Electrum 2.7 with better multisig hardware wallet support and Ledger Nano S

Electrum has been my favorite Bitoin wallet software for a very long time. The reason I had a look at it initially was because there was a debian package. Only when Trezor hardware wallet support was added and was not yet released, I downloaded the sources. It is written in Python. I work with python regularly, but it is not my primary language. But for frequently updating and testing experimental software, it is pretty cool. That’s how I started to report bugs in the unreleased development branch, and sometimes even committing the patches myself.
But the reason I’m writing this post is, that the new 2.7 release contains two features that are important to me.

Ledger Nano S

One is that the Ledger devices now also support multisig with electrum. I took this as the trigger to order a Nano S. It works totally different from the HW1 in that it has a display. Thus you can set it up without an air gapped computer. With only the two buttons, you can navigate through the whole setup process. As a bonus it is also to my knowledge the first hardware device to store Ethereum tokens, not counting experiments such as quorum. So I finally moved my presales ETH.

Multisig with hardware wallets

I wrote about multisig with hardware wallets before. But Thomas took it a huge step further. Now it’s not only super secure, but also super user friendly. Now the hardware wallets are directly connected to the multisig wallet. No more saving unsigned transactions to files and load in the other wallet. You can still do that if you have the signing devices distributed geographically. Given a solid backup and redundancy strategy, you can now also have a 3 of 3 multisig hardware wallet. So your bitcoins would still be secure if your computer was hacked, and two of the three major BitCoin hardware wallets had a problem, which is very very unlikely.

The only thing still missing is the debian package for the 2.7 version.

A new era for eCommerce

OpenBazaar went live a short time ago. Even if it still has some rough edges, it offers the best user experience ever for buying or selling something on the internet.

I installed the earlier beta versions last year with great interest. But the developers decided that the core of it was not good enough, and started over from scratch. It still looks somewhat similar on the user interface side. But by looking at the sources and architecture, you can clearly see the difference. The old version was easy to run directly from the sources. The new one uses too much stuff that I’m not familiar with, so that I have to rely on the deb package. This in turn works flawlessly. The only thing that’s missing is a repo, so it would upgrade automatically.

Enough about the technicalities, let me describe what it’s all about. It simply is the easiest and most convenient way to buy or sell something online. No annoying insecure logins, no expensive or slow payments, no complicated shop to set up, just plain and simple.

After you installed the desktop client, you set up your profile which will take five minutes, is very simple, and has to be done only once.

Then you have the option of setting up a store. That is even easier than configuring your profile. Adding an item takes about a third of the time it would on ebay.

If you want to buy something, you can either browse through the listings, or search by tag. When you found what you want, you click on it for closer inspection. If you want to buy it, click the buy button. And that is where the real magic starts. Payments are in BitCoin (the magic internet money), that has arbitration built right into the protocol. You can either send the funds directly, or select an arbitrator from a list. Central services like ebay have only one arbiter service, and from what I read on the internet they are usually not that interested in finding a good solution. In contrast, here you can select from a list of moderators. The moderators can set their fees individually, and build a reputation. Thus a healthy competition among them should arise.

Ok, you selected a moderator, and the delivery address from your profile. After you confirm, you are presented with the familiar qr code that you scan with your mobile BitCoin wallet, or click the link to pay with a desktop wallet. In doing so, you send the coins to a multisig address. That is like a blocking account, but it was set up fully automatically, individually for every trade, and without fees. Once you confirm that you received the goods and are satisfied with them, you akknowledge it. The funds are then immediately released to the merchant.

Should something go wrong, you open a dispute, and the selected moderator will try to find a solution that all parties involved can agree upon. He might ask for a video of the unboxing, tracking information or whatever could help in resolving the dispute.

Now lets look at the merchant side. Up until now what you had to do if you wanted to open a small store on the web involved : buying a domain name, buying web hosting, setting up a website with a store, get a merchant account at a bank and a card processor … way too complicated!

All you have to do with OpenBazaar is checking a box in the settings, and start listing your items.

As it is fully decentralized, there is no central authority that could censor. This is great in many respects, but it could also be annoying if you get to see offers that you rather wouldn’t want to even know about. Early on people speculated if it would become the successor of the silk road. I also was worried that this aspect could ruin the great platform for the rest of us. But the developers came up with a brilliant plan: The nodes talk to each other over UDP. While it caused some headaches for NAT traversal, it can’t be routed through TOR. Hence it is easy to get at the real IP address, and if really bad stuff is involved, the police can ask the ISP for the client’s name and address. I truly hope this is enough to keep the platform clean. There were some reports of drugs listed on the first few days. I don’t know if it was for real, but everyone seems to agree, that this is a stupid idea.

If you did not install OpenBazaar yet, you can still browse the listings at : http://bazaarbay.org/

For example, my store is at : http://bazaarbay.org/@ulrichard

Super secure BitCoin storage

I wrote about multisig with different hardware wallets something more than a year ago. Back then It was awfully complicated and I didn’t really get it working. A lot of progress has been made since then. The functionality was added to electrum last summer for trezor. I couldn’t test it however because my two trezor are initialized to the same seed, and the recovery sheet is distributed geographically. On top of that, the functionality was, and still is not implemented for ledger wallets. Like I wrote in a previous post, I recently received a keepkey. Multisig functionality was one of the main topics I wanted to experiment with the new device. My goal with this is not for everyday use but for super secure storage of BitCoin.

We are going to create a multisig wallet consisting of trezor, keepkey and ledger HW1. I assume, an electrum wallet is already set up for each of them. Further I assume, the seeds for each of them are written on the paper cards. These cards shall be properly secured. To further improve security, you can split the cards and distribute the contents geographically for example in different vaults.

First you will have to extract the xpub from each one of them. I used the main account. While I assume it would work with secondary accounts as well, I can’t be sure without testing. To construct the multisig watch-only wallet with electrum, follow these steps:

  • File -> New/Restore
  • Enter a name of choice. I use 2ofTKH to indicate 2 of x multisig with Trezor, Keepkey and HW1
  • Select “Restore a wallet or import keys” and “Multi-signature wallet”
  • Select 2 of 3
  • Enter the xpub’s from the three different hardware wallets into the three edit fields
  • Wait for electrum to generate the addresses

Receiving works the same way as every other electrum wallet. But for sending, follow these steps:

With the multisig watchonly wallet:

  • Go to the send tab, and enter the information just like with regular electrum wallets.
  • Click the “Send…” button
  • Notice that the transaction dialog doesn’t have a send button
  • Click the Save button, and save the file as unsigned.txn
  • Close the transaction dialog

With the trezor wallet:

  • Tools -> Load transaction -> From file
  • Select the unsigned.txn that you saved before
  • On the Transaction dialog that opened, click Sign
  • Confirm the transaction on the trezor
  • Note that the status is: Partially signed (1/2)
  • Click Save, and select a name like partially_signed.txn
  • Close the transaction dialog

With the keepkey wallet:

  • Tools -> Load transaction -> From file
  • Select the partially_signed.txn that you saved before
  • On the Transaction dialog that opened, click Sign
  • Confirm the transaction on the keepkey
  • Note that the status is: Signed
  • Click the Broadcast button
  • Close the transaction dialog

The Ledger HW1 can also do multisig, that’s why I used it as the third key. But so far, the functionality is not implemented in the plugin.

The reason I wanted to constuct the multisig wallet with hardware wallets from different vendors is this: Suppose a weakness was found in one of them, at most one of the keys of the multisig could be compromised.

Yes, the procedure is somewhat lengthy and cumbersome. It is not intended for everyday use, but for secure storage of higher value savings. So the usability tradeoff is completely ok for me. Given the security offered by this scheme, it is the most user friendly procedure that I am aware of.


prevent or react

Beginning of this year, there was a very tragic event prominently present in all newspapers across Switzerland. The whole thing was so tragic, that I won’t add a link here. But there is one aspect, that kept me thinking for the last two weeks. Today’s blog post by Bruce Schneier triggered me to write about it. There was a family father who fed his family from selling smart phones on online auction sites without delivering anything. Apparently he did that for years. They couldn’t get hold of him because he moved house every couple of months. In contras to places like Nigeria, I didn’t think this was even possible here in Switzerland.

First of all, I don’t think that’s the profession he imagined for himself. There must have gone something terribly wrong long before. I think one has to be very desperate to become a professional cheater. Most measures our society has in place against such behaviour are reactive. Bad behaviour is punished, and the prospect of the punishment should keep the hesitant from misbehaving.

In certain areas of commerce it’s easier. In a brick and mortar store, you get the goods and pay directly. If you take the goods and run out of the store, chances are somebody will follow or somebody will stop you. This kind of theft is also easier for the police to pursue. But there are other areas where you need to bring a certain trust. That’s for example if you order something online and pay upfront. If it is a big name store, you may know it’s reputation. If they wouldn’t deliver, you ‘d tell your friends. This in turn could influence the reputation of the shop. With sites like ebay that have more participants than could any individual keep track of, it doesn’t work as easy. That’s why they have reputation systems built in. There are certain ways how you could trick them. I have no ideas how well that would work out, but the only way to prevent that would be to require for example a social security number instead of just an email address to register. Other countries issued electronic passports for a while which could be used for identification in such cases. Whether this is desired is another question.

Ebay and ricardo do offer some sort of escrow service. But nobody seems to make use of it. Certainly not the victims of the above mentioned iphone scammer. Some may already know where I’m leading to. That’s an area where BitCoin can shine. With it’s built in, easy (soon) to use  multi signature escrow system, certain types of fraud almost disappear over night. If the system doesn’t allow cheating, there is no need for punishment after somebody was ripped off, or threats against such behaviour. So which is better, prevention or reaction paired with menace?

MultiSig with HardwareWallets

2014 is touted as the year of multi-signature for BitCoin. It is being integrated into some wallets and services. But not quite the way I expected.

  • Electrum has an implementation that assumes multiple hierarchical deterministic wallets distributed over different machines, that know the other’s master private keys. -> This should work well for corporate environments or other organizations.
  • GreenAddress has a cool, but for my taste too obscure solution. I would recommend it for new users. But for myself, I want to be fully in control.
  • OpenBazaar, although not fully functional yet, will integrate arbitration with multi-sig.
  • and I hear more announcements almost on a daily basis…

When I first read into MultiSig, I understood it like I could combine any Bitcoin Addresses of my choosing to create a MultiSig address. If one of the involved addresses was in my wallet, it would automatically display the MultiSig address as well. And I could then partially sign a transaction with the GUI, and magically forward to the other signing parties. Turns out that is not quite how it works. To combine addresses of my choosing into a MultiSig address, I have to resort to the commandline. There are a couple of good tutorials on the net on how to do that, and also on how to spend. But it’s not like executing a few simple commands. It’s quite hardcore. There are wallets where you can add them as view only addresses, but I’m not aware of a wallet where you can partly sign a transaction in such a setting.

MultiSig brings us escrow services and a load of similar stuff that was not even imaginable before the rise of BitCoin. MultiSig is also good if you want to implement a setting where at least two of your accountants need to sign transaction in a corporate environment. What this adds is security. You surely saw movies where a few generals had to use their physical keys to launch missiles. That’s done to add security. So that the terrorists would have to steal the keys from more than one general, before they could launch a missile. The same works for bank vaults. And the same idea is behind BitCoin MultiSig, only that it goes much further.

MultiSig is just one facet of pay to script (P2SH). You can implement other rules than just MultiSig. I became only recently aware of that, when GreenAddress gave me a transaction that I could use to get my funds off the MultiSig wallet in case they went out of business. What that means, is that if too many parties loose their keys, funds on a MultiSig address are rendered inaccessible. As a measure against that, they created and signed a transaction with their key to transfer all funds, but with a time restriction. This transaction will only become valid after a certain configurable point in time. BitCoin has a stack based scripting language for expressing such rules. For my taste it’s very complicated at first sight, but it’s cool what you can do with it. That’s actually, where ethereum’s main focus is to improve. That’s all good and nice, but wasn’t it possible to program rules for a long time? Of course, but with BitCoin nobody can cheat, and you have to trust nobody. You cannot just change the system time on your computer, or buy a fake certificate to trick a system into using your timestamp server. BitCoin has a distributed consensus, that is very hard to come by.

So in essence, MultiSig is about increasing the security. This is mainly against malware that can infect your notebook and steal the files of your wallet software. There is also another cure against the same threat: HardwareWallets. I wrote about the Trezor and HW1 on my blog before. Now how about combining the two measures? That should raise the level of security up to a point equivalent as storing your gold and silver and diamonds inside a bunker in the Swiss mountains, and guard it with a Russian tank, driven by a rogue artificial intelligence. But I can tell you upfront: just like that rogue AI, it’s not going to be user friendly. While user friendliness and security are often opposing, this is an extreme case. After reading this, don’t be tempted to think BitCoin was difficult to use. BitCoin is wonderful and easy – for normal use.

So let’s begin with the commandline fu. I won’t repeat every step from the gist from atweiden, but concentrate on the special parts:

You don’t need to create any wallets. I assume, the hardware wallets are initialized and ready to use. Continue reading “MultiSig with HardwareWallets”