Bitcoin, year 12.
Alice: This year sucks. You know what’s almost as bad as 2020?
Alice: Multisig is still scary.
Nunchuk: Hold my beer.
It’s somewhat ironic that for a technology that reveres decentralization as its central operating principle, Bitcoin still heavily relies on single point of failure as the dominant method of ownership. This despite the fact that the unique risk profile of digital assets desperately calls against such a practice.
The highest barriers are technical challenges. Multisig is not for the faint of heart. Many pitfalls await around the corner.
Did you back up all your…
In February, we jointly disclosed a vulnerability affecting Bitcoin multisig wallets with Shift Crypto.
We explained how the vulnerability highlighted a fundamental problem with Bitcoin multisig: there was no standard on how to set up multisig wallets securely, particularly between different vendors.
The lack of standard meant that multisig wallets were vulnerable to privacy leaks, theft or ransom attacks. It also meant multisig solutions were often not interoperable, making migration from one setup to another highly difficult. Similarly, wallet recovery has been a major nightmare.
To address these concerns, we have spent the last several months working closely with various…
Today Shift Crypto and Nunchuk jointly disclosed a vulnerability affecting multisig wallet setups that use Coldcard. However, this vulnerability has implications for all current wallet vendors and multisig solution providers. For details, please check out Shift Crypto’s blog.
The quick summary is that prior to Coldcard firmware version 3.2.1 (released on Jan 8th, 2021), you can fool a Coldcard into accepting a multisig wallet that it is not a part of, including generating receive addresses that it does not control.
For details, you can read Shift Crypto’s blog. …
Nunchuk 0.9.7 is out and is a major upgrade over our previous releases. Here it is at a glance:
Read on for a quick summary of what it all means.
Starting from 0.9.7, users will have two options for the Nunchuk wallet backend: an Electrum server or a Bitcoin Core node.
The Electrum server option makes the most sense for those who…
Money, in essence, is information. It establishes a common value system (a type of information), its distribution is a reflection of who has what (information), and the exchange of it signals which goods and services are valued in society (also information).
However, relative to other types of information, money is arguably the most impactful when it comes to moving the world. As the historian Harari eloquently put it:
“Money is more open-minded than language, state laws, cultural codes, religious beliefs, and social habits. Money is the only trust system created by humans that can bridge almost any cultural gap, and…
Nunchuk’s mission is the proliferation of multisig. To that end, today we are excited to open source our library, libnunchuk, under the MIT license. This library handles all the heavy-lifting inside the Nunchuk desktop application.
Nunchuk’s architecture differs from other wallets’ for a number of reasons. But a major one is our decision to heavily reuse Bitcoin Core code.
Why is reusing Bitcoin Core code a big deal?
This slogan (perhaps coined by Bitcoin evangelist Andreas Antonopoulos) has been popular among the Bitcoin community for some time. “Keys” here refer to the private keys, implying that those who are in possession of the private keys own the bitcoins controlled by those keys.
While this slogan was true in the early days of Bitcoin, it is less relevant today and doesn’t tell the whole story. The reason is the growing sophistication of key generation and smart contracts, including, but not limited to, multisig.
Since Nunchuk’s mission is the proliferation of multisig, it is crucial that the first step is…