Multi-signature (multisig) refers to requiring multiple keys to authorize a Bitcoin transaction. Whilst a multisig setup can offer substantial security benefits it also comes with certain risks. As documented in a Bitbox post back in 2020, most hardware wallet (HW) multisig setups can be pretty insecure. In particular, that post rightly pointed out the difficulties at that time with verifying the extended public key (xpub) of certain HWs. Verification here means viewing the xpub on the device’s screen. A malicious desktop wallet could present an attacker’s xpub instead opening you up to a ransom attack. As a rule you should always compare a binary with the signed and timestamped checksum before installing it to make sure it is not malicious. But verifying the xpub via the HW’s screen provides far greater assurance because it ensures that the xpub being used matches the one generated and approved by your HW. You should always trust the screen of your HW over the information displayed on your computer. The whole point of a HW is to minimize your attack surface by shifting away from a complex, general-purpose operating system with millions of lines of code and weaker security boundaries to a dedicated device designed solely to safeguard your private keys, running only trusted and secure code.

Bitbox looked at this problem in relation to their own HW and three other HW vendors: Ledger, Trezor, and Coldcard. They found that only on Bitbox and Coldcard devices was it possible to display the xpub on demand. With the Bitbox02 this was shown to be possible when using the Electrum desktop wallet. I checked recently with my own Bitbox02 and that functionality continues to work.

BitBox02 xpub verification in Electrum

I’m a big fan of the Sparrow desktop wallet but unfortunately it doesn’t have this same functionality. The Specter desktop wallet also doesn’t seem to support this functionality. For privacy reasons Wasabi wallet does not support multisig currently so that’s not an option either. I will test some additional open source desktop privacy wallets, but for now it seems that only Electrum allows you to display the xpub on a Bitbox02 on demand.

In terms of other options, vendors do sometimes issue CLI tools for interacting with HWs whereby you could instruct the device to display an xpub. However there isn’t such a tool for the Bitbox02 currently. Of course developers can use the API to build their own tools. Maybe in the future some more apps will include Bitbox02 xpub verification functionality.

The 2020 post also pointed out that it was not possible to verify an xpub on a Trezor device. This is no longer true as it can be done using the Trezor CLI tool, trezorctl. I tested this with my Trezor Safe 3 and was able to get it to display it’s mutlisig xpub. This wasn’t without some effort though. Based on the trezorctl documentation the following command should have worked:

trezorctl btc get-public-node -n "m/48h/0h/0h/2h" -d -t segwit

However due to an ongoing issue I was presented with a zpub that when converted to an xpub wasn’t a match with the multisig xpub. After speaking with the super helpful Trezor developers though they suggested this workaround which worked perfectly:

trezorctl btc get-public-node -n "m/48'/0'/0'/2'" -t address -d

Alas this appears to be the only option for Trezor Safe 3 users at this time. Of the desktop wallets that I have inspected, none of them provided xpub HW screen display functionality with the Safe 3. Specter wallet actually doesn’t currently support the Safe 3, although it will in it’s next version.

Conclusion

While multisig setups offer significant security benefits, their implementation requires careful attention to detail, particularly around verifying xpubs to prevent potential attacks. Verifying xpubs directly on a HW’s screen is a critical step in ensuring the integrity of your setup, as it reduces reliance on potentially compromised desktop wallets. HWs like the BitBox02 and Trezor Safe 3 have made strides in this area, though their approaches and supporting tools vary.

For now, Electrum remains the most robust desktop wallet option for BitBox02 users seeking xpub verification functionality. Trezor Safe 3 users can leverage the trezorctl CLI tool. As the Bitcoin ecosystem continues to evolve, it’s encouraging to see improvements in wallet security features, and we can hope for broader support for xpub verification across more wallets and devices in the near future.

In terms of alernatives to multisig itself, one option is a Shamir backup, which can split a single key into multiple shares. However, this too has limitations. For instance, most HWs do not support the SLIP-39 standard for Shamir backups. To my knowledge, only Trezor supports it, and even then, recovery would be restricted to software wallets like Electrum or Sparrow unless you stay within the Trezor ecosystem. This lack of interoperability further complicates the decision.

⚡️ Enjoyed this post? Buy me a coffee… in sats! Tip me via my Lightning address: [email protected]