multi signature – Is that this scheme for multisig audit of Trezor + Coldcard okay?


My plan is to make a multisig between coldcard and trezor. I wish to audit and confirm that I certainly personal the two keys of those wallets, utilizing a raspberry pi zero (no wifi/bluetooth by definition) on a really outdated HDMI television with no web both, and utilizing a digital keyboard and easily a mouse on the pi zero.

These are the potential dangers I wish to mitigate:

To eradicate the danger of the trezor producing a non-public key I do not personal, I am gonna put its key on the raspberry pi zero and see that it generates the identical grasp pubkey and proven in trezor. This proves I personal this key, nevertheless it could be a kew that somebody already owns. No downside, that is why I am doing multisig.

On the coldcard, I am going to generate a seed utilizing dices, after which confirm on the raspberry pi that these cube rolls certainly generate the non-public key proven by coldcard. This proves that I personal a non-public key that nobody owns, as a result of it was generated utilizing dices.

Now that I’ve 2 non-public keys that I personal, and no less than one among them I am the one proprietor, I can create a multisig pockets on Ethereum or perhaps BlueWallet. I am going to annotate the primary 10 addresses generated by the software program pockets, and confirm in the event that they match on the coldcard and on the trezor. If the three present the identical 10 set of addresses, I can think about these addresses protected for receiving Bitcoin.

I am going to then obtain some Bitcoin on one handle, erase each wallets, restore them with the non-public keys, after which attempt to spend this Bitcoin, simply to ensure I actually owned the cash.

What are the potential issues I can encounter? Am I forgetting one thing essential?

PS: I do know that if the trezor has a malicious random quantity generator and it creates a non-public key that not solely myself personal, this can be a privateness leak, however not an issue. And it is a privateness leak solely once I spend from this handle, revealing the general public key on the blockchain.

I additionally plan to make use of simply PBST air-gapped transactions on Coldcard, and a trusted laptop to broadcast.

Supply hyperlink

Leave a reply