0 sats \ 1 reply \ @ln123 OP 22 Nov 2022 \ parent \ on: Is it safe to multisig with the same hardware device / model? bitcoin
To elaborate - presuming:
  • Your device is air-gapped
  • The only method of communication is the PSBT file
  • You verify the receive address is correct after the first signature
Does that mean that multi-sig is actually safe EVEN if your devices (manufacturer or firmware update) are rogue?
If so that's pretty awesome and a big checkmark for multisig.
write
preview
20 sats \ 0 replies \ @nerd2ninja 22 Nov 2022
Well to be clear, we're talking in the realm of an advanced persistent threat. You wouldn't get this from run of the mill viruses.
If you infected every single device in your multi-sig setup, an attacker over time could gather what software you use to sign your PSBT, grab every key in the multi-sig and get the data out very slowly via attaching extra data to the PSBT files, recompile the software you're using to broadcast with a malicious version and uninstall the genuine version, do the same with all your other devices (not that it would matter because they've gathered all the keys at this point) and the recompiled malicious version could lie to you about what the receiving address is.
However, 2 things to note.
  1. If you use single sig and you verify the signatures/hash of your firmware before installing it on your air gapped and cold device, this has no chance of happening
a. (also assuming it didn't get infected when it was delivered)
b. (Also assuming your physical security is good and your device isn't stolen and replaced with a bad device)
  1. If even 1 of the number of devices you need to spend which you're bringing your PSBT to in order to sign is not infected/not a recompiled malicious version of your signing software, it will show the real address you're signing for. This would alert you to the fact that you've been attacked and that you need to wipe and reload your entire setup
a. (Assuming a different set of number of devices needed to spend but which you might not be using to sign didn't leak their keys which would allow the attacker to spend)
Again, to be clear, this is like the NSA is trying to steal your Bitcoin level of paranoid lmao.
reply