallets typically take one of two forms: single-signature (single-sig) and multi-signature (multi-sig). Single-sig wallets are the default, and they are most commonly used by those new to self-custody as they are simple to set up and manage. However, single-sig wallets present a security risk as only one key is needed to access and move funds, leaving them vulnerable to theft or compromise.
Multi-sig wallets require multiple keys to authorize transactions, significantly enhancing security by distributing custody across multiple signatories. Multi-sig should be the standard for all Bitcoin self-custody setups, particularly for key recovery and backup processes, as an improvement over traditional paper seed backups.
This white paper introduces Peritas: an open-source, multi-platform application proposal that simplifies multi-sig wallet creation and operation, making enhanced security accessible to all Bitcoin users without the need for dedicated hardware.

2. System Overview

2.1 Wallet Creation Process

Peritas provides users with a simple, guided process for creating a secure multi-sig wallet:
  • Initial Keypair Generation: Upon initial app startup, Peritas automatically generates a base Bitcoin keypair (Base Key) for the user. This Base Key will be foundational for creating recovery and multi-sig configurations.
  • Vault Founders (Founders) begin by opting to create a new "vault" (multi-signature wallet). The default configuration is a 2/3 multi-sig setup, although Founders can access advanced settings to adjust the number of signatories and the threshold required for authorizing transactions.
  • The application will derive a new private key (Vault Key) from the Base Key for use in the new multi-sig vault. Vault Keys may be derived from the Base Key using BIP-85 child seeds, alternate accounts or derivation paths, or the use of passphrases (exact method TBD). All data required for regeneration of Vault Keys is securely stored in encrypted app data.
  • It is important to tailor multi-sig setups to the Founder's situation, skill level, and the size of their holdings. For smaller amounts (e.g., 100,000 sats), a 2/3 service-based multi-sig involving keys held on the Founder's phone, a spouse's or trusted contact's device, a participating exchange where the Founder purchases Bitcoin, or a vetted third-party key holder may be appropriate, providing a balance of convenience and security. For larger holdings, Founders may opt for a more secure configuration with a higher number of signatories and a higher threshold for transaction authorization to enhance fault-tolerance and mitigate risks.

2.2 Integration with Trusted Contacts (Keyholders)

  • Founders are prompted to select a Keyholder, a trusted contact who will generate a Social Recovery Key.
  • Following initial app startup, Keyholders will select an option to "Become a Keyholder". This selection prompts Peritas to generate a Social Recovery Key using a process identical to the creation of Vault Keys (outlined in 2.1).
  • The public key from this newly generated Social Recovery Key, (created through a simple option on the app's welcome page), is shared back to the Vault Founder for use in the configuration of their multi-sig vault.
  • An "affiliate + key assistance" system could also be used, where a Social Recovery Key could be managed by the person who onboarded the user (e.g., a mentor), who, assuming a trusted relationship between parties, could assist the Founder through the vault creation and management process as needed.

2.3 Third-Party Collaborative Custody

  • Third-Party Integration and Support: Peritas envisions integration of its vault creation process with vetted exchanges or respected Bitcoin support and mentorship services. These Third-Party Keyholders can offer higher levels of technical support and guidance to Founders, though such support may come at the expense of privacy.
  • Flexibility: Peritas provides a flexible setup for multi-sig vaults. Founders may choose to forgo this institutional third-party key involvement entirely, opting instead to include additional trusted contact Keyholders, as referenced in 2.2, for a more private configuration.

2.4 Vault Creation and Management

  • With the Founder's, Keyholder's, and any Third-Party Keyholder's public keys in place, Peritas creates a multi-signature vault and shares descriptor files securely with all participating parties.
  • The app houses configuration files for each multi-sig vault and enforces security by rejecting any attempt to add additional keys from the same vault, ensuring that a quorum of keys cannot be consolidated on a single device.

2.5 Encrypted Cloud Backup

  • To enhance redundancy, Peritas offers users the option to encrypt and store their keys and vault configuration files with their preferred cloud service (e.g., iCloud, Google Drive). This approach leverages familiar systems providing a seamless way for users to store recovery keys, minimizing the risk of loss of key material in the event of device loss or app data deletion.

3. Technical Implementation

3.1 Security Architecture

  • Encryption: All communication between the app, users, trusted contacts, and exchanges is encrypted using AES-256 and other state-of-the-art encryption protocols to ensure privacy and prevent interception or tampering.
  • Cross-Platform Support: Peritas is designed to function across multiple platforms (iOS, Android, Windows, Linux) to ensure broad accessibility.
  • Data Transmission: Secure communication protocols such as Fedi, Matrix, Nostr Gift-Wrapped Messages, or Pears integration may be used to transmit public keys, descriptor files, and signatures, safeguarding user information.

3.2 User Experience Design

  • Onboarding and Education: A setup wizard guides users through vault creation, using simple language and visual aids to explain multi-sig benefits, vault concepts, and the roles of different types of Keyholders.
  • Pathfinder Mode: Users can access an advanced "Pathfinder Mode" to configure vaults with a higher number of signatories than the default 2-of-3 vault, unlocking options for custom thresholds, personalized wallet configurations, and unique security protocols. Future expansions under Pathfinder Mode may include enhanced signing automation, integration with additional security services, and greater control over key storage and recovery preferences, enabling users to tailor their vault setup to their evolving security needs.

3.3 Node Connectivity

To maintain decentralization and minimize the risk associated with a single point of failure, Peritas will not rely on a central node for its operations. Instead, offering multiple options for users:
  • Custom Node Connections: Users can connect Peritas to their own Bitcoin nodes, providing maximum control and security. This approach aligns with the Bitcoin ethos of self-sovereignty and reduces reliance on third-party infrastructure.
  • Public Node Selection: For users without their own nodes, the application will provide a selection of vetted, community-operated public nodes to connect with. This offers convenience while distributing trust across multiple independent entities, minimizing the risk of centralization.
  • Tor Integration: To enhance privacy, Peritas will support Tor integration, enabling users to connect to nodes anonymously and reducing the risk of tracking and monitoring.
  • Automatic Node Load Balancing: The app may implement a feature that automatically rotates between multiple trusted public nodes, ensuring that no single node becomes a point of dependency.
  • You can view additional connectivity ideas we're thinking through in our file Decentralized Checkpointing.md.

4. Security and Privacy Considerations

Peritas prioritizes security and privacy:
  • Multi-Factor Authentication (MFA): To protect app access, users may set up MFA as an additional security layer.
  • Local and Cloud Encryption Standards: The app uses AES-256 for local storage of keys and end-to-end encryption for cloud backups and transmission of public keys and descriptors.
  • Key Recovery and Redundancy: Cloud services are employed for encrypted backups, providing redundancy while ensuring that users retain control over their key material.

5. Integration and Collaboration Opportunities

5.1 Wallet Providers

  • Peritas could partner with existing and up-coming open-source wallet providers, to integrate its vault functionality proposals and expand their security offerings.

5.2 Exchange Collaboration

  • By collaborating with exchanges, Peritas can provide seamless integration for obtaining Exchange Public Keys, building trust and simplifying the user experience for those securing their funds.

6. Future Development and Monetization

6.1 Feature Expansion

  • Hardware Wallet Integration: Future updates will include compatibility with hardware wallets, providing additional security options for advanced users who wish to incorporate dedicated signing devices into their multi-sig setup.
  • Automatic Backup Options: Users will have more automated and secure options for backing up their encrypted keys, including automated cloud backups and integration with secure storage solutions.
  • Transaction Monitoring: The app will incorporate transaction monitoring services, enabling users to receive alerts and detailed information about incoming and outgoing transactions.
  • Guided Key Rotation/Replacement: To maintain long-term security and minimize risks from potential key compromises, Peritas will offer a guided process for rotating or replacing keys within a multi-sig setup. The feature will provide users with step-by-step instructions on how to update their vault's keys, ensuring a secure and seamless transition without risking access to funds.
  • Timelocks: Pathfinder Mode allows users to set custom timelocks for certain transactions, offering additional control over when funds can be moved, which is particularly useful in setting up delayed recovery mechanisms or ensuring funds are secure for specific timeframes.
  • Miniscript Support: Integrate Miniscript functionality for a more expressive and programmable approach to transaction conditions, empowering users to set complex logic for transaction approvals and build custom spending policies tailored to their needs.
  • Future-Proofing with CTV: In the event of future consensus around CheckTemplateVerify (CTV) (BIP-119), Pathfinder Mode will likely be updated to support CTV-specific outputs, offering options for conditional spending paths and more efficient use of UTXOs. This will enable enhanced, adaptable control over transaction flows, making Peritas wallets more resilient and versatile as Bitcoin development progresses.

6.2 Premium Services

  • Potential premium services include advanced support for users configuring complex vaults. These services may be facilitated through strategic partnerships with community-vetted organizations such as Bitcoin Mentor or The Bitcoin Way, ensuring trusted and expert guidance for users.

7. Market Considerations and Demand

While specialized hardware signing devices will continue to cater to those with heightened security demands (i.e., "paranoid crypto anarchists"), Peritas fills a gap for new entrants to the space who may not yet be ready or willing to purchase dedicated hardware. Providing robust, easy-to-use software solutions ensures that the demand for secure self-custody is met for all levels of users.

8. Conclusion

Peritas is a critical step forward in improving Bitcoin self-custody security. By proposing an open-source framework for user-friendly vault creation and management applications, Peritas is working to empower users to protect their holdings without the need for additional hardware. Every self-custody setup should incorporate multi-sig, and Peritas provides an adoptable framework for secure solutions that meet this need, ensuring that new users will have access to robust security models that align with the ethos of Bitcoin's financial sovereignty. By paving a path to accessible and secure Bitcoin self-custody for the coming waves of new Bitcoin participants, Peritas aims to uphold and strengthen the principles of financial freedom and autonomy in the Bitcoin ecosystem.

9. Contributors and Acknowledgements

Peritas was developed with insights and support from many contributors in the Bitcoin community:
  • Guy Swann, founder of Bitcoin Audible, provided valuable perspectives on multi-signature setups and emphasized the importance of using multi-sig as the standard for Bitcoin self-custody and recovery processes.
  • We also acknowledge the efforts of the many builders and developers who have worked tirelessly to bring Bitcoin self-custody to its present stage, creating the tools and upholding the principles that Peritas hopes to further.
  • Additional input and feedback were provided by members of the Bitcoin community who share a commitment to enhancing security and accessibility for Bitcoin newcomers.

10. Additional Resources

See a breakdown of some of the terms used above in Glossary of Terms.md.

Thanks For Reading!

[For the most up-to-date version of the Peritas White Paper, please visit my Github Repository!]

Block 867476 - MSK 1490

Digging Deeper:

External Resources:

...Woof!

Thank you for your writeup. This sounds like a combination of unchained (collab custody) and bitkey which is a new offering from Block.
It sounds interesting. If I may... from my own research and experience it is far, far better that users generate keys offline through either hardware wallets using signed firmware... or through secure computing environments (TAILS OS).
And for most normies, whether it's single or multisig, hardware wallets are a significant upgrade in key generation and management from any kind of operating-system generation... that is generating and managing keys while offline.
If you haven't tried it, Nunchuck does this really well. Different keys can be put into a multisig via different methods - USB, QR code, NFC, and through hot wallets. Then they can be signed 'offline' and conglomerated on the phone app nunchuck.
It's not perfect... but it is pretty user friendly and they offer a paid service where one or more keys are kept encrypted by the company running the service.
reply
Heck yea giving out your SN referral link!
Future-Proofing with CTV: In the event of future consensus around CheckTemplateVerify (CTV) (BIP-119), Pathfinder Mode will likely be updated to support CTV-specific outputs, offering options for conditional spending paths and more efficient use of UTXOs. This will enable enhanced, adaptable control over transaction flows, making Peritas wallets more resilient and versatile as Bitcoin development progresses.
It’s stuff like Peritas that is why CTV will one day activate. It’s a chicken and egg problem, but with enough stuff built for CTV, then it’ll get implemented!
reply