pull down to refresh

I've read quite a few of the threads on SN around this topic and while many seem to favor singlesig I still can see some benefits of multisig that may make it worthwhile. The main benefits to me revolve around mitigating software/firmware/hardware bugs, an upstream supply chain attack, or a bad random-number generator.
If I were to use a single sig electrum wallet or one HWW, any of those issues I mentioned could be devastating. Those issues may already exist in particular hardware/software or may not have been discovered yet. But if I use a 2/3 setup, an attacker would need two of my HWW to have an issue and exploit them together to move funds. That seems like a substantial upgrade in security.
Everything is trade-offs of course and I love the simplicity of single sig, but I find it hard to put all my faith in one HWW (even a coldcard) and hope that it was not tampered with on the way to me or could not have a malicious firmware update in the future...
I think Michael Flaxman made a pretty good argument here: https://btcguide.github.io/why-multisig
he explains in much more detail in this podcast episode: https://stephanlivera.com/episode/97/
Multisig is great, and UX is quickly improving!
Checkout Taproot-based multisig wallets, which we just launched a few hours ago on Nunchuk (currently a beta feature): https://nunchuk.io/blog/taproot-multisig
It leverages Schnorr signatures and MuSig2 protocol to enhance privacy (i.e. Taproot multisig transactions look indistinguishable from singlesig transactions on-chain) and lower transaction fees.
reply
Thanks for sharing this. For someone who has an older multisig setup (not Taproot based), do you think it is worth migrating to a newer Taproot based wallet?
reply
You're welcome!
It's still very early days (this is a beta release), plus the rest of the ecosystem hasn't added support for Taproot yet. In terms of hardware signing devices, only Ledger and Coinkite currently have experimental firmware for Taproot. So I'd say give it some time to mature. If you want to try it out, put a very small amount of fund in it.
reply
I'd wait a while to see how it plays out. Only very few wallets support taproot multisig so its pretty early.
I like the privacy improvements, but I also need to research more on all the other tradeoffs.
reply
If you are storing any significant amount of BTC, you really need to be using multi-sig. Even if you hold all the parts, it's still going to provide more security, at the cost of convenience, than a single-sig. Multi-sig can also help prepare you against things like natural disaster, your own death (for passing on to heirs), etc.
You can't reasonably store a backup of you single-sig anywhere with any party without completely trusting that party. You can reasonably store a part of a multi-sig with another party without needing to trust them completely or really even at all.
Likewise, if you're the "bury your Bitcoin seed in the woods" type, if somebody finds your stash? They found your bitcoin. If they found 1/3rd of your stash? Good luck finding the rest.
reply
Eliminate single points-of-failure, test redundancies.
reply
I don't have a ton of bitcoin but enough that I'd be pretty upset if I lost it all. I'm in the process of switching to multisig myself.
reply
Multi-sig has it's place, UX is improving and taproot multi-sig makes your on-chain footprint cleaner so you don't give away you in multi-sig.
I still don't think it's the ultimate one-size-fits all solution though, first you adding complexity to your setup, which you need to be ready for, thats why I always say its a graduation process, get comfortable with single sig first before graduating towards a more robust setup.
Multi-sig can give you better security in theory, but you can have a 2/3, means fuckall if you keep all your keys in one spot like a safe and I get access, then its just security theatre
Airgapped single-sig to me solves the majority of self custody problems and threats, and if you in a part of the world where wrench attacks are common, a passphrase or a timelock on your UTXOs should be enough to keep your funds safe
reply
Multisig wallets offer a number of advantages that make them attractive for a variety of scenarios, some of which are listed below:
Increased security: By requiring authorization from multiple parties, the risk of theft or loss of funds is significantly reduced. Shared management: Ideal for teams, organizations or families wishing to manage funds jointly. Error prevention: The need for multiple signatures reduces the possibility of human error in transactions. I consider a multisig wallet to be a powerful tool for those seeking greater security and control in their cryptocurrency transactions. Its ability to require approval from multiple parties offers an additional layer of protection and flexibility.
reply
Air-gapped hardware wallet with a passphrase mitigates all attack vectors you mentioned.
reply
So lets imagine your device has malicious firmware (either malicious from HWW devs or from supply chain attack or evil maid). It has been modified so all spends go to an address they control despite the display on HWW shows that it will be directed to the address you provided.
How does the fact that it is air gapped prevent this?
reply
Because you don't broadcast a transaction from a hardware signing device.
You take the signed transaction and just look at it on any computer and you'll see the addresses. If it's not one you control, don't broadcast and stop trusting that particular signing device.
You should always check your transaction before broadcasting anyway, even if you're using multisig.
No offense intended at all, but if you don't know this already, you may be more likely to make a mistake with your multisig setup. Please make sure you understand the risks and best practices.
By far the biggest causes of lost funds are user error and scams. I understand completely the desire to be as cautious as possible, and multisig has uses, but I think you might be overestimating the threat of malicious hardware signing devices.
reply
Perhaps the malicious firmware and/or supply chain attack is more relevant given what you said.
So for example, you use a single sig HWW and it has malicious firmware (either malicious firmware directly from manufacturer, supply chain attack or malicious update). You set up the wallet with a passphrase. However, due to the malicious firmware, it does not 'respect' the passphrase randomness when generating the seed so private keys are known to the attacker.
You have no idea about this and therefore you use the receive addresses shown on both your HWW and computer screen to sweep your life savings or to receive payments, etc...
At some point down the line, attacker sweeps the wallet because they always knew the private keys.
I know there are ways to verify your seed creation using 3rd party software. So for example, do your 100 dice rolls and input into cold card and using another method, and now compare the seed words that are generated to ensure that a pre-determined seed wasn't given to you by the cold card. I just assume 99% of users wouldn't do this.
reply
That is a fair point about double checking the send address on the computer screen. It was beat into me early in my bitcoin journey to never trust the computer screen though and instead to trust what the airgapped HWW screen shows instead. But your point is still fair, if my coldcard said it is sending to address 123 and my computer screen Sparrow says its sending to address 456, I should know there is an issue of some kind before sending. So a malicious send would have to involve both sparrow and coldcard being compromised (or a user not double checking the send address in both places)
reply
The issue is with verifying 'which addresses' belong to that 'wallet' (really a keyring).
And it is not a great idea... to trust a computer screen. Of course you will need to trust a screen of course. But by storing the keys offline and air-gapping a HW wallet the safety goes up immensely.
Multi-sig just improves on that for certain situations, where you have 2 independent, separately manufactured devices sign 2 different keys. If both devices don't agree on exactly what they are signing... the transaction will not go through. This is even improved when the signing devices/keys are geographically separated.
reply
Wrench attack/bad cleaning lady?
reply