What is your preferred way of checking that a cosigner can still sign a multi-sig transaction with you?
Discussion
Here's how I would like to confirm that my cosigners are competent.
Step 1: Prepare a Unique Message
📝 Prepare a unique and freshly generated message that you will provide to your cosigner.
Step 2: Specify Derivation Path
🔑 Define the derivation path for your cosigner.
Step 3: Request Cosigner's Cryptographic Signature
🔒 Share the message, the derivation path and the participating xpub with your cosigner and request a cryptographic signature from them.
Step 4: Cosigner's Action
🖋️ Your cosigner signs the message you provide, using a key derived from the xprv partner to their xpub.
Step 5: Calculate Public Key
🔍 Calculate the public key by applying the specified derivation path to their xpub.
Step 6: Verify Signature
🛡️ Verify the signature's validity using the derived public key.
Step 7: Establish Trust
🤝 If the signature is valid, you can trust that your cosigner maintains control of their key.
Example: Ensuring Secure Cosigning
🔐 Imagine you have a wallet descriptor listing this cosigner's xpub:
xpub6EDJac9G93fFKuJsXRfBwJ45APnGTg4VwqEHmaLTrfXy18QzMSRiRVxcTdKhhpKNPPdo6Ct3j9xte8ciuLYxHYdLvixXqpHpDg8x5JfNn4k
🗳️ You ask your cosigner to sign a message, "Forever, Laura.", using a key derived from their corresponding xprv with the path /0.
🔍 You calculate the public key: 039a23c735abd0610aaf89fe356a860b65545c571bdaece7a82260e5f207a77185.
💰 And from this, you obtain the Bitcoin address: 1LrH1NQb5HeXffFtpuXNkHZavyXjt57VFX.
🛡️ Your cosigner's wallet software (Sparrow, Nunchuk, Coldcard, SeedSigner, or others) derives the private key using the full path, e.g., m/48'/0'/0'/2'/0, and uses the resulting private key to return this signature:
IM9MYx4E94xyXFTDRPf5W4+RdOpw11b28jCq1yq4ctcoVXpGexSfrlC0KqYjay7erZ4PjX1mlFKpINzk2YqPGVU=
🔍 You verify this signature and gain reassurance that your cosigner is ready to stand by you.
🔗 Try it out and easily verify a signature at https://checkmsg.org/