I wrote about multisig with different hardware wallets something more than a year ago. Back then It was awfully complicated and I didn’t really get it working. A lot of progress has been made since then. The functionality was added to electrum last summer for trezor. I couldn’t test it however because my two trezor are initialized to the same seed, and the recovery sheet is distributed geographically. On top of that, the functionality was, and still is not implemented for ledger wallets. Like I wrote in a previous post, I recently received a keepkey. Multisig functionality was one of the main topics I wanted to experiment with the new device. My goal with this is not for everyday use but for super secure storage of BitCoin.
We are going to create a multisig wallet consisting of trezor, keepkey and ledger HW1. I assume, an electrum wallet is already set up for each of them. Further I assume, the seeds for each of them are written on the paper cards. These cards shall be properly secured. To further improve security, you can split the cards and distribute the contents geographically for example in different vaults.
First you will have to extract the xpub from each one of them. I used the main account. While I assume it would work with secondary accounts as well, I can’t be sure without testing. To construct the multisig watch-only wallet with electrum, follow these steps:
- File -> New/Restore
- Enter a name of choice. I use 2ofTKH to indicate 2 of x multisig with Trezor, Keepkey and HW1
- Select “Restore a wallet or import keys” and “Multi-signature wallet”
- Select 2 of 3
- Enter the xpub’s from the three different hardware wallets into the three edit fields
- Wait for electrum to generate the addresses
Receiving works the same way as every other electrum wallet. But for sending, follow these steps:
With the multisig watchonly wallet:
- Go to the send tab, and enter the information just like with regular electrum wallets.
- Click the “Send…” button
- Notice that the transaction dialog doesn’t have a send button
- Click the Save button, and save the file as unsigned.txn
- Close the transaction dialog
With the trezor wallet:
- Tools -> Load transaction -> From file
- Select the unsigned.txn that you saved before
- On the Transaction dialog that opened, click Sign
- Confirm the transaction on the trezor
- Note that the status is: Partially signed (1/2)
- Click Save, and select a name like partially_signed.txn
- Close the transaction dialog
With the keepkey wallet:
- Tools -> Load transaction -> From file
- Select the partially_signed.txn that you saved before
- On the Transaction dialog that opened, click Sign
- Confirm the transaction on the keepkey
- Note that the status is: Signed
- Click the Broadcast button
- Close the transaction dialog
The Ledger HW1 can also do multisig, that’s why I used it as the third key. But so far, the functionality is not implemented in the plugin.
The reason I wanted to constuct the multisig wallet with hardware wallets from different vendors is this: Suppose a weakness was found in one of them, at most one of the keys of the multisig could be compromised.
Yes, the procedure is somewhat lengthy and cumbersome. It is not intended for everyday use, but for secure storage of higher value savings. So the usability tradeoff is completely ok for me. Given the security offered by this scheme, it is the most user friendly procedure that I am aware of.
Leave a Reply