Sunday, December 22, 2024

multi signature – What are the privateness implications of unveiling one xpub in a multisig setup?

What data can a 3rd social gathering derive a couple of multisig pockets if one of many xpubs within the setup is understood? For instance, for a 2-of-3 setup, I do know 3 of the xpubs are wanted to generate pockets addresses, which initially led me to assume that revealing 1 (or 2) xpubs wouldn’t reveal any details about the pockets. Nevertheless from poking round on the block explorer I now assume the state of affairs is extra like the next, which I want to verify:

  1. Every xpub is used to derive a sequence of public keys that are used within the spending script. These public keys are revealed at spending time, so whereas the complete set of pockets addresses/UTXOs can’t be generated from one xpub, somebody who is aware of one xpub might discover transactions on the blockchain that spent from the multisig pockets. (This may very well be related for e.g. a collaborative custody setup resembling Unchained if an xpub that’s shared with them can also be utilized in a separate non-public pockets setup).
  2. Equally, utilizing the identical xpub in a number of multisig wallets setups looks as if a foul privateness observe as transactions from the totally different wallets might doubtlessly be linked collectively – specifically transactions spending from the identical handle index in every. e.g. if one setup makes use of xpub1, xpub2, xpub3 and the opposite xpub1, xpub4, xpub5, then the spending script for handle index okay within the two wallets will comprise one thing like (pubkey1k, pubkey2k, pubkey3k) and (pubkey1k, pubkey4k, pubkey5k) – so they’re linked by having the identical pubkey1k in every.
  3. The answer to avoiding the above points could be to make use of totally different derivation paths, which might generate totally different xpubs from the identical non-public key, e.g. utilizing totally different account numbers within the derivation path for a non-public vs. collaborative custody setup. (For that reason, revealing a multisig xpub wouldn’t reveal data about single sig pockets and vice versa).

Can somebody with extra data about how these setups work and what data is definitely revealed on the blockchain assist examine/right my understanding right here?

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles