forex.pm forex forum binary options trade - Binance - Сryptocurrency exchanges - Is this scheme for multisig audit of Trezor + Coldcard ok?
  • Welcome to forex.pm forex forum binary options trade. Please login or sign up.
 

Is this scheme for multisig audit of Trezor + Coldcard ok?

Started by Bitcoin, May 16, 2022, 05:55 am

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Bitcoin

Is this scheme for multisig audit of Trezor + Coldcard ok?

My plan is to make a multisig between coldcard and trezor. I want to audit and verify that I indeed own the 2 keys of these wallets, using a raspberry pi zero (no wifi/bluetooth by definition) on a very old HDMI tv with no internet either, and using a virtual keyboard and simply a mouse on the pi zero.


These are the possible risks I want to mitigate:



  • The wallets can have a malicious random number generator.



  • The wallets can generate address for keys that are not mine




To eliminate the risk of the trezor generating a private key I don't own, I'm gonna put its key on the raspberry pi zero and see that it generates the same master pubkey and shown in trezor. This proves I own this key, but it might be a kew that someone already owns. No problem, that's why I'm doing multisig.


On the coldcard, I'll generate a seed using dices, and then verify on the raspberry pi that those dice rolls indeed generate the private key shown by coldcard. This proves that I own a private key that no one owns, because it was generated using dices.


Now that I have 2 private keys that I own, and at least one of them I'm the only owner, I can create a multisig wallet on Electrum or maybe BlueWallet. I'll annotate the first 10 addresses generated by the software wallet, and verify if they match on the coldcard and on the trezor. If the 3 show the same 10 set of addresses, I can consider these addresses safe for receiving Bitcoin.


I'll then receive some Bitcoin on one address, erase both wallets, restore them with the private keys, and then try to spend this Bitcoin, just to make sure I really owned the coins.


What are the possible problems I can encounter? Am I forgetting something important?


PS: I know that if the trezor has a malicious random number generator and it creates a private key that not only myself own, this is a privacy leak, but not a problem. And it's a privacy leak only when I spend from this address, revealing the public key on the blockchain.


I also plan to use just PBST air-gapped transactions on Coldcard, and a trusted computer to broadcast.


Source: Is this scheme for multisig audit of Trezor + Coldcard ok?