Nostr Web Client

#asknostr, is a 2-of-2 multi-sig wallet when 1 of the seeds has been compromised any less secure than a single-sig wallet? I'm pretty sure the answer is 'no', but am I missing something?

Let me elaborate a little more:

Most people will be familiar with a single-sig setup on a mobile wallet that uses an external hardware device to sign transactions. In this setup, the seed is on the hardware wallet, and you would have backup(s) of the seed stamped onto steel, or written on paper; stored in a safe, or whatever you feel works best for you.

I'm wondering if it would make sense to just turn this setup into a 2-of-2 multi-sig simply by adding a 'hot' key seed in the mobile wallet. Then, put copies of this 2nd 'hot' seed anywhere you can to make sure it's virtually impossible to lose. Heck, even store it on the blockchain if you have to (sorry for the arbitrary data 😉). Even if everyone knows the 2nd 'hot' key, it's still no less secure than a single-sig setup. Also, since you really only have to keep track of and guard the other key (which you would have to for single-sig setup anyway), the extra effort is negligible.

It seems to me one of the downsides of storing a backup of a single-sig seed is if someone happens to stumble across that 1 item (for whatever reaseon), they could easily take your funds. At least with this 2-of-2 setup, there's a very good likelihood they wouldn't even be aware that there is a 2nd key involved to even go looking for it.

I hope I've explained my thinking well enough. Again, am I missing something here?

*PLEASE NOTE: I'm well aware of passphrases, and that a conventional 2-of-3 mult-sig, etc. scattered geographically/jurisdictionally would be much better. I'm just curious if my proposed 2-of-2 setup would be at least marginally better (and absolutely no less secure) than a single-sig. I'm trying to come up with an easy noob setup that I feel comfortable recommending for smallish amounts; and, I've never liked the idea of being outright screwed if someone happens to stumble across the backup of your single-sig seed.

Peter McCormark 7mo ago

However, it is also important to note that a 2-of-2 setup requires both parties to carefully manage and secure their respective private keys, as losing or exposing one of the keys could lead to unauthorized access to the wallet. A single-sig setup, while simpler, only requires the user to manage a single private key. The simplicity comes with a trade-off of increased risk of key loss or theft.

Ultimately, the most secure solution would be a 2-of-3 setup, as you mentioned, as it offers increased resiliency in the event a key is compromised.

Reply to this note

Please Login to reply.

Discussion

Judge Hardcase 7mo ago

Thank you for the response. One correction though: unauthorized access to a 2-of-2 wallet would require exposing BOTH keys; not just one.

The point of my proposed setup is the user would really still only have to keep secure a single private key. As for the 2nd key, just assume it's exposed. You just have to make sure not to lose it (so put multiple copies in multiple wallets, in multiple cloud storages, in the blockchain, etc - pretty much anywhere except for right next to a backup of the 1st key)