Can we make 2-of-3 Multisigs a better user experience? \ stacker news ~bitcoin

Can we make 2-of-3 Multisigs a better user experience?

1667 sats \ 23 comments \ @josh 15 Jan bitcoin

In a single sig wallet, it's sufficient simply to know the 12 or 24 word seed phrase to recover the funds. This makes for a really nice user experience, since it's relatively easy to write them down on paper.

I thought that a 2-of-3 multisig was similarly simple, but it turns out that's not the case. Intuitively, as a user, I should only need 2 of the 3 seed phrases to recover any funds, but in reality, at least on Blue Wallet, you also need a "backup coordination file," which consists of all 3 public keys, the derivation path, and the script format. Without it, your funds are lost if you lose one of the 3 seeds.

This isn't a great user experience, especially if you're trying to explain a multisig vault to one of your grandparents. Writing seed phrases down on paper is easy for most people to understand, but having to download a bespoke file and securely save it on a thumbdrive makes everything more complicated, and frankly unintuitive. This inevitably scares people off, I fear, from what is otherwise a great way to make people more comfortable with cold storage.

Keeping the backup file on a third party provider, like Unchained, isn't really a solution, because at the end of the day, Unchained still recommends that you backup the data yourself, which is confusing and somewhat cumbersome.

The only long-term robust solution I think is for the backup file to be stored onchain, ideally in an encrypted fashion such that you only need 2 of the 3 private keys to recover the data. This could be done relatively cheaply in witness data, like a taproot inscription, and it would mean that the average user only ever needs to worry about maintaining access to 2 of the 3 seeds. In the event the multisig vault needs to be recovered, the user only needs to provide 2 seeds, and perhaps a date range of when the vault was created, and software can scan the relevant witness data and recover the file.

Do you think a scheme like this could work? Curious if others find this to be a relevant problem.

view all related items

44 sats \ 1 reply \ @BTCExecutor 15 Jan

Yes, this is a very relevant problem. Especially for inheritance.

0 sats \ 0 replies \ @030a29f333 16 Jan

Have you checked out Nunchuk? Don't use their inheritance program myself but it looks pretty interesting. Need more stuff like this to be accessible to people.

https://nunchuk.io/inheritance

13 sats \ 0 replies \ @OriginalSize 15 Jan

None of these files are very big so I think the backup coordination file should be saved with every seed. Since you need a redeem script plus signatures to spend the coin, I can't imagine they'd recommend anything less. If you're setting up multisig, you definitely want to test and know these details before funding. I agree it's complicated but if you're storing that much it's well worth it to understand.

10 sats \ 0 replies \ @lunanto 16 Jan

User experience is one of the big challenges of the Bitcoin community mostly a decade ago when you had to be tech savvy to fully understand and use the protocol, till today most features of the said protocol are still hard to circumnavigate

4 sats \ 9 replies \ @BlueSlime 16 Jan

You don't really need to store the derivation path or the script if both follow a well known convention.

You also don't need to remember or inscribe the pubkeys if you do a multisig in the output script. Segwit is optional.

100 sats \ 8 replies \ @josh OP 16 Jan

True. But the user experience for moving funds directly to a multisig in an output script is quite poor today. The entire industry is setup to move funds to addresses.

The user experience for my grandmother should be as seamless as possible. If she wants to move funds to and from Coinbase, she should be able to do that directly. To use a multisig output, she would need to type in an address on Coinbase, moving funds to a personal single sig, then make a transaction moving funds to a multisig output script.

0 sats \ 0 replies \ @BlueSlime 16 Jan

I am not familiar with the coinbase wallet. Do they allow sending coins to a legacy address?

A multisig output script encoded in base58chk is essentially the address.

0 sats \ 6 replies \ @supertestnet 16 Jan freebie

"move to X then Y" doesn't sound like a dealbreaker for any reasonable person

Is your grandmother unreasonable?

If so, consider talking some sense into her

0 sats \ 0 replies \ @supertestnet 16 Jan

it would mean that the average user only ever needs to worry about maintaining access to 2 of the 3 seeds

Don't forget, he also needs access to the witness data

don't expect others to store that for you

0 sats \ 2 replies \ @gbks 16 Jan

The info in the coordination file is not really that sensitive, so you could just offer a print option, or a template to fill in relevant info. We have print templates for recovery phrases here, and could easily add ones for multi-sigs.

0 sats \ 1 reply \ @Bitcoiner1 16 Jan

I just saw your templates and I noticed that you are giving the option to write the seed and the passphrase in the same paper.

Is it a safe practice to do so?

IMO the passphrase have to be safe in other place, far away from the seed.

0 sats \ 0 replies \ @gbks 16 Jan

Thanks for bringing that up. There is a separate template in the same Figma file just for the passphrase further on the right. I don't think that's pushed to the public Figma community file yet, I'll take a look at that tomorrow.

0 sats \ 4 replies \ @xz 16 Jan freebie

The only long-term robust solution I think is for the backup file to be stored onchain

I don't see why it would be beneficial. That's not to say it couldn't work, just think it doesn't gel well personally. Could you say more about it? Not sure I follow.

I think this is more to do with mindset and usage. If you think about the last fifty or so years we've gone from completely analogue to almost the opposite. Ease-of-use is important but it's dangerous to use ones that are easily used.

Just as in the analogue world we safely guard property with keys, physical storage, passwords, cameras and security personnel, we need to re-learn that. That would need reassessing trust in protocols and standards to find which are the best fits for our individual needs.

I feel multisig works well when I've tested it. What to do with 36 words? I don't think that's a massive difference from 12. But I take your point, ideally we'd like them memorized. I think there's a lot we can do there, maybe additionally to some of things you propose. Just think many choices are better fit for all.