Author: Eric Voskuil 2015-02-02 22:54:25
Published on: 2015-02-02T22:54:25+00:00
The context of this conversation is a proposal to use multisig wallets as protection against malware. The proposal outlines a scenario where a user signs a 2-of-3 output with a first signature, and sends the signed transaction to a third party for the second signature. However, the compromised platform must transmit a secret or proof of a secret to the third party, which compromises the independence of the two secrets. To maintain independence, the third party must send the transaction to an independent platform for verification by the user and obtain consent before adding the second signature. The conversation delves further into the assumptions and limitations of this scenario, such as the anti-collusion assumption between the compromised first platform and the third party. It is also noted that hardware wallets are not subject to onboard malware, but their keys could still be extracted through direct attack against the hardware. Hybrid models that trust compromised computers or networks are also not considered true hardware wallets.Finally, it is acknowledged that while this scenario addresses integrity, it does not address privacy. Use of a third party implies loss of privacy to that party and weak comsec to the network, while use of hardware signing devices implies loss of privacy to the compromised platforms with which they exchange transactions.
Updated on: 2023-06-09T16:13:47.448034+00:00