195 sats \ 3 replies \ @rijndael 22 Nov 2022 \ on: Is it safe to multisig with the same hardware device / model? bitcoin
However, I also understand that you cannot send payments from multisig without additional metadata (public keys of EVERY signator)
So, is there still an attack vector from a compromised chipset?
I don't understand what one has to do with the other. can you elaborate on what you're asking?
write
preview
10 sats \ 2 replies \ @nerd2ninja 22 Nov 2022
In my mind, they're actually talking about a point that is often overlooked by cold storage fans. If you upgrade your firmware without taking a hash of it or verifying the signatures (standard practice I know, but it never gets mentioned in the cold storage discussion so that makes me think some people didn't receive that memo) your firmware could be infected and your upgrade could be the method for virus transmission to your otherwise cold device that can from that point on attach instructions to PSBT files to get data from one infected computer to another or any other air gap communication method.
Literally all I'm saying is verify your shit and you should be good. I am NOT saying cold storage or air gaps are bad do not get it twisted.
reply
0 sats \ 1 reply \ @ln123 OP 22 Nov 2022
To elaborate - presuming:
  • Your device is air-gapped
  • The only method of communication is the PSBT file
  • You verify the receive address is correct after the first signature
Does that mean that multi-sig is actually safe EVEN if your devices (manufacturer or firmware update) are rogue?
If so that's pretty awesome and a big checkmark for multisig.
reply
20 sats \ 0 replies \ @nerd2ninja 22 Nov 2022
Well to be clear, we're talking in the realm of an advanced persistent threat. You wouldn't get this from run of the mill viruses.
If you infected every single device in your multi-sig setup, an attacker over time could gather what software you use to sign your PSBT, grab every key in the multi-sig and get the data out very slowly via attaching extra data to the PSBT files, recompile the software you're using to broadcast with a malicious version and uninstall the genuine version, do the same with all your other devices (not that it would matter because they've gathered all the keys at this point) and the recompiled malicious version could lie to you about what the receiving address is.
However, 2 things to note.
  1. If you use single sig and you verify the signatures/hash of your firmware before installing it on your air gapped and cold device, this has no chance of happening
a. (also assuming it didn't get infected when it was delivered)
b. (Also assuming your physical security is good and your device isn't stolen and replaced with a bad device)
  1. If even 1 of the number of devices you need to spend which you're bringing your PSBT to in order to sign is not infected/not a recompiled malicious version of your signing software, it will show the real address you're signing for. This would alert you to the fact that you've been attacked and that you need to wipe and reload your entire setup
a. (Assuming a different set of number of devices needed to spend but which you might not be using to sign didn't leak their keys which would allow the attacker to spend)
Again, to be clear, this is like the NSA is trying to steal your Bitcoin level of paranoid lmao.
reply