Author: Matias Alejo Garcia 2015-10-05 06:57:16
Published on: 2015-10-05T06:57:16+00:00
A developer reviewing BIP-45 raised concerns about a privacy issue that should at least be mentioned in the document. The issue is that when using the same extended public key for all multisig activity and dealing with different cosigners in separate multisig accounts, reuse of the same set of public keys means all cosigners from all accounts will be able to monitor multisig activity from every other cosigner, in every other account. However, it's not required or recommended by BIP45 to use the same set of extended public keys in more than one wallet. According to BIP45, a signing party needs the extended public keys of all the other parties to generate a wallet address. Each party will be able to see the transaction history of the wallet they are sharing, but if the party has other wallets with other copayers, the xpub should be completely different.
Updated on: 2023-06-10T23:43:10.360212+00:00