Why I am using Multisig over Singlesig \ stacker news ~bitcoin

pull down to refresh

1926 sats \ 16 comments \ @79c9095526 24 Dec bitcoin

I've read quite a few of the threads on SN around this topic and while many seem to favor singlesig I still can see some benefits of multisig that may make it worthwhile. The main benefits to me revolve around mitigating software/firmware/hardware bugs, an upstream supply chain attack, or a bad random-number generator.

If I were to use a single sig electrum wallet or one HWW, any of those issues I mentioned could be devastating. Those issues may already exist in particular hardware/software or may not have been discovered yet. But if I use a 2/3 setup, an attacker would need two of my HWW to have an issue and exploit them together to move funds. That seems like a substantial upgrade in security.

Everything is trade-offs of course and I love the simplicity of single sig, but I find it hard to put all my faith in one HWW (even a coldcard) and hope that it was not tampered with on the way to me or could not have a malicious firmware update in the future...

I think Michael Flaxman made a pretty good argument here: https://btcguide.github.io/why-multisig

he explains in much more detail in this podcast episode: https://stephanlivera.com/episode/97/

view all related items

91 sats \ 4 replies \ @hugomofn 25 Dec

Multisig is great, and UX is quickly improving!

Checkout Taproot-based multisig wallets, which we just launched a few hours ago on Nunchuk (currently a beta feature): https://nunchuk.io/blog/taproot-multisig

It leverages Schnorr signatures and MuSig2 protocol to enhance privacy (i.e. Taproot multisig transactions look indistinguishable from singlesig transactions on-chain) and lower transaction fees.

X thread: https://x.com/nunchuk_io/status/1871632189752008780

0 sats \ 2 replies \ @79c9095526 OP 21h

Thanks for sharing this. For someone who has an older multisig setup (not Taproot based), do you think it is worth migrating to a newer Taproot based wallet?

0 sats \ 0 replies \ @hugomofn 20h

You're welcome!

It's still very early days (this is a beta release), plus the rest of the ecosystem hasn't added support for Taproot yet. In terms of hardware signing devices, only Ledger and Coinkite currently have experimental firmware for Taproot. So I'd say give it some time to mature. If you want to try it out, put a very small amount of fund in it.

0 sats \ 0 replies \ @OT 20h

I'd wait a while to see how it plays out. Only very few wallets support taproot multisig so its pretty early.

I like the privacy improvements, but I also need to research more on all the other tradeoffs.

0 sats \ 0 replies \ @nitter 25 Dec bot

https://xcancel.com/nunchuk_io/status/1871632189752008780

10 sats \ 0 replies \ @we_can_supply_you 24 Dec

If you are storing any significant amount of BTC, you really need to be using multi-sig. Even if you hold all the parts, it's still going to provide more security, at the cost of convenience, than a single-sig. Multi-sig can also help prepare you against things like natural disaster, your own death (for passing on to heirs), etc.

You can't reasonably store a backup of you single-sig anywhere with any party without completely trusting that party. You can reasonably store a part of a multi-sig with another party without needing to trust them completely or really even at all.

Likewise, if you're the "bury your Bitcoin seed in the woods" type, if somebody finds your stash? They found your bitcoin. If they found 1/3rd of your stash? Good luck finding the rest.

10 sats \ 0 replies \ @96c0b276a3 25 Dec

Eliminate single points-of-failure, test redundancies.

10 sats \ 0 replies \ @Aardvark 24 Dec

I don't have a ton of bitcoin but enough that I'd be pretty upset if I lost it all. I'm in the process of switching to multisig myself.

0 sats \ 0 replies \ @Miranda 25 Dec

Multisig wallets offer a number of advantages that make them attractive for a variety of scenarios, some of which are listed below:

Increased security: By requiring authorization from multiple parties, the risk of theft or loss of funds is significantly reduced. Shared management: Ideal for teams, organizations or families wishing to manage funds jointly. Error prevention: The need for multiple signatures reduces the possibility of human error in transactions. I consider a multisig wallet to be a powerful tool for those seeking greater security and control in their cryptocurrency transactions. Its ability to require approval from multiple parties offers an additional layer of protection and flexibility.

0 sats \ 6 replies \ @joda 24 Dec

Air-gapped hardware wallet with a passphrase mitigates all attack vectors you mentioned.

5 sats \ 4 replies \ @79c9095526 OP 24 Dec

So lets imagine your device has malicious firmware (either malicious from HWW devs or from supply chain attack or evil maid). It has been modified so all spends go to an address they control despite the display on HWW shows that it will be directed to the address you provided.

How does the fact that it is air gapped prevent this?

1010 sats \ 3 replies \ @joda 24 Dec

Because you don't broadcast a transaction from a hardware signing device.

You take the signed transaction and just look at it on any computer and you'll see the addresses. If it's not one you control, don't broadcast and stop trusting that particular signing device.

You should always check your transaction before broadcasting anyway, even if you're using multisig.

No offense intended at all, but if you don't know this already, you may be more likely to make a mistake with your multisig setup. Please make sure you understand the risks and best practices.

By far the biggest causes of lost funds are user error and scams. I understand completely the desire to be as cautious as possible, and multisig has uses, but I think you might be overestimating the threat of malicious hardware signing devices.

0 sats \ 0 replies \ @79c9095526 OP 19h

Perhaps the malicious firmware and/or supply chain attack is more relevant given what you said.

So for example, you use a single sig HWW and it has malicious firmware (either malicious firmware directly from manufacturer, supply chain attack or malicious update). You set up the wallet with a passphrase. However, due to the malicious firmware, it does not 'respect' the passphrase randomness when generating the seed so private keys are known to the attacker.

You have no idea about this and therefore you use the receive addresses shown on both your HWW and computer screen to sweep your life savings or to receive payments, etc...

At some point down the line, attacker sweeps the wallet because they always knew the private keys.

I know there are ways to verify your seed creation using 3rd party software. So for example, do your 100 dice rolls and input into cold card and using another method, and now compare the seed words that are generated to ensure that a pre-determined seed wasn't given to you by the cold card. I just assume 99% of users wouldn't do this.

0 sats \ 0 replies \ @79c9095526 OP 21h

That is a fair point about double checking the send address on the computer screen. It was beat into me early in my bitcoin journey to never trust the computer screen though and instead to trust what the airgapped HWW screen shows instead. But your point is still fair, if my coldcard said it is sending to address 123 and my computer screen Sparrow says its sending to address 456, I should know there is an issue of some kind before sending. So a malicious send would have to involve both sparrow and coldcard being compromised (or a user not double checking the send address in both places)

0 sats \ 0 replies \ @028559d218 25 Dec

The issue is with verifying 'which addresses' belong to that 'wallet' (really a keyring).

And it is not a great idea... to trust a computer screen. Of course you will need to trust a screen of course. But by storing the keys offline and air-gapping a HW wallet the safety goes up immensely.

Multi-sig just improves on that for certain situations, where you have 2 independent, separately manufactured devices sign 2 different keys. If both devices don't agree on exactly what they are signing... the transaction will not go through. This is even improved when the signing devices/keys are geographically separated.

0 sats \ 0 replies \ @denlillaapan 24 Dec

Wrench attack/bad cleaning lady?