I appreciate the quality of your content so much. I literally laughed while watching this one when you started setting up a 4/4 multisig. I thought "Geez, that's dangerous..." and I didn't even finish the thought before you stopped to explain exactly what I was thinking 6:16 ...good stuff. Seriously, awesome content sir. And speaking of awesome, I'm loving the Krux firmware update. I love the ability to save seeds to encrypted QRs. I'm so impressed by what the folks at Krux are doing.
Thanks :) Yea I was tempted to just do something like 1/4 and then sign the same transaction four times, but thought it was worth both demonstrating and commenting on something like 4/4... I have just seen far too many folks in places like Reddit advocating things like 2/2 and 3/3 and have spent enough time in the recovery side of things to see how often zero redundancy goes bad. The Krux update is really great and most folk probably don't appreciate what happened behind the scenes in terms of shifting to new dev lead, securely passing on firmware signing keys, etc.
Yea Electrum's UI has certainly become more confusing with all the lightning stuff and unfortunately they haven't really leveraged projects like HWI to create space to focus on the whole UX.
Electrum+Krux works fine, though the QR support is a bit lacking. Basically the workflow is that you need to go through the "preview" transaction screen (Which is the one that showed in the video when I loaded the transaction) and from there you need to click "Share" and either show the transaction as a QR code that you can scan or save it to a file. (This will create a PSBT file) I just tested with the transaction from the video and the QR code was large and didn't scan well with the Krux camera, but it loaded the PSBT file via MicroSD just fine. (The MicroSD hot swapping works nicely now in the latest Krux release) Once you have signed the transaction you will either get an animated QR code or you can save it back to the MicroSD and then use Electrum or Sparrow to open the signed PSBT for broadcast. So yea, a really long way of saying that the UX for Electrum could use some improvement ;)
Wonderful video! I'd love to get your feedback about Taproot. It seems that the Taproot upgrade that launched in November 2021 isn't fully ready for Multisig yet? I see in all these wallet softwares and signer devices that the latest Script Type available for setting up Multisig is Native Segwit (P2WSH) instead of Taproot (P2TR). Any idea why the wallets and the signers don't already have Taproot Multisig support? Taproot will lower spending fees and provide more privacy right?
Thanks :).Native Taproot multisig is still not ready for prime time, but once it arrives, can offer lower fees for Multisig wallets (Though not for single sig) and some increased privacy on-chain.
Thanks for the amazing video. One quick question,can I just provide single wallet's zpub (by default it is bip84, not bip48) from the hardware wallets to the sparrow and sign the transaction? That will not sync the wallets configs from sparrow to the hardware wallets. Will that work? Thanks in advance.
There are basically two questions here. Firstly, depending on the hardware device, you may be able to use an xpub non-standard derivation path to both create the wallet and sign transaction. (But some will block this and doing non-standard stuff is a bad idea) In terms of only importing the xpub into sparrow, the issue will be how you send the transaction to your hardware device to be signed.
Can you please let me know what the cosigner device/software you used to view your satochip transaction in electrum? Was it Satochips own modified electrum software?
Thank you for the video, very clear, If i want to move the funds from w multi sig wallet, and i have all the xpubs does it matter in which order i restore them in or if i put the first xpub created last, it will create a different address?
Thanks!! One question: Why do you classify the SeedSigner as "LOW" in terms of hardware security??? I thought SeedSigner (a la Specter DIY) was rather "very strong"!?!?
Firstly, Seedsigner and Specter DIY aren't even in the same category in terms of hardware security. (Specter DIY can have both a locked bootloader on the MCU, so same as something like Jade, and even secure element backed storage the same as Satochip if you have the smart card reader add-on) Seedsigner just uses a MicroSD card... I explained it in the video, but basically the Seedsigner has exactly zero protection against someone tampering with the physical hardware/software. (So you really want to reflash the MicroSD with a verified image right before using it) Being both air-gapped and DIY helps againt both supply chain and remote attacks, as well as enhancing privacy and decreasing trust in vendors, but it isn't a silver bullet, especially when building on top of the Raspberry Pi. (Which isn't a reason not to use it, just something to keep in mind)
Can we really trust this DIY devices specially the T DISPLAY for jade one ? Can I use it as my hardware wallet ? Or it just for testing ? Thank you for the super content, u the best 👌
That's right, basically the Jade I. That video was an ESP32 wrover dev board, but I could have also just used a TTGO T-display for all of it. Basically if you follow my previous video in DIY Jade devices it runs through how to both flash the firmware and secure the device.
Since the satochip doesn't verify the receive/change addresses of the multi sig setup, if an attacker peformed a swap attack (as you blind sign with the satochip), could you lose your funds? Or will you have to compromise the other multi vendor hw wallets at the same time to reach the amount of keys needed in order for that to happen?
Appreciate your input on this, I am very scared to move to multi sig pending this question. I have already verified the setup offline by checking the seeds/derivation pub / finger prints with the seeds, and will refer to this hardcopy every time I sign a transaction to ensure the setup is correct and wasn't changed initially by the coordinator software. However, the question really is: If one signer is compromised and an attacker tried to change the multisig setup, would the transaction still be valid or do they need to have all of the signers be swapped (which would be almost impossible with several different vendors like ColdCard, BitBox, Keystone, Passport, Seedsigner, Krux, Seedsigner, Jade, which all verify against the multi sig registration or descriptor that is loaded in the device.) Example: Say I have a 15 of 20 multi sig setup and 1 of the devices i use to sign is a ledger, that blind signs and doesn't verify the multi sig setup, and this ledger was compromised and was the victim of a swap attack, would my funds be stolen? The other 14 signers verified the receive./change add against the multi sig setup correctly and signed, the last signature of the 15 was the ledger that was swapped/attacked, what happens to the transaction? Does it still get broadcast and then returns invalid or would the coordinator software pick up on it? It would realise the ledger is signing for a different transaction?
A modified multisig wallet attack generally relies on the hardware not properly validation the change outputs, something that is as much of an issue with blind signers as with ones like a Trezor. Basically if you have at least one hardware device that has registered and stored the wallet (Like Jade, Bitbox, Coldcard, Keystone 2 BTC, even Ledger now) then including it in your signing workflow means that you are good to go.
The Amigo is still widely available and there is no indication on the Sipeed wiki that it has actually been discontinued. (Despite a few places being out of stock) That said, there are other k210 platforms that work fine already listed here github.com/selfcustody/krux/blob/main/docs/parts.en.md
I haven't built a Spectre-DIY device yet, as the cost doesn't seem to really justify it if you do it properly and include the smart card reader. (I'm actually toying with just doing the dev work to add the smartcards to SeedSigner, combine this with secure boot on RPi4 and basically get something that is functionality the same) That said, I will probably end just dropping the dollars, evaluating a few readily available smart card readers and building one over the next 12 months :) The one thing to note in terms of Spectre-DIY, Krux and SeedSigner is that all three are running embit under the hood, so are cousins of a sort.
"Best" depends on your requirements, but it certainly comes closest to a commercial hardware wallets in terms of having a locked bootloader, large screen, QR functionality and the ability to make use of Smart Cards for secure storage. The issue is that it hasn't really been well supported in terms documentation, current Bill of Materials or anything like that. It seems like it got sidetracked in trying to commercialise it through selling their own Shield that included all of the components, but has been out of stock for ages and I'm guessing is no longer a priority since they were acquired by Swan. The large touch screen is nice, there is no real point in building a Spectre-DIY unless you are also including the Smart Card reader. (Which I haven't found readily available parts for at a price that makes sense and trying to DIY a smart card interface directly onto the card isn't really workable for most folk)
@@CryptoGuide Stepan is a Russian astrophysicist and pretty much created specter DIY and the software for himself and then chose to open source it. He's now working on astrophysics and he also maintains the project however his intent wasn't very commercial, just this is the best way to create his open source hardware wallet where a user doesn't have to rely on any supply chain exploitation.
I understand all of that but unfortunately it doesn't seem to be well supported, especially since the Swan acquisition... Fortunately embit does continue to be well maintained, so ultimately that is a great open source resource that will improve as it is used by more projects.