Author: Robert Spigler 2021-04-12 20:43:39
Published on: 2021-04-12T20:43:39+00:00
In a message to the bitcoin-dev mailing list, Christopher Allen proposed some best practices for avoiding xpub reuse in multisig account creation. He suggests that users must backup their multisig account maps (descriptor with only xpubs) along with their cosigner key material to be able to recover funds. Cosigner wallets and transaction coordinator services should not share the master xpub, which is already an industry standard. The master xpub fingerprint is considered a privacy risk and should not be used. Transaction coordinators should send the cosigner "policy" (basically the multisign descriptor without any keys in it) along with any request to derive a new xpub for that new account and also send the final "account map" to all the cosigner wallets as a best practice. While these practices do not solve the problem with stateless wallets like Trezor, they are possible now with the new generation of multisig hardware and software wallets such as Foundation Devices, CoboVault, Sparrow, Bluwallet, and Gordian reference wallet tools. There is no cosigner "policy" in this standard, but the same checks are implemented.
Updated on: 2023-06-14T17:25:35.562113+00:00