I just published Introducing Nunchuk: Multisig Made Easy link.medium.com/7uYBIDxk2ab
(Bitcoin, year 11.)
Alice: This year sucks. You know what’s almost as bad as 2020?
Bob: Yeah?
Alice: Multisig is still scary.
Nunchuk: Hold my beer.
1/
Alice: This year sucks. You know what’s almost as bad as 2020?
Bob: Yeah?
Alice: Multisig is still scary.
Nunchuk: Hold my beer.
1/
It’s somewhat ironic that for a technology that reveres decentralization as its central operating principle, Bitcoin still heavily relies on single point of failure as the dominant method of ownership. 2/
This despite the fact that the unique risk profile of digital assets desperately calls against such a practice.
The highest barriers are technical challenges. Multisig is not for the faint of heart. Many pitfalls await around the corner. 3/
The highest barriers are technical challenges. Multisig is not for the faint of heart. Many pitfalls await around the corner. 3/
Did you back up all your seeds? Do you need seeds? Are you sure the signing devices use the same derivation path? What about that change address? What do you mean you lost your device in a boating accident? Oops, some vendor has just made an update that bricks my setup. 4/
What if we tell you you don’t have to worry about any of this anymore. What if there’s something. THAT. JUST. WORKS. 5/
Say hello to Nunchuk. The app that makes multisig feel like a walk in the park. 6/ 
Before we talk about features, let’s talk about design philosophy.
If we were to design a multisig wallet today, what should our goals be? 7/
If we were to design a multisig wallet today, what should our goals be? 7/
Our answer:
It must be secure.
It must be seamless.
It must be future-proof.
It must go above and beyond to empower the user. 8/
It must be secure.
It must be seamless.
It must be future-proof.
It must go above and beyond to empower the user. 8/
(I) It must be secure
Security starts by knowing our limits. We defer to specialists in the most security-sensitive areas.
That means delegating the task of managing private keys to single-purpose hardware. 9/
Security starts by knowing our limits. We defer to specialists in the most security-sensitive areas.
That means delegating the task of managing private keys to single-purpose hardware. 9/
That means sticking close to Bitcoin Core for consensus code, for standardness rules, for future upgrades. That means avoiding reinventing the wheel.
There’s no need to rewrite that low-S low-R signature verification code, no matter how cool elliptic curve math is. 10/
There’s no need to rewrite that low-S low-R signature verification code, no matter how cool elliptic curve math is. 10/
That also means ruthlessly cutting down on the number of software dependencies, because each dependency is a potential attack surface. 11/
That means going with the desktop first and not the browser. That means outside of Core, only using battle-tested software. We can’t completely eliminate all attack surfaces. But we can minimize them. 12/
(II) It must be seamless
Going from a single signer to multiple signers necessarily requires some level of friction. The goal is to avoid further friction in every other part of the multisig process. 13/
Going from a single signer to multiple signers necessarily requires some level of friction. The goal is to avoid further friction in every other part of the multisig process. 13/
In the early days of Bitcoin, wallet vendors were often incompatible with one another, which complicated multisig setups. 14/
On this front, there have been great developments in the last few years, notably PSBT and the descriptor language. Both have greatly improved Bitcoin ecosytem’s interoperability.
Nunchuk treats descriptors and PSBTs as first-class citizens.
15/
Nunchuk treats descriptors and PSBTs as first-class citizens.
15/
The consequence of this is that you can use Nunchuk with many different hardware vendors, or easily recover a multisig wallet created by Nunchuk on other wallet software such as Core. 16/
Being seamless also means the ability to switch between singlesig and multisig use cases.
Nunchuk introduces a third type of wallet: an Escrow. An Escrow is a one-time-use multisig wallet specially created for the purpose of holding funds temporarily. 17/
Nunchuk introduces a third type of wallet: an Escrow. An Escrow is a one-time-use multisig wallet specially created for the purpose of holding funds temporarily. 17/
With Nunchuk, you can easily move funds among these three types of wallets. 18/
(III) It must be future-proof
It would be a shame if we design a brand new multisig solution, only for it to get outdated quickly by tomorrow’s protocol changes. 19/
It would be a shame if we design a brand new multisig solution, only for it to get outdated quickly by tomorrow’s protocol changes. 19/
Many multisig solutions in the past no longer serve us well, because they were designed at a time when tools were lacking, and ended up being needlessly complex. Multisig is bound to evolve further in the coming years.
MuSig anyone? 20/
MuSig anyone? 20/
Because Nunchuk stays close to Core code, it can immediately reap all the benefits of future protocol upgrades.
When Taproot is ready, Nunchuk is ready. 21/
When Taproot is ready, Nunchuk is ready. 21/
(IV) It must go above and beyond to empower the user
Last but not least, we want to offer the user granular control over their wallet, and most importantly, their privacy.
22/
Last but not least, we want to offer the user granular control over their wallet, and most importantly, their privacy.
22/
That’s why we invested time and effort to add support for things like coin control, replace-by-fee, UTXO consolidation, personal server, TOR support, etc.
The little things matter. 23/
The little things matter. 23/
The reason is simple: we ourselves are users of multisig. If someone else designs this app, these features would be high on our wish list. 24/
That, in a nutshell, is Nunchuk.
Nunchuk’s mission is to make multisig the gold standard — no pun intended 🙂 — for owning Bitcoin.
25/
Nunchuk’s mission is to make multisig the gold standard — no pun intended 🙂 — for owning Bitcoin.
25/
Nunchuk beta is available for download at nunchuk.io.
We still need to iron out the kinks, but it's fairly feature-complete. Grab a copy and play around. We look forward to hearing your feedback.
Keep stacking. 26/
We still need to iron out the kinks, but it's fairly feature-complete. Grab a copy and play around. We look forward to hearing your feedback.
Keep stacking. 26/
Special thanks to @ChaincodeLabs . I had the opportunity to attend Chaincode Residency last year, and it gave me & my team the knowledge we needed to start this project.
If you want to be a Bitcoin contributor, there's no better on-ramp than the Chaincode Residency! 27/
If you want to be a Bitcoin contributor, there's no better on-ramp than the Chaincode Residency! 27/
A big shout-out to my mentor @achow101. Andrew was kind enough to let me work on a small part of Core descriptor project last year. And continued to answer my zillion noob questions, long after the residency. 28/
Perhaps you don't know, but @achow101 is also singlehandedly responsible for unifying the hardware wallet industry, for spearheading projects like PSBT, descriptor, and HWI. Without his efforts, none of this would have been possible.
He's the hero we don't deserve. 29/
He's the hero we don't deserve. 29/
Shout-outs to @COLDCARDwallet, @Trezor, @Ledger, @ShiftCryptoHQ. Designing a secure hardware wallet is one of the hardest jobs in crypto. Appreciate all the work you guys have done.
And to @CasaHODL, @SpecterWallet, @unchainedcap, @ElectrumWallet for pushing multisig forward. /30
And to @CasaHODL, @SpecterWallet, @unchainedcap, @ElectrumWallet for pushing multisig forward. /30
P.S. We need to clean up our code base, but we will open-source Nunchuk's core engine (the app minus the thin UI layer) in a few days. Stay tuned. 31/
• • •
Missing some Tweet in this thread? You can try to
force a refresh
