Multisig

[ghost]

We've now discussed with @javgh and others, the possibility of including multi-signature transactions with Green Address as a possible key holder. However we do it, this is quite clearly a standard piece of security kit for wallets these days, and I think we need to start planning our approach to it.

@javgh How specifically could we do this with Green Address? Can you write a technical description of how we would integrate?

[javgh]

I think this requires more discussion on how multi-sig relates to multi-token. Green Address only supports Bitcoin, so we would be diverging here on how we treat different tokens.

[dabura667]

However, seeing as Hivewallet is accessible via the web, you could have it set up so that a user would have one xprv on their cell phone and one xprv on their desktop and require 2 of 2 sigs to send (maybe offer option for 3rd backup xprv? that they could just write the mnemonic for?)

This would be different from Greenaddress in that you would not have control at all over user's tokens. (Whereas Greenaddress has it's drawbacks too... nTimeLock is VERY difficult to understand for new people.)

I would suggest this kind of flow:

Create New Wallet screen: Shows mnemonic, and has a checkbox "Use this passphrase for multisig"

When the user checks it and goes to the next page, it will say "Create 2 of 2 multisig" at the top and ask "please write the extended public key here" (I don't know the best way to do this... could we encode an xprv into BIP39 mnemonic?) or have a button that says "show my extended public key" that will show theirs. Along with an "input backup extended public key"

Also, below the box to write the xpub, there will be a "Generate backup cold key" that will generate a second xprv, display the mnemonic, and once the user is done writing it down, the program should keep the xpub and delete the xprv from memory. Then the page should say "Create 2 of 3 multisig" instead.

Then once they go on both devices and make sure both devices have each other's xpubs AND the cold storage backup key if necessary, they both generate the wallet...

Then each wallet uses the ordered pairs as the redeemscript (to prevent different ordering) and the rest is pretty much the same as normal.

The only thing that would be tricky is how to handle transactions. An incomplete transaction would have to be stored on some server and each device would have to find the uncomplete transaction to confirm it.

I think that Hive-js is in a very good position to pull something like this off...

I hope my explanation wasn't too crazy... but tl;dr I think rather than take the GreenAddress approach you guys should offer the first ever multisig wallet solution that lets the user control all keys... (ok well I guess Copay beat you to it, but still)

[weilu]

I don' know if it multisig makes sense from a usability point of view. Before we get into the technical discussions, what would be the problem we want to solve with multisig in hive? fund safety? facilitating copayment?

If it were for fund safety, it doesn't make much sense to have users hold all the keys. Then who do we want to trust as the third party to hold, say 1 of the 3 keys for every user?

If it were for facilitating copayment, that's exactly what Copay does. Wouldn't it make more sense to just use Copay or create a Hive app that talks to Copay API if there's one?

[dabura667]

If it were for fund safety, it doesn't make much sense to have users hold all the keys.

1 key on my cell phone, 1 key on my desktop. Now I can have decentralized 2FA without needing to use a third party service. Plus I have a backup key in cold storage in case either one of them blows up.

[weilu]

@dabura667 Interesting use case indeed (though I don't know if it'd still be 2FA if both factors falls under the category of "something the user has").

Let's keep this use case in mind. I do not want to integrate something for the sake of having the term as part of our "technology". Let's answer the "why" and "what" before diving into the "how".

[ghost]

Closing for now, since we won't be doing anything with Multisig in this version of Hive.

Possible 2.0 feature. @mattatgit