Recovery of Multisig Problems for Regular People #3
Comments
|
BTW, I worked on a successor to BIP39 that turned keys into poetry a few years ago. Some of what we learned from that help create the better word-list for SLIP39 (no homonyms, greater hamming distance, etc.) Original concept of details on word lists: https://github.com/ChristopherA/iambic-mnemonic Some node.js code used to create a proof-of-concept https://github.com/ChristopherA/password_poem Part of the design was to pick words with high valence (emotional context) and/or high concreteness (real, visualizable) items. Here is a preliminary 2048 word list that could be used with BIP39 that would be more memorable. https://github.com/ChristopherA/password_poem/blob/master/words.csv With larger number of words, we were able to make iambic pentamer poems, and even use the English word order of the sentences to encode some bits. Our goal was to make randomness come out something like this: -- Christopher Allen |
|
These are NOT trivial issues when thinking about mass-market adoption. Vaulted titanium seed phrases don't exactly map to anything the general public is familiar with...like not at all. That said, I love the idea of multisig recovery leading to a greater appreciation for iambic pentameter poetry :) How lovely such a future could be... |
|
Love the rhyming words! It is indeed difficult for me to envision a future where regular people knowingly use multi-sig. I more see it as infrastructure for the next generation of banks/corps. And as an incredibly useful tool for those who need it or want it. A back-end tool to keep funds safu. For now it is super niche and only the most enthusiastic Bitcoiner's use multisig. They simply must understand that they will not be able to recover funds if they don't save each seed and their xpubs. In my opinion the simplest way to achieve this is via Bitcoin Core public key descriptor's in QR code format. As a minimum each saved seed should be accompanied by the public key descriptor. In reality the pubkey descriptor should be stored in many physical and digital places independently of the seeds. |
|
i also wrote an article - how to memorize seed-words format like this ~ satoshi love people // i can Still remember some old ones from years ago... i like words b/c when in plain text, they also can be easily copied for 2+ years, 'regular' people have held 12 seed-words AND pass-phrases, as part of my storage set-up i'm pretty "regular" (not super technical) this essentially, gives me all the benefits of a BUT without all the Disadvantages of Multi-Sig it seems to me that - "simple seed-splitting"
So, here's a crazy idea - use a single-sig & just manipulate the seeds & passphrases more... i don't really see any benefits of multi-sig also, seed-splitting allows for "weighed" signatories
example- --- all kinds of different combos - can execute for different conditions... And all by simple manipulation of seed-words... just a crazy idea... it's been working very well for me https://medium.com/@summerstarlight321/counter-wrench-attacks-83c75bfbb3de always, Very happy to get critiques.... thanks ! |
|
I think it really depends on how we define regular people! To each their own but I think manipulating seed words is risky, and the number one reason for lost Bitcoin stashes are forgotten passphrases (statistically speaking as per @ChristopherA Smart Custody research). Benefits of multisig being:
|
|
hey @Fonta1n3 the ONLY benefit i see is, as you mentioned,
quick rebuke your other points - "Benefits of multisig being: you don't need to memorize anything
can share seeds with others without having to worry about them being able to brute force your other seeds (take it a step farther and use SSS)
can lose seeds and still recover funds
you do not need to rely on potentially biased entropy or hacked software giving you a compromised seed as you can generate multiple seeds independently of each other using different methods/devices.
can genuinely make it impossible for a wrench attacker to succeed by geographically diversifying your storage
lastly, regarding, "I think manipulating seed words is risky"
|
|
hey @ChristopherA if i can also critique, your Single-Sig backup recommendation from your Smart-Custody whitepaper : Home Safe.................. Words #1-16 technical...
strategic...
my seed-splitting set-up (CWAP) : by separating 12 & 12 avoids brute-force theft... thanks! |
One thing I believe that we are under-thinking for multisig for regular people is that backup is significantly harder than it is for single signature. To backup a single key, you can't put just 12 or 24 words on titanium in a vault (as I recommend in the free #SmartCustody book, you also have to store all the other pubkeys.
Best I've been able to puzzle through something that offers similar fire-proofness and resilience but it that means another BIP39-like system that would put 36 words on titanium for 2of3 to 56 words (3 of 5). This is doable on 2 to 4 typical plates. But OUCH.
The 2nd alternative suggested by Peter Denton @Fonta1n3 was that one QR code (with a privatekeyless wallet descriptor) be printed on paper for every key. Some people don't like printing any kind of key, but there is less risk as these are only public keys. The idea being that you are unlikely to have every paper burn if you keep keys in multiple locations.
Currently Blockchain Commons has a 2nd iOS app called QR Vault, that captures a QR code which locks it to the iOS keychain securing it both the biometric and 2FA (Sign in Apple). Right now the FullyNoded2 app would save as QR one private key in the descriptor with all the other public keys. So for a 2 of 3 you'd need 3 iOS devices. You'd could have an iPod Touch or another iPhone on each, and ideally each are on a different Apple account, so this is less than ideal (though very easy for users.) Also, there is the inevitable bitrot that happens to computer equipment
Any ideas I'm missing?
-- Christopher Allen
The text was updated successfully, but these errors were encountered: