I often hear the argument to use different manufacturers to eliminate vendor risk
However, I also understand that you cannot send payments from multisig without additional metadata (public keys of EVERY signator)
So, is there still an attack vector from a compromised chipset?
You transfer the PSBT (partially signed Bitcoin transaction) via QR codes. A compromised chipset in 1 device might try to change your payment to a Bitcoin address that doesn't belong to you. When you transfer the PSBT to another computer (which could have an OS that is only ever temporary or otherwise never connects to the internet as to ensure we don't have a virus) we can check the information of the PSBT to verify nothing was changed.
After we verify the information is correct, we can sign and transfer to the next device for broadcast.
Now, something people don't talk about that much is printed circuit boards. https://kitspace.org/boards/github.com/neotron-compute/neotron-32-hardware/
These boards are so simple, you can visually verify all the circuitry is correct. The downside is that it doesn't have a secure element like the cold card does.
Anyway, that's all very nerdy stuff. The simple solution obviously is to just use a cold card and multi-sig with people you trust but who don't know each other (if necessary at all)
reply
However, I also understand that you cannot send payments from multisig without additional metadata (public keys of EVERY signator)
So, is there still an attack vector from a compromised chipset?
I don't understand what one has to do with the other. can you elaborate on what you're asking?
reply
In my mind, they're actually talking about a point that is often overlooked by cold storage fans. If you upgrade your firmware without taking a hash of it or verifying the signatures (standard practice I know, but it never gets mentioned in the cold storage discussion so that makes me think some people didn't receive that memo) your firmware could be infected and your upgrade could be the method for virus transmission to your otherwise cold device that can from that point on attach instructions to PSBT files to get data from one infected computer to another or any other air gap communication method.
Literally all I'm saying is verify your shit and you should be good. I am NOT saying cold storage or air gaps are bad do not get it twisted.
reply
To elaborate - presuming:
  • Your device is air-gapped
  • The only method of communication is the PSBT file
  • You verify the receive address is correct after the first signature
Does that mean that multi-sig is actually safe EVEN if your devices (manufacturer or firmware update) are rogue?
If so that's pretty awesome and a big checkmark for multisig.
reply
Well to be clear, we're talking in the realm of an advanced persistent threat. You wouldn't get this from run of the mill viruses.
If you infected every single device in your multi-sig setup, an attacker over time could gather what software you use to sign your PSBT, grab every key in the multi-sig and get the data out very slowly via attaching extra data to the PSBT files, recompile the software you're using to broadcast with a malicious version and uninstall the genuine version, do the same with all your other devices (not that it would matter because they've gathered all the keys at this point) and the recompiled malicious version could lie to you about what the receiving address is.
However, 2 things to note.
  1. If you use single sig and you verify the signatures/hash of your firmware before installing it on your air gapped and cold device, this has no chance of happening
a. (also assuming it didn't get infected when it was delivered)
b. (Also assuming your physical security is good and your device isn't stolen and replaced with a bad device)
  1. If even 1 of the number of devices you need to spend which you're bringing your PSBT to in order to sign is not infected/not a recompiled malicious version of your signing software, it will show the real address you're signing for. This would alert you to the fact that you've been attacked and that you need to wipe and reload your entire setup
a. (Assuming a different set of number of devices needed to spend but which you might not be using to sign didn't leak their keys which would allow the attacker to spend)
Again, to be clear, this is like the NSA is trying to steal your Bitcoin level of paranoid lmao.
reply