public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Hugo Nguyen <hugo@nunchuk.io>
To: Pavol Rusnak <stick@satoshilabs.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Proposal: Bitcoin Secure Multisig Setup
Date: Thu, 11 Feb 2021 05:45:33 -0800	[thread overview]
Message-ID: <CAPKmR9vg1BMDQWNDk41N4i4cJ8J6K9GuqSpstFpMFwyiVBYw-w@mail.gmail.com> (raw)
In-Reply-To: <CAF90AvkeG53o5H2dZsdsG_c4PxxooMgx-Fv47RWpNNwm_su-hg@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 3169 bytes --]

Hi Pavol,

On Thu, Feb 11, 2021 at 5:25 AM Pavol Rusnak <stick@satoshilabs.com> wrote:

> > ENCRYPTION_KEY = SHA256(SHA256(TOKEN))
>
> This scheme might be vulnerable to rainbow table attack.
>

Thank you for pointing this out! Incidentally, Dmitry Petukhov also told me
the same privately.


>
> The following scheme might be more secure:
>
> DESCRIPTION = ASCII description provided by user
> NONCE = 256-bit random number
> ENCRYPTION_KEY = hmac-sha256(key=NONCE, msg=DESCRIPTION)
>
> Coordinator distributes DESCRIPTION (fka TOKEN) together with NONCE to
> the signers.
>

This does seem to add a lot more entropy. The challenge is to balance the
security requirement with UX. In the absence of some handshake protocol to
exchange the shared secrets (DESCRIPTION / NONCE) , the user will have to
enter these manually on the devices. I'll think about this some more.


>
> Also, is there any reason why you'd want to disable encryption? Why not
> keep that as mandatory?
>

Making it mandatory would be nice, but IMHO not all use cases might require
encryption. For example, if you are setting up the multisig locally under a
safe environment you control, encryption might be an overkill.

Best,
Hugo



>
>
> On Tue, 9 Feb 2021 at 12:39, Hugo Nguyen via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>>
>>
>> On Tue, Feb 9, 2021 at 2:19 AM Christopher Allen <
>> ChristopherA@lifewithalacrity.com> wrote:
>>
>>>
>>>
>>> On Tue, Feb 9, 2021 at 2:06 AM Hugo Nguyen <hugo@nunchuk.io> wrote:
>>>
>>>>
>>>> I don't think reusing XPUBs inside different multisig wallets is a good
>>>> idea... For starters, loss of privacy in one wallet will immediately affect
>>>> privacy of other wallets. I think multisig wallets should be completely
>>>> firewalled from each other. That means one unique XPUB per wallet. This is
>>>> what we have been doing with the Nunchuk wallet.
>>>>
>>>
>>> To be clear, I have stated repeatedly that xpub reuse into multisig is a
>>> poor practice. However, finding a trustless solution when a wallet is
>>> airgapped with no network, or is stateless like Trezor, is quite hard.
>>>
>>> The challenge also includes how does an airgapped or stateless wallet
>>> know that it is talking to the same process on the other side that that it
>>> gave the xpub to in the first place. Without state to allow for a
>>> commitment, or at least a TOFU, a cosigner who thought he was part of a 3
>>> of 5 could discover that he instead is in a 2 of 3, or in a script with an
>>> OR, as some form of scam.
>>>
>>
>> The shared secret approach that I mentioned in the proposal actually can
>> help you here. The TOKEN doubles as a session ID - thereby establishing a
>> common state on both sides.
>>
>> Best,
>> Hugo
>>
>>
>>>
>>> — Christopher Allen
>>>
>>>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>
>
> --
> Best Regards / S pozdravom,
>
> Pavol "stick" Rusnak
> CTO, SatoshiLabs
>
>

[-- Attachment #2: Type: text/html, Size: 6239 bytes --]

  reply	other threads:[~2021-02-11 13:45 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-08 23:14 [bitcoin-dev] Proposal: Bitcoin Secure Multisig Setup Hugo Nguyen
2021-02-09  9:33 ` Craig Raw
     [not found] ` <CAPR5oBNWGLcnw97yPJBCgrj=EwoNdxz_RS9HM6EMpuX2-90JnQ@mail.gmail.com>
2021-02-09  9:45   ` Hugo Nguyen
     [not found] ` <CACrqygA1JRA293joYOxxpSepiuFD=uVvQQy3wpuosYyLQHff-A@mail.gmail.com>
2021-02-09  9:38   ` Christopher Allen
2021-02-09 10:05   ` Hugo Nguyen
     [not found]     ` <CACrqygDhuateDtJMBSWd9sGRu1yzrZBw2yZ75OyKD1Xmzix3Cw@mail.gmail.com>
2021-02-09 10:58       ` Hugo Nguyen
2021-02-11 13:25         ` Pavol Rusnak
2021-02-11 13:45           ` Hugo Nguyen [this message]
2021-02-11 16:29             ` Dmitry Petukhov
2021-02-11 19:11               ` Hugo Nguyen
2021-02-11 19:11                 ` Hugo Nguyen
2021-02-11 22:29                   ` Christopher Allen
2021-02-12 12:31                     ` Hugo Nguyen
2021-02-12 13:48                     ` Peter D. Gray
2021-02-12 16:55               ` Hugo Nguyen
2021-02-12 17:42                 ` Dmitry Petukhov
2021-02-12 17:48                   ` Dmitry Petukhov
2021-02-12 17:54                   ` Hugo Nguyen
2021-02-14 10:37                     ` Dmitry Petukhov
2021-02-14 11:28                       ` Dmitry Petukhov
2021-02-15  8:44 ` Hugo Nguyen
2021-02-15 13:53   ` Craig Raw
2021-02-15 14:19     ` Hugo Nguyen
2021-02-15 16:45       ` Hugo Nguyen
2021-04-05  7:02 ` Hugo Nguyen
2021-04-09 12:07   ` Sjors Provoost
2021-04-09 14:09     ` Hugo Nguyen
2021-04-09 14:54     ` Hugo Nguyen
2021-04-09 15:33       ` Sjors Provoost
2021-04-10 19:32         ` Robert Spigler
2021-04-11  2:34   ` Michael.flaxman
2021-04-11 16:45     ` Hugo Nguyen
2021-04-12 15:03       ` Salvatore Ingala
2021-04-12 17:55         ` Hugo Nguyen
2021-04-12 18:45         ` Christopher Allen
2021-04-12 20:43           ` Robert Spigler
2021-04-10 13:53 ` Erik Aronesty

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAPKmR9vg1BMDQWNDk41N4i4cJ8J6K9GuqSpstFpMFwyiVBYw-w@mail.gmail.com \
    --to=hugo@nunchuk.io \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=stick@satoshilabs.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox