Author: Hugo Nguyen 2021-02-15 16:45:10
Published on: 2021-02-15T16:45:10+00:00
The Bitcoin Secure Multisig Setup (BSMS) proposal aims to address concerns about securely setting up multisig wallets across different vendors. The proposal defines an interoperable multisig configuration format and mitigates the risk of tampering during the initial setup phase. The process involves a Coordinator and multiple Signers. The Coordinator initiates the multisig setup, determines the type of multisig used, and the policy script. If encryption is enabled, the Coordinator distributes a shared secret or shared secrets to the parties involved for secure communication.Under the Setup Process section, Round 1 involves the Coordinator creating a multisig wallet creation session and constructing the multisig script and its policy parameters. If encryption is enabled, the Coordinator distributes a secret TOKEN to each Signer over a secure channel. The Signer generates a key record by prompting the user for a multisig derivation path and retrieves the XPUB at that derivation path. The first line in the record must be the TOKEN, followed by the KEY and a SIG, which is the signature generated by using the private key associated with the XPUB to sign the first two lines. Finally, the Signer encrypts the entire record with ENCRYPTION_KEY.In Round 2, the Coordinator gathers key records from all participating Signers, decrypts them using ENCRYPTION_KEY, and verifies the included SIG's validity given the KEY. If all key records look good, the Coordinator fills in all necessary information to generate a descriptor record, which is simply the descriptor string plus a CHECKSUM, all in one line. The Coordinator then encrypts the descriptor record with an encryption key and sends it to all participating Signers.The Signers import the descriptor record, decrypt it using the encryption key derived from the open session, and verify its checksum. They also check whether one of the keys in the descriptor belongs to them. If all checks pass, the Signer persists the descriptor record in its storage and uses it to generate and verify receive and change addresses.The proposal introduces two layers of protection: a temporary, secret token used to encrypt communication between the Signer and the Coordinator and the descriptor checksum and visual inspection of the descriptor itself. The token is only needed during the setup phase and can be safely discarded afterward. The descriptor checksum and visual inspection are the only way to guard against malicious members being inserted into the set.The document also provides details on the encryption scheme, key derivation function, and QR code conversion for signers that use QR codes to transmit data. It includes references to various standards and definitions for more information. The proposal was developed with feedback from industry experts and is available for review on the Bitcoin-dev mailing list.
Updated on: 2023-06-14T17:36:00.452654+00:00