Replying to Avatar David Pinkerton

What is your preferred way of checking that a cosigner can still sign a multi-sig transaction with you?
Avatar
David Pinkerton 2y ago

Here's how I would like to confirm that my cosigners are competent.

Step 1: Prepare a Unique Message

📝 Prepare a unique and freshly generated message that you will provide to your cosigner.

Step 2: Specify Derivation Path

🔑 Define the derivation path for your cosigner.

Step 3: Request Cosigner's Cryptographic Signature

🔒 Share the message, the derivation path and the participating xpub with your cosigner and request a cryptographic signature from them.

Step 4: Cosigner's Action

🖋️ Your cosigner signs the message you provide, using a key derived from the xprv partner to their xpub.

Step 5: Calculate Public Key

🔍 Calculate the public key by applying the specified derivation path to their xpub.

Step 6: Verify Signature

🛡️ Verify the signature's validity using the derived public key.

Step 7: Establish Trust

🤝 If the signature is valid, you can trust that your cosigner maintains control of their key.

Reply to this note

Please Login to reply.

Discussion

Avatar
David Pinkerton 2y ago

Example: Ensuring Secure Cosigning

🔐 Imagine you have a wallet descriptor listing this cosigner's xpub:

xpub6EDJac9G93fFKuJsXRfBwJ45APnGTg4VwqEHmaLTrfXy18QzMSRiRVxcTdKhhpKNPPdo6Ct3j9xte8ciuLYxHYdLvixXqpHpDg8x5JfNn4k

🗳️ You ask your cosigner to sign a message, "Forever, Laura.", using a key derived from their corresponding xprv with the path /0.

🔍 You calculate the public key: 039a23c735abd0610aaf89fe356a860b65545c571bdaece7a82260e5f207a77185.

💰 And from this, you obtain the Bitcoin address: 1LrH1NQb5HeXffFtpuXNkHZavyXjt57VFX.

🛡️ Your cosigner's wallet software (Sparrow, Nunchuk, Coldcard, SeedSigner, or others) derives the private key using the full path, e.g., m/48'/0'/0'/2'/0, and uses the resulting private key to return this signature:

IM9MYx4E94xyXFTDRPf5W4+RdOpw11b28jCq1yq4ctcoVXpGexSfrlC0KqYjay7erZ4PjX1mlFKpINzk2YqPGVU=

🔍 You verify this signature and gain reassurance that your cosigner is ready to stand by you.

🔗 Try it out and easily verify a signature at https://checkmsg.org/