Monday, June 22, 2020

HowTo: Create and Spend a Electrum Segwit 3of3 Multisig wallet with Trezors

I wrote a simlar post in r/Bitcoin about creating a MS wallet without a Trezor, this guide will focus on creating a 3of3 MS wallet with three Trezor's. Hopefully it should be obvious how to extend this to N-of-M for any value of N or M. You can also use this as a blueprint to do MS with non-HW Electrum wallets like Android.

The main advantage of multisig is that it reduces the risk of one compromised seed exposing all your funds. Although this is exceedingly complicated, the added layer of complications make it all the more difficult to compromise your funds. Most of the complexity is on the initial wallet setup. Sending is only a bit more complicated, and Receiving is the same as it would be for any electrum wallet.

We will be creating three wallets here, and each will use a Trezor with its own seed, passphrase, and public key (Zpub). If your just wanting to play with this process you could use one Trezor with three different passphrases. Electrum will treat this like three different wallets, since... well since it is. The Zpubs will be calculated by Electrum.

For all references to wallet passphrases or encryption passwords, I highly recommend you generate six-word passphrases. Three simple ways to construct a six-word passphrase would be to either use EFF diceware long wordlist to roll for 6 words, or create a short six-word BIP39 seed and use that as a passphrase, or create a random Electrum seed and use the last 6 words. You will need to take care that all six-word passphrases are equal or less than 50 characters. Longer passphrases can produce some unexpected results. Whenever you need to create a passphrase or password from here on out, create a six-word string as described above.

Assuming your have your Trezors initialized with passphrases enabled, our first order of business will be ensuring the authenticity of Electrum. For the PC's this must be done with PGP/GPG following the procedure spelled out on the Electrum website, or the secondary docs. It is absolutely critical that you are certain your using the correct ThomasV key. As of the time of this writing, the "correct" ThomasV key was:

ThomasV PGP: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

Once your Electrum install is validated, here is excruciating detail on creating and spending from a 3of3 multisig wallet. This assumes you have passphrases enabled on all your Trezors and that each has a unique name. For simplicity I will simply refer to their names at "trez-1", "trez-2", and "trez-3"

Three Wallet Creation passes

Do the following first for "trez-1", then for "trez-2" and finally for "trez-3". The order is VERY important:

  1. Wallet->New, name your wallet
  2. Then insert your Trezor ("trez-1", "trez-2", or "trez-3")
  3. Choose Multisig Wallet, then 3of3
  4. Choose Use a hardware device
  5. Select device
  6. Craft (and record) a new 6 word passphrase
  7. Choose Native Segwit derivation
  8. Record Zpub
  9. Unplug your Trezor ("trez-1", "trez-2", or "trez-3")
  10. Choose Add Cosigner Key
  11. Wait at "Add Cosigner 2" dialog

Distribute Zpubs to Finish Wallet Creation

When completing the setup for each wallet below you will be prompted for a wallet encryption password. I recommend you craft a unique six-word string as described above. If Electrum asks to reconnect to your HW wallet simply say "No". As before, the order is VERY important.

  1. Swap over to your trez-3 wallet
  2. Click "Enter Cosigner Key"
  3. Enter trez-1 Zpub
  4. Click "Enter Cosigner Key"
  5. Enter trez-2 Zpub
  6. Swap over to your trez-2 wallet
  7. Click "Enter Cosigner Key"
  8. Enter trez-3 Zpub
  9. Click "Enter Cosigner Key"
  10. Enter trez-1 Zpub
  11. Swap over to your trez-1 wallet
  12. Click "Enter Cosigner Key"
  13. Enter trez-2 Zpub
  14. Click "Enter Cosigner Key"
  15. Enter trez-3 Zpub

You can now close each wallet file.

You should now have recorded:

  • 3 Trezor mnemonic seeds
  • 3 Trezor six-word passphrases (less than 50 chars)
  • 3 Electrum Zpubs
  • 3 Wallet encryption "passwords" (six-word strings described above)

Keep the 12 secrets secure, separate and safe.

Receive funds into your 3of3 MS wallet

Receive just like any other wallet. All three wallets will watch the same set of addresses

Spend funds from your 3of3 MS wallet

  1. Create a TXN as you normally would on your first device
  2. In the TXN dialog hit "Preview" instead of Send
  3. In the Preview screen hit "Sign", then "Export"
  4. Copy the TXN over to your second device
  5. On your second device click Tools->Load Transaction
  6. Enter your partially signed TXN
  7. Verify the Status reads "Partially signed (1/3)"
  8. Sign the TXN, then hit the QR button
  9. From your mobile open your MS wallet
  10. Click send, then click the "scan/camera" icon
  11. Verify the status reads "Partially signed (2/3)"
  12. Click "Options->Sign" then "Options->Broadcast"

Conclusion

Certainly more complicated than a non MS wallet, but a lot more secure. Also be aware that the Segwit MS TXNs are about 40% larger than the native Segwit TXNs, so this does generate some additional cost in TXN fees.



No comments:

Post a Comment