Veriphi Logo
We Sell
$
CAD

Ultimate Bitcoin Security: Coldcard Multisignature Tutorial

by Tristan Borges Solari 6 months ago

Introduction

What are Multisignature Schemes

A powerful feature in Bitcoin is the ability to create a multiple signature contract. You can compare this visually to a situation where there’s only one vault, all keys must be in the same exact location to open it. A multi-signature contract allows you to control access to your bitcoins more securely by dividing access. This feature is very flexible for the user as well. They have the choice of the number of signatures created ‘M’ and the number of signatures required to access it ’N’. The entire scheme is created offline so as to qualify as Cold Storage. We use hardware wallets that support this functionality.

Depending on the user’s needs, they can have up to 15 ‘N’ signatures, with any number of signatures required being less to or equal to 15. The most common scheme is a 2-of-3 and will be the example used in this tutorial. The various signatures must be spread out geographically since the goal is to avoid having a single point of failure. For example, the user can decide to have a key at home, one at their cottage and another in a safe deposit in a bank. The options can vary depending on personal preferences.

Who does this concern

We recommend having this in place for anybody having more than $5,000 dollars worth of Bitcoin. At this amount of wealth in Bitcoin, it’s safe to assume that you wouldn't want to hold this amount of money in a precarious situation where a bad actor would only need one element (like your seed) to steal all your funds. This is a relatively cheap solution that increases your security exponentially.

A multi-signatures contract brings you peace of mind and greater assurances since you don’t have a single point of failure in your operational security.

Types of multi-signatures

You can use a multi-signature contract within different contexts. Since the process gives you a lot of malleability regarding how you can produce a particular contract, you can include different sets of conditions. The current script language of Bitcoin lets you build a contract with up to 15 signers.

  1. Corporate

If you are part of a company that holds bitcoin funds within the company, you wouldn't want a single person or entity to control the funds. In a case of mismanagement of the funds, it can be very difficult to determine whether the loss was accidental or that the designated party responsible stole the funds.  In organizational contexts, you can divide the access to a company's funds by sharing different sets of keys to the directors or stakeholders. Individually, none of the recipients key’s can move the funds, they need the collaboration of the other key holders.

2. Personal

For your personal bitcoins, you can increase your operational security by creating a personalized multisignature scheme. You can choose to distribute the different components required in locations you control or you can give them to trusted family and friends. Each individual plan is unique and should be thoroughly analyzed and thought out before being implemented.

Risks

By distributing the access to your keys, you are increasing the number of elements you have to take into account in your operational security. You will need to take appropriate measures to protect each one of them. Keep in mind that if some of these elements get lost or get compromised, you may not be able to recover your funds. For example, if you have a 2-of-3 contract, and you lose one of the keys, you are still able to recover your funds and reinitialize a new contract. However if you lose another one, your funds are lost forever.

Coldcard Air-Gapped Multisignature Scheme

We go through the process of creating a 2-of-3 multisignature scheme step-by-step using 3 Coldcard Mk.3 hardware wallets. Throughout this tutorial, no Coldcard will be connected to a computer in order for this setup to be considered air-gapped. This tutorial will also include steps to setting up an Electrum wallet.

Preparation

For this tutorial, we will need 3 initialized ColdCards with a 5V Power Adapter. We will also need one micro SD card and a computer where we will install Electrum.

We are assuming the ColdCards are all in the same location for their initialization. If it’s not your case and you can’t or don’t want to carry the micro SD card with you to the other locations, you can transfer the files exported through the web with an encryption communication tool such as Signal and load the files on different micro SD cards.

This tutorial goes straight to the creation of the multisignature scheme. You’ll have to initialize each device by selecting a PIN and writing down the seed phrase of the wallet and making sure that the firmware is up to date. To learn how to initialize your hardware wallet, you can check out Coldcard’s Quickstart Guide.

Creating the multisignature scheme

1. Connect the ColdCard to a Power Adapter, enter your PIN and if necessary, enter your passphrase.

Once the passphrase is inserted, make sure your fingerprints match.

2. Insert a micro SD card into the ColdCard slot.

3. On the main menu, scroll down to “Settings” and select it.

4. On “Settings”, scroll down to “Multisig Wallets” and select it.

5. Then, you will find an option called “Export XPUB”, select it and go through with it.

This will export the XPUB, or master public key, of the ColdCard Wallet to the micro SD card.
An XPUB, also called a Master Public Key, is a key which allows you to generate many bitcoin addresses related to your wallet. It doesn’t give access at all to your funds, it simply allows you to know which addresses are yours.

6. Repeat steps 1 to 5 on the second ColdCard and use the same micro SD.

7. Repeat steps 1 to 4 on the third ColdCard and insert the same micro SD as well.

8. On the 3rd ColdCard, go to “Settings”, then select “Create Airgapped”.

Read the description, it will ask what should be the type of address for the multi-signature wallet : Segwit Native, Legacy or Segwit-P2SH, simply click on the approve button to continue with the default, Segwit, which is the most economical address format.
Choose how many signatures are required, in our case choose 2.
Approve the creation of the wallet.

9. It will then say the file has been created and it will ask you if you want to import the multi-signature file to the micro SD, approve it to import it to the other ColdCards later on.

10. It will also ask you if you want to import an Electrum file for the multi-signature wallet, approve it to be able to create the wallet on Electrum later.

11. You should be back to the previous menu and the new multi-signature wallet should appear on top of the menu now.

12. Unplug the 3rd ColdCard and remove the micro SD card from it.

13. Power the 1st ColdCard and insert the micro SD on it. Unlock it with the PIN and the passphrase if necessary.

14. On the 1st ColdCard, go to “Settings” >> “MultiSig Wallets” >> “Import from SD”

15. Once completed and the multi-signature wallet appears, unplug the 1st ColdCard and remove the micro SD card from it.

16. Power the 2nd ColdCard and insert the micro SD. Unlock it with the PIN and the passphrase if necessary.

17. On the 2nd ColdCard, repeat step 14.

The second ColdCard will receive the file and the wallet will then appear at the top of the menu.

Congratulations! You have now loaded up your multisignature wallet into all your ColdCards and are ready to pass on to the next step.

Installing Electrum

Electrum hasn’t had an official release since July 2019 because they’re becoming a Lightning Wallet and they want the new feature to be stable before releasing a new version. We will be using the Master Branch on the Github Repository.

The steps are different depending on the Desktop platform you’re on, whether it be Linux, MacOS or Windows.

Linux

On Linux, it’s the easiest, all you have to do are the following commands in a terminal :

  • git clone https://github.com/spesmilo/electrum
  • sudo apt update && sudo apt install -y python3 python3-pip python3-setuptools python3-dev libusb-1.0-0-dev libudev-dev
  • pip3 install ckcc-protocol
  • cd electrum
  • ./run_electrum

Once this is complete, Electrum will open. To open the Electrum each time, you will have to do the last two commands, which move yourself into the folder and then executes the run_electrum script.

MacOS

You have to install Brew to then install Python.

Install Python and related libraries.

  • brew install qt5 pyqt5 gettext python3 python3-setuptools git

Clone Electrum repository, Install dependencies and run Electrum.

If you get any errors when launching Electrum, you might have to manually install dependencies with the following commands.

  • python3 -m pip install dnspython pyaes ecdsa certifi qrcode google-api-python-client protobuf aiorpcx aiohttp aiohttp_socks hidapi ckcc-protocol
  • brew tap cuber/homebrew-libsecp256k1
  • brew install libsecp256k1

Once this is complete, Electrum will open. To open Electrum each time, you will have to enter:

  • cd electrum
  • python3 run_electrum

Windows

First, we have to install Python, do so by clicking on this link and following the instructions.

Then, you have to restart your computer. Once restarted, open the Powershell.

Now enter the following commands :

If pip3 or python3 doesn't work, simply remove the “3” and type pip or python instead. Once this is complete, Electrum will open. To open the Electrum each time, you will have to do the last two commands, which move yourself into the folder and then executes the run_electrum script.

Using Electrum

1. Insert the micro SD into your computer.

2. Once Electrum is open, it asks you to select a file or create a new wallet.

3. You can select a file by clicking on “Choose...” and selecting the Electrum file on the micro SD card, which should be called something like : el-CC-2-of-3.json.

4. This will open a watch-only multi-signature Wallet which will display your addresses to receive funds.

5. Once you want to sign a transaction, you have to go in the “Send” tab and enter the address, the description (optional), the amount and the fee you want to use for the transaction.

6. Once all the previous information is inserted, you should click in “Preview”. A new window will open and you should click on the option called “Save PSBT” which will create a file with the unsigned transaction to import on the ColdCard.

7. Place this file in the micro SD card and insert the micro SD card in the first ColdCard.

8. Connect the ColdCard to a Power Adapter, enter your PIN and enter your passphrase if necessary.

9. Once logged in into the device, simply click on “Ready To Sign” and it will sign and show the details.

10. Once this step is completed and it brings you back to the menu, you can remove the micro SD card from the first ColdCard.

11. Connect the 2nd ColdCard to a Power Adapter, enter your PIN and enter your passphrase. Enter the micro SD on it.

If you don’t have the other ColdCard next to you, simply send the .psbt file through a communication means and use another micro SD with the file preloaded.

12. Once logged in into the device, simply click on Ready To Sign and it will sign and show the details.

13. Once this step is completed and it brings you back to the menu, you can remove the micro SD card from the second ColdCard.

14. Insert the micro SD card to your computer.

15. Export from the micro SD card the latest .psbt file which will have the two signatures, it is also heavier in size.

16. Go on your Electrum watch-only wallet and go on “Tools”, then click on “Load Transaction”, and then on “From PSBT File or Files”.

17. Select the PSBT file with the two signatures and click on Open. This will open the transaction on a new window on Electrum and you should click on “Broadcast”.

Congratulations, you have completed a multisignature wallet with 3 Coldcard hardware wallets using Electrum!

Conclusion

A multisignature scheme is the ideal solution for those seeking to elevate their Bitcoin security. This method allows you to vastly improve it without having to dramatically increase the complexity of your setup.

We specialize in helping users secure their Bitcoins so they can maintain total control over their funds, as well as protect their privacy. We offer several packages to help you do so that you can have customized according to your needs. If ever you have any questions on where to start or would like to get in touch with us to get started on your road to sovereignty, feel free to reach out!

Newsletter

Stay up to date on Bitcoin by signing up to our newsletter!

Newer post

Impact on Bitcoiners of Quebec’s Proposed Privacy Legislation (Law 64)
by René Vergé 5 months ago

Older post

Comparison of Coldcard, Trezor, Ledger & Security Tips
by Tristan Borges Solari 6 months ago
Veriphi Logo

Montreal, Quebec, Canada

MSB License : M20484233

© Copyright 2020, Veriphi Inc. All rights reserved