Nunchuk Honey badger: Assisted Multisig+ Inheritance Planning with NO KYC
https://v.nostr.build/XA3W.mp4
Full tutorial:
https://youtu.be/kizqvBY4zPE?si=aQGNjzYPE-o69iwF
Subscribe and never miss a tutorial!
Discussion
Something is bothering me and doesn’t get any public attention AFAIK. Since you are sponsored by both Nunchuk and Coinkite and particularly after the announcement that was made on 1 March regarding a partnership between Nunchuk and Coinkite (https://nunchuk.io/blog/nunchuk-coinkite) I am curious to hear your thoughts. I’ve watched your video on the Nunchuk Honey Badger plan and from what I understand is that Nunchuk has 1 of the 4 private keys (Platform Key) and an encrypted version of the Inheritance Key being a TAPSIGNER. This encrypted version could be decrypted with the code on the back of the TAPSIGNER and would Nunchuk get a hand on this, they would have a sufficient number of keys (2-out-of-4) to spend your funds. Given the partnership between Nunchuk and Coinkite which imho represents very close ties between the two, wouldn’t this Honey Badger setup be subject to rugpull risk? Coinkite could have stored all the Backup Passwords - no way to verify this at all - on the back of all the TAPSIGNERs they have produced/are going to produce and it would require Nunchuk only to get a list of all these Backup Passwords to be able to bruteforce the TAPSIGNER/Inheritance Key, meaning they could sweep your funds. Really curious on your thoughts. Thank you and keep up all the great work you are doing! 🤠
I‘m curious about this too.
- the inheritance key: Nunchuk says it’s a 2-of-4 setup. But if the conditions for claiming the inheritance are met, isn’t it effectively a 1-of-4?
Because they also mention that „all funds“ can only be moved if 2 of your own keys are used (the platform key should only be able to co-sign to the configured amount).
So, I suspect that the inheritance key has also the sole signing rights if time-restricted conditions are met?
What am I missing here?
Can the inheritance setup be restored in e.g. Sparrow as well?
- platform key: where exactly does the primary key reside? It must be a software key. But is this key also synchronized to the cloud and available on the desktop app or does it reside only in the mobile app? And how do I know, it does not internally have the majority of/sole signing rights. Given that the co-signing amount is configurable and is denominated in $ and not sats, this is still a little confusing to me and I haven’t figured out how that could be implemented without custom logic on their servers (I.e. in a trustless way) and restored on e.g. Sparrow.