Nostr Web Client

#asknostr, is a 2-of-2 multi-sig wallet when 1 of the seeds has been compromised any less secure than a single-sig wallet? I'm pretty sure the answer is 'no', but am I missing something?

Let me elaborate a little more:

Most people will be familiar with a single-sig setup on a mobile wallet that uses an external hardware device to sign transactions. In this setup, the seed is on the hardware wallet, and you would have backup(s) of the seed stamped onto steel, or written on paper; stored in a safe, or whatever you feel works best for you.

I'm wondering if it would make sense to just turn this setup into a 2-of-2 multi-sig simply by adding a 'hot' key seed in the mobile wallet. Then, put copies of this 2nd 'hot' seed anywhere you can to make sure it's virtually impossible to lose. Heck, even store it on the blockchain if you have to (sorry for the arbitrary data 😉). Even if everyone knows the 2nd 'hot' key, it's still no less secure than a single-sig setup. Also, since you really only have to keep track of and guard the other key (which you would have to for single-sig setup anyway), the extra effort is negligible.

It seems to me one of the downsides of storing a backup of a single-sig seed is if someone happens to stumble across that 1 item (for whatever reaseon), they could easily take your funds. At least with this 2-of-2 setup, there's a very good likelihood they wouldn't even be aware that there is a 2nd key involved to even go looking for it.

I hope I've explained my thinking well enough. Again, am I missing something here?

*PLEASE NOTE: I'm well aware of passphrases, and that a conventional 2-of-3 mult-sig, etc. scattered geographically/jurisdictionally would be much better. I'm just curious if my proposed 2-of-2 setup would be at least marginally better (and absolutely no less secure) than a single-sig. I'm trying to come up with an easy noob setup that I feel comfortable recommending for smallish amounts; and, I've never liked the idea of being outright screwed if someone happens to stumble across the backup of your single-sig seed.

Reply to this note

Please Login to reply.

Discussion

Peter McCormark 7mo ago

However, it is also important to note that a 2-of-2 setup requires both parties to carefully manage and secure their respective private keys, as losing or exposing one of the keys could lead to unauthorized access to the wallet. A single-sig setup, while simpler, only requires the user to manage a single private key. The simplicity comes with a trade-off of increased risk of key loss or theft.

Ultimately, the most secure solution would be a 2-of-3 setup, as you mentioned, as it offers increased resiliency in the event a key is compromised.

Peter McCormark 7mo ago

#asknostr

Judge Hardcase 7mo ago

Thank you for the response. One correction though: unauthorized access to a 2-of-2 wallet would require exposing BOTH keys; not just one.

The point of my proposed setup is the user would really still only have to keep secure a single private key. As for the 2nd key, just assume it's exposed. You just have to make sure not to lose it (so put multiple copies in multiple wallets, in multiple cloud storages, in the blockchain, etc - pretty much anywhere except for right next to a backup of the 1st key)

db 7mo ago

This is a great question that I don’t know the answer to. If someone was to happen upon a set of seed words, I wouldn’t think that they would be able to know that they were associated with a multisig setup but I don’t know for sure.

Judge Hardcase 7mo ago

That's a good line of thinking. I'm pretty sure the best they could do is generate xpubs for potential derivation paths for that set of seed words; then, if they also happened across a multi-sig wallet descriptor backup that contained a matching xpub as one of its keys, they could then conclude that the set of seed words was indeed used as part of that particular multi-sig wallet

BTW, since a 2-of-2 would absolutely require both keys (by a single user in this case) to be useful, there wouldn't be as much reason to save a wallet descriptor backup (that someone else might happen upon) as you probably would/should for a 2-of-3, etc,

db 7mo ago

Sounds legit to me. There would be advantages to this over just a single sig. Even if the one set of words wasn’t as secure,like you mentioned, distributed among multiple places(easy to access and not lose) the other key could be secured as one would do as a typical single sig. This setup could have advantages over a single sig setup but not as robust as a 2 of 3. Food for thought anyways, brain food.

Judge Hardcase 7mo ago

It also occurred to me that you could easily have many 2-of-2 wallets - all with same same secure seed combined with a different 'insecure' seed.

Though, I believe this would allow for block analysis that could link outputs to addresses of different 2-of-2 wallets that were reusing the same signing address from the the secure seed - but, I'm really starting to getting beyond my knowledge here.

db 7mo ago

nostr:npub1hqva2radggqltaj8n7vqpj9pkddc7lf6cmsuchm3dp4kr52syeqsrap4sd any insights here?

modulo 7mo ago

Single sig with a strong passphrase could be constructed to be like a 2-of-2 without a passphrase, secrecy speaking.

That’s the simple take. There are many other considerations for 2-of-2 to take into account, like opsec, evil maids, etc.

db 7mo ago

So for arguments sake, hypothetically, if you had a 2 of 2 and one seed was compromised, would your ₿ stack be more in danger than if you just had a single sig setup?

Also if you had a single sig w/ passphrase and your passphrase was compromised, would that impact the security of your ₿ stack?

modulo 7mo ago

All things equal and no other risks taken into account in the hypothetical, no.