10 sats \ 5 replies \ @Max_Maxi 23 Mar \ on: I'm Hugo Nguyen. AMA! bitcoin
@hugohanoi Question about security.
I understand with Honey Badger that Nunchuk keeps 1 of 3 keys. But at time of inheritance, with proper authentication, you will unencrypted/unlock the Tapsigner Inheritance key, which you also hold, as well.
It seems that at that time (but only at that time), you will possess two keys, which essentially gives Nunchuk complete control over the multisig wallet and it’s funds (as you will then have 2 keys in a 2 of 4 set up).
So to be clear, at that time, there is at least some counterparty risk, and trust required, that you/Nunchuk will dutifully fulfill your obligation and transfer the funds to the Inheritor, as at that time your are in control. Is that correct?
If so, anything one can do to mitigate that risk, or is that just something that a user of your service would need to be comfortable with?
I like the overall elegance of your solution, but want to be crystal clear on any risks that might exist. Thanks for responding!
The decryption process happens entirely locally on the claimant's device. At no point in time Nunchuk possesses two keys.
reply
Got it.
So it’s the Claimant unlocking their Tapigner locally, signing a PSBT, then Nunchuk adding its key to comprise the 2 of 3 for transfer of fund and initiate the send?
Essentially the same process as if you signed a “normal” with your recovery key, along with one signature from your client from one of their keys, to make a transfer.
This makes sense.
Thanks for the transparency and education about your product Hugo!
reply
@hugohanoi Are you able to provide a bit more info here?
When Claimant puts in Magic Words and Backup Password from Tapsigner to unlock, and does this in the Nunchuk app, how does this not potentially give Nunchuk access to this key and your key (giving you 2 of 3)?
Just want to be completely clear on this and appreciate your time.
reply
You got it mostly correct the first time.
So it’s the Claimant unlocking their Tapigner locally, signing a PSBT, then Nunchuk adding its key to comprise the 2 of 3 for transfer of fund and initiate the send?
- Encrypted file downloaded onto Beneficiary's device
- Decryption happens locally
- Recovered Tapsigner's private key now is in Beneficiary's device
- Beneficiary selects a withdrawal address
- Sweep transaction is created
- Beneficiary signs the sweep transaction with the recovered Tapsigner key
- Platform Key co-signs the sweep transaction
- Sweep transaction is broadcast
You can test this flow out on testnet for free by the way.