$1,500 Bounty for Offline Multisignature through the GUI View #24861 #21071

issue Rspigler openend this issue on February 3, 2021
  1. Rspigler commented at 4:38 am on February 3, 2021: contributor

    There has been incredible work implementing descriptor wallets, PSBTs, offline signing, HWWs; and GUI support for it all into Bitcoin Core. It has been incredibly exciting to watch!

    My goal is to financially support developers to implement offline multisignature wallets into Bitcoin Core. I believe we are almost there.

    I am here to humbly try to attempt to describe what I see, as a user and through talks with other developers, as the work that is needed to implement secure, offline multisignature wallets in Bitcoin Core.

    1. A standard for Coordinating Multisignature Wallets, with an authentication scheme. This is being discussed here.

    BlockchainCommons has done a lot of work around this:

    Online Node Coordinator sends a ‘Policy Request’ to Offline Co-Signers, if acceptable, co-signers send a ‘Keyset’, and then get an ‘Account Map’ back.

    Policy Request = empty descriptor

    Keyset = BIP48 path

    Account Map = descriptor w/ no xprvs in it

    AND/OR

    Co-Signers send array of descriptors for all script types (BCR-2020-015) to Coordinator, Coordinator selects necessary descriptor and creates wallet, then sends ‘Account Map’ back.

    Concerns: lack of complete standardization. use of BIP48. Names still up in the air. @Sjors also discussed the possibility of a ‘Wallet Composer File’ that could compose a wallet interactively, use future-proof syntax (can the signer decompile miniscript?), and support other capabilities. Not sure how much work has been done on this.

    1 A) The authentication:

    Just trust on first use, with warnings if data changes? @benma has done great research and reporting on this:

    To receive securely, the offline signers need to be able to verify the following:

    The receive address, which has to encode the hash of an ordinary multisig redeem script with no other spending conditions The key of the hardware wallet, which has to be one of the public keys in the redeem script The keypath of the displayed address in order to avoid ransom attacks if no restrictions are enforced by the hardware wallet The number of cosigners in order to prevent an attacker from adding more The threshold of required signatures to not be higher or lower than intended The xpubs of the cosigners in order to prevent an attacker from swapping them

    The above is written for hardware wallets, but I believe any BIP written and code implemented should be for both HWWs and offline Core wallets. With descriptor wallets, I believe a lot of the above authentication can be automated by the info in the Account Map that all offline co-signers have.

    To send securely, the offline signers need to be able to verify the following:

    The recipient’s address, displayed and confirmed by the user like with singlesig The change address, having the same cosigners and threshold in an ordinary multisig script with no other spending conditions The change goes to an address at a keypath recoverable by the user

    I think all the above is very important, since there have been many instances of devices not properly implementing the above security measures, so having a BIP for devices/software to comply with would be important. @Sjors and @achow101 have been doing a ton of work integrating HWWs. This looks like it will be merged soon: (https://github.com/bitcoin/bitcoin/pull/16546). After that, the UI will be worked on (https://github.com/bitcoin-core/gui/pull/4), and there is a currently-closed PR for HWW multisig functionality on top (https://github.com/bitcoin/bitcoin/pull/16895). Perhaps some of this code can be re-used for multisig with Core on offline computers, but I am not sure.

    I believe having this ability would be an extensive security gain (being able to create a multisig wallet with Core on offline computers through the GUI).

    1. Represent multiple derivation paths with one descriptor (https://github.com/bitcoin/bitcoin/issues/17190)

    Single descriptors make creating, backing up, and restoring multisignature wallets much simpler. For example:

    To create a multisignature wallet in Bitcoin Core, you can currently:

    1. Create wallet
    2. Dump hdseed
    3. Create address, dump xpriv
    4. Repeat Steps 1-3 N times
    5. Create multisig wallet using descriptor containing all N xprvs (M of N multisig)
    6. Use the N hdseeds along with Account Map as backup

    However, the above wallet can not create change addresses. You need to create (backup and restore) a second descriptor for change addresses, even though most of the descriptor is the same, except for the derivation path at the end. This can be very time consuming/confusing for end users, especially when backing up by paper/hand.

    For a comprehensive offline multisignature wallet, I believe this change needs to be implemented. Currently in Yeti, we bypass this by recommending coin control and only sending entire UTXO’s (which is a pretty bad user experience and short term solution we have chosen).

    Some users like setting custom change descriptors (for example, for sending to an application for mixing change) so I believe this should be able to be done behind expert options, and perhaps this makes a single descriptor less controversial.

    1. QR code scanner (https://github.com/bitcoin/bitcoin/issues/9913)

    QR codes are the most secure way to pass data between airgapped signers. I currently have a $300 bounty on implementing this. BlockchainCommons has a standard (BCR-2020-005) that is compatible with PSBTs (multiple QR codes checksummed; or a single animated QR code), and has a C++ reference implementation (https://github.com/BlockchainCommons/bc-ur).

    1. After the above (1-3) is finished, I believe implementing offline multisignature wallets into Bitcoin Core will be possible.

    I am not trying to influence consensus (this should just be wallet code), and ultimately it is of course up to the developers and the community if these are changes that are good for Bitcoin, and if the above is how it should be implemented. I am just trying to put all the thoughts/discussions down in one place.

    Developers who might be interested: @Sjors @gwillen @instagibbs @achow101

    —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512

    I, Robert Spigler, am offering a $1,500 bounty for implementing 1, 2, 3, and 4 (standard for coordination of co-signers, single descriptors, QR codes, and offline multisignature wallets) in Bitcoin Core.

    This does not include the already existing $300 bounty for #3 (QR codes).

    The bounty will be split between developers as I see most fair (author and substantial reviews/discussions).

    The bounty has no expiration and will be paid in bitcoin.

    The date is 2021-02-02. —–BEGIN PGP SIGNATURE—–

    iQIzBAEBCgAdFiEEf4WKHNGE9pWzsby0UsewL8eQ8/AFAmAaJz0ACgkQUsewL8eQ 8/CVqw//ZOQkDabWlYxqcf669FqvsWRK/q/mNidaBor9gVwFiXZsBP1j7knGgpvZ WCpek6JpMU4b1ZA2jobbSAKcaEarUiBRMVoXWnHmeg0igJmNhZyhL9D4lvy1kUBd 3F8KhqZ0yIlAzGRWu6+CKOVlTMQFwS/giAgoWeQCa8a4Nx0WjbhtyMWvXQmXlbnJ 7zjN3nfJDi7CYxMGGyfnLLJSCdUGt205PIwphwI9OR2TJVwfl6rRLR1rzakCHOOa zvd6Ud0mGCHiJMvlWv5Qyk6KGm4O9XTVPYWU9DkWq1Jahv4MtZvb+n1DsgT6ZQxF gNZVOp+iuigEmgWe1Qw8wsiWjubJrVBhWcg3cFfchmRYefMo6+53RCYM8+VnbYEm VFts1rmMtLex8UTfrXX4FAla1WdPhlNFCNIlNnabBMTrck7WUTQdO07eNc6kI/wz QXBAbuLqIp3FEhLcsv9oZQIkQmtAwN2235aN+B0J7bFLaegBg2E+Ur3lIlDPKZvo U1r+NgDfNf9ZkA8rKJxRENCH5o46SbxI6gPYVTVY8NAy8pj2RFcGMYg1a0DEW1G2 zy/3/4Umud5Mr92ggkJWbKKe7HWqypYEXWhc+vo5fOoCY5XTJza0hOyiW+5vHKMM YGS81OAQfIV/MJFffSJ581uU6th1s+7g9nWjeT9vGqTSJbNd1P4= =Xm2a —–END PGP SIGNATURE—–

  2. Rspigler added the label Feature on Feb 3, 2021
  3. Rspigler commented at 11:19 pm on May 12, 2021: contributor

    BSMS will be used for 1) A standard for Coordinating Multisignature Wallets, with an authentication scheme.

    For 2) Represent multiple derivation paths with one descriptor - descriptor templates can be used.

  4. Rspigler commented at 7:24 am on September 21, 2021: contributor
    1. “A standard for Coordinating Multisignature Wallets, with an authentication scheme” is fulfilled by BIP 129 (BSMS) and BIP 87

    2. “Represent multiple derivation paths with one descriptor” is being worked on with (https://github.com/bitcoin/bitcoin/pull/22838)

    3. “QR code scanner” is still outstanding - (https://github.com/bitcoin/bitcoin/issues/9913)

    4. The final, multisignature GUI goal is being worked on with next steps being PR #22341

    Thank you to @hugohn, @dgpv, @achow101, @Sjors, and anyone else who has helped on this important project!

    From starting with BIP 11 and BIP 16 10 years ago, to PSBT’s, HWI, descriptor wallets, the QML repo, and taproot, we have come a long way!

    Being able to use (offline) multisig wallets through the GUI of the reference implementation will be a massive security and usability gain.

  5. ghost commented at 6:32 pm on October 10, 2021: none

    @Rspigler Have you tried Nunchuk ?

    GUI looks good enough for a desktop application that allows you to create multisig wallets and connect with Bitcoin Core. It uses C++, qt etc. same as Bitcoin Core but looks much better.

    image

  6. Rspigler commented at 2:24 am on October 11, 2021: contributor

    Yes, but the goal here is to get the above implemented in Bitcoin Core, as Bitcoin Core is the most peer reviewed, battle tested, decentralized implementation in the industry.

    Nunchuk devs have helped in this process (BIP 129)

  7. Bosch-0 commented at 3:00 am on April 1, 2022: none
    Relevant to this thread: https://bitcoinbounties.org/
  8. Rspigler commented at 1:51 am on April 10, 2022: contributor
    Thank you for pointing out that website - a central location to view all bounties seems like it could be an improvement. It’d be the only Core specific thing on that site however. Maybe we need a ‘Bounty’ label for issues? @MarcoFalke
  9. Rspigler commented at 1:53 am on April 10, 2022: contributor
    The bounty is also almost offensively low for the amount of work that has gone into this project, and the amount of work that is still left to finish it. I would like to work on raising it, but I have a lot of bounties out right now.
  10. MarcoFalke commented at 12:45 pm on April 11, 2022: member
    Not sure if labels in this repo are the right way to track bounties paid externally. Maybe this can be discussed in a separate meta issue or IRC discussion/topic?
  11. Rspigler commented at 7:42 pm on April 18, 2022: contributor
    This bounty has been succeeded by #24861
  12. Rspigler renamed this:
    $1,500 Bounty for Offline Multisignature through the GUI
    ~~$1,500 Bounty for Offline Multisignature through the GUI~~ View #24861
    on Apr 18, 2022
  13. MarcoFalke commented at 7:22 am on April 19, 2022: member
    I am not sure, can this be closed then?
  14. Rspigler commented at 12:21 pm on April 19, 2022: contributor
    Good point, yes.
  15. Rspigler closed this on Apr 19, 2022

  16. DrahtBot locked this on Apr 19, 2023

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 00:12 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me