Home < Stephan Livera Podcast < Bitcoin Multi-signature

Bitcoin Multi-signature

Speakers: Craig Raw

Date: February 27, 2023

Transcript By: Stephan Livera

Media: https://stephanlivera.com/download-episode/6034/462.mp3

podcast: https://stephanlivera.com/episode/462/

Stephan – 00:02:53 Craig, welcome back to the show.

Craig :

Great, Stephan, it’s really good to be back.

Stephan :

Yeah, there’s been so many updates going on with Sparrow Wallet and I thought it’d be great to have you back to chat about the space. Whether it’s multisignature or privacy or import and export of transactions, I think there’s lots of things to add. So, yeah, I’m just curious, as you look at the space now, what are some of the big things on your mind, just kind of more broadly?

Craig :

Well, I think the last month has been pretty much consumed, certainly, from my point of view, with all of the sort of ordinal stuff particularly, I don’t think it’s a massive really impact on Bitcoin itself, to be honest, apart from the fee rate being a little bit higher. But for myself personally, sparrow has been recommended as the sort of go to wallet for many of the Ordinals users. So it certainly changed my world a little bit. But that said, it is what it is and yeah, we go on.

Stephan :

Yeah, right. And as I understand that’s because probably because firstly, sparrow is easy to use, but also I think it might be the ease of being able to freeze a particular UTXO which is useful for the Ordinals people where if they’ve got a rare satoshi or an inscription tied to a particular sat, I presume. From their point of view, that’s why Sparrow is being recommended for them.

Craig :

Yeah, I think that that’s definitely part of it. I think also just the ease of being able to create a Taproot wallet is, I think, a big part of it that’s the required wallet to be able to use it. So I think that it was just sort of an ease of use thing and became an early recommendation for that reason.

Stephan :

Yeah, I see. Well, I mean, it’s a cool thing for you, obviously, seeing your product be used by more and more people. I guess it’s kind of like if you look at Joe Rogan or things like people, they might have multiple audiences, right? Like, he might have the people who follow him for comedy, then people who are into MMA and all the other stuff, or general. So maybe for yourself, it’s like Sparrow is there for people who are, let’s say, MultiSig people, and then you’ve got the Privacy people who want to use the CoinJoin feature, and now you’ve got the Ordinals Inscription people.

Craig :

Yeah, I think that I certainly have no issue with people using Sparrow for these different use cases. I will say that Ordinals is not particularly my interest in the world, and I don’t intend to be building Sparrow along those lines. And I’m seeing a number of other new wallets coming to the fore now who are going to try and cater towards that. And that’s great. People should build stuff and they should use the stuff that caters towards the particular use case that they’re trying to address. But Sparrow remains very much focused on financial self sovereignty. It remains focused on making it easy to self-custody your funds and keep your funds private as you spend. So that’s going to remain what Sparrow does. And if people want to use it for other things, that’s great as well.

Stephan :

Excellent. And so I think the other cool thing with Sparrow is that you can really start basic and then work your way up. Right. And I think that’s a really interesting and important thing for people out there when you’re getting started. I think it can be very overwhelming. And I’ve seen this even with listeners or followers who DM me at times, and I’m sort of coaching them through saying, okay, take this step now, take this step, and I think that’s a useful thing. So I’m curious how you’re seeing that journey for a new Bitcoin or let’s say, the person who is just learning about self-custody. Can you talk through a little bit of maybe any insights you’re seeing in users of Sparrow who are going on that journey?

Craig :

Sure. So it’s actually quite interesting having the Ordinals users come in because they rarely don’t read anything at all. It looks like they’ve literally spent five minutes on the entire thing and then committed money to it, which is quite a remarkable thing, actually. It’s quite different from your average bitcoin user who generally spends quite a bit more time thinking about things before they kind of make the first plunge, even with much less funds at stake. So I think that that’s been quite an interesting thing. But certainly it’s been okay to see how Sparrow has handled that. It hasn’t always been straight, straightforward. I mean, there’s a little toggle at the bottom of the Sparrow status bar where you can connect and disconnect from whatever server you are configured for. And there’s a three-screen dialogue when you first install it, which kind of explains what this thing does. And that is not even being read or seen by some. So, I mean, there is sort of a level to which you actually can’t really improve things. You can only guide people to a certain extent and then you need to rely on them kind of reading some degree of documentation or the help presented by the application. So I think from that point of view, the sort of most basic point of view, I’m reasonably happy where things are from the more advanced point of view. A lot of the last year has been spent building out the more advanced used cases, and that continues to be the case. Just trying to make sure that people trying to do various, I would say less common, but nevertheless valid used cases are catered for just trying to fill in all the sort of gaps. One of them, the most recent ones that I’ve actually been working on this week, is being able to do remote MultiSig setups. So when you’re not in the same room, you can still set up a MultiSig and there are formats that cater towards that.

Stephan :

Yeah, so let’s talk a little bit about that. So I guess users who are just getting started, you might start with a single signature wallet. Maybe you just start with that with no passphrase and just basic, and then maybe some users are deciding, okay, I’m going to go single signature with a passphrase. And of course, I think the more advanced level is to get to multisignature. Now, I’m a big fan of multisignature. I use multisignature myself. And so there can be some practical difficulties or things you have to learn to deal with when you’re in a multisignature context. And as an example, that may mean you have some hardware device in a different location. And if you’re going to, let’s say, a vault and maybe you’re trying to do QR scanning, these are some of the practical difficulties, I guess. So can you talk to us a little bit about what that looks like if you’re doing a Sparrow MultiSig and you’ve got keys in different locations?

Craig – 00:09:36:

Yeah, sure. So I mean, look, that’s generally not too hard. I think you might need to if it’s a QR code, you’ll obviously need to take a laptop in Sparrows case to be able to scan from that device in terms of some of the other ways you can do it. For instance, if you have a Coldcard and using it in air gap fashion, you can walk in without anything really just a sort of SD card.

Stephan :

The micro SD card. Yeah.

Craig :

Correct. Yeah. And then just sign with that. So there are a few different options and I think it’s quite interesting to be able to consider which ones might be better. But I mean, they’re not really impactful, I don’t think if you have a safe custody location, walking in with your laptop is necessarily a difficult thing to do. I think that the most key thing around MultiSig and this is nothing new, is that apart from the backups of the seeds of all the individual devices, or at least a quorum of them. So two of the three, if you’re in a two or three, you also need a description of the wallet. You need to have all of the public keys. And this is because you need to be able to recreate the spending script whenever you want to spend, and that contains the public keys to that address. And that means basically, that you need to do this in one of two ways, either create backups of your wallet file, so in this case, your Sparrow wallet file, or you need to have the output descriptor, which is something that Sparrow now presents to the user when they first create their MultiSig wallet. So there’s a dialogue that pops up and it shows you the sort of long string. And then the idea is you can either print this out as a PDF, you can write it down, whatever means you feel is most secure and caters towards whatever you need. And then if you need to restore your wallet, you can basically just plug that in and your entire wallet will then pop up. All of the funds will then come and so long as you still have a quorum of the devices you’ll be able to sign and send.

Stephan :

Right, and so, yeah, as you mentioned, this output descriptor this wallet back up. It’s a crucial step and it’s important to have multiple copies of that. Of course, there is a privacy consideration with where and how you save that. For example, if you’re keeping it in the cloud, you might want to encrypt that first if you are having it, maybe on some USB sticks along with your devices, maybe you want to be careful which places you keep that because obviously there’s a privacy ramification. But it’s also important from a redundancy point of view to have it so that you don’t lose access to your coins. Of course. So what are some of the, I guess, other practical aspects of offline signing in a MultiSig context? I know, for example, QR signing can be a little difficult depending on the Lightning in the room, the devices that we are using. Are you seeing any innovation or developments on that front?

Craig :

Yeah, I think the most interesting one recently in terms of the QR stuff is the launch of the new well, the upcoming launch, I should say, of the new Coinkite.

Stephan :

The Q one.

Craig :

Yeah, the Q one, yes, which I think is going to be interesting. I’m still uncertain exactly what format that’s going to use. Most devices in the industry now use a format called Ur, which is sort of a compact format that we use to send data back and forth. So we’ll just have to see how that goes. In terms of devices being able to scan. Yes, there are definitely times where it is easier. I’ve heard one trick is actually to hold up a sheet of white paper behind the device. I don’t know how much mileage you might get out of that, but that is certainly something that I’ve held. The reality is that some devices, and here I will mention the Jade are just their screens are just very small and it’s always going to be difficult for a laptop camera, which is usually not as proficient as a phone camera, to be able to scan such a small screen. So there are some devices which are better than others and devices like the passport have really been designed for it. That’s their kind of primary means. So with those kind of devout devices, particularly if you’re using the sort of newer version two, it’s much, much better. So it really, I think, depends to some extent on the device that you use. The seed signer also generally tends to be pretty good. You don’t really have any issues there.

Stephan :

Yeah, I see. And as I understand, there’s also some development and discussion around changing the density of that QR code. So I presume that instead means if you have it as a lower density QR, it just needs to do more different QRs in a GIF format or something similar to that. So that’s also something we’ve seen as well, right?

Craig :

Yeah, I mean that’s right. It’s basically the way that these animated QRs work is that you have this sequence of QRs and you can pick up a stream of them and then the application can then figure out from that stream all of the information that it needs. And if you decrease the density, you’re going to have a longer stream. In other words, you’re going to have to scan for more time, but you will need less resolution in the actual scan in every image that you scan, because the actual blocks in the QR code will of course be bigger. So it’s sort of trading off the speed of being able to scan versus really the ability to recognize the QR codes.

Stephan :

And one other thing I’ve seen is general ongoing debates in the community, online discussion, people saying, oh no, don’t push people into MultiSig, it’s too complicated. A lot of people are going to shoot themselves in the foot, just do a single signature wallet with a passphrase. And then there are others who are in the more Pro MultiSig camp where they’re saying, no, actually it’s a big improvement in your security. It’s worth it. You just have to remember, okay, keep it simple, don’t do anything too complex. I’m curious if you have any view on that. Do you see that as MultiSig is a real necessity above a certain value, a certain number of coins? Or how would you advise somebody whether they are deciding on just single signature with a passphrase versus actually take the time, learn to do MultiSig?

Craig :

Sure. So I think that first of all, let me talk about the passphrase. I think the passphrase I would still consider an advanced feature. The reason I say that is because the passphrase is something you bring. So looking at the security paradigm of something that I own plus something that I bring is generally a good way of seeing things. And the past phrase, of course, is something that as human beings, we need to recall and enter in. Now we may have made a record of it, but really, if you’ve just written it down underneath your seed words, you haven’t really achieved anything because your seed words are already enough to create a seed with enough entropy in it. So it’s really something that you at least meant to store in a different place if you do store it, but otherwise you need to really recall it in your head. And of course, as human beings we have a tendency to forget, get things or enter them in wrong. And that’s really the reason behind a recent Sparrow feature which essentially displays not only the master fingerprint but also a little image which is unique to that. And that kind of allows you, as you type your passphrase in, to be able to see and kind of match up in your mind both from a fingerprint recognition but also from a visual cue, whether I’ve entered the right passphrase. Because again, if you forget whatever pass phrase it is, you have lost access to those funds. And I think that that’s a very real thing that a lot of the people who use and recommend the passphrase that to many beginners seems like a very different paradigm from the normal one, where you enter in a password. And if you get it wrong, you get told that you entered it wrong. Whereas with a passphrase you enter it in and whatever passphrase you enter creates a valid wallet. And I think that that’s a big difference that a lot of people don’t fully understand.

Stephan :

Right. It can be confusing.

Craig :

Correct. Yeah, that’s the way that the standard is designed and that’s the way that it works. So we’re all following it. But I think a lot of people don’t fully understand it and how that impacts them. For example, they will create a wallet into their passphrase, have a typo in it and then send funds to that and then close the wallet. And then when they get back, they don’t obviously reenter the typo, but then those funds that they sent are gone and that’s a common thing that you might see. And that’s really what this kind of life hash, this little visual cue is helpful for. So you should be checking that every single time and saying, yes, that was a little sort of yellow with some gray lines, lines on it. That looks like the one that I have. So that’s I think just talking a little bit about passphrases, getting to the MultiSig thing, I would say you’ll do multisig when you feel you need it. And there’s no feeling like the security in my mind of knowing you have a MultiSig setup. You’ve got multiple devices in different areas and you can deal with the fact that one or more of them can be lost, can be completely destroyed and you can still have access to your funds. So when do you get to that point? I think it’s when you are worried about it, when you are lying awake at night thinking, you know, I need to do better. The value of this to me, whatever the amount is the value of this to me is high enough that my Coldcard sitting in the sort of cupboard or the safe, plus the passphrase in my head just doesn’t feel like a secure enough answer for me. I need something a little bit better. And that for me is when the sort of MultiSig comes in. And it is, I think, easier. There are people out there who will say it’s hard and I think that if you don’t do the correct backups, then you are getting yourself into trouble. But I think that so long as you have backups of the seed words for each device, plus you have a backup, as we were saying, of the output Doctor or the Sparrow wallet file in different locations and you have obviously a good password on that file, then I think that it’s actually a relatively easy thing. And certainly it’s not like there are hidden pitfalls beyond what we are talking about here, that I can say. Those are the kind of key things to get right. And if you have that right, I think you’re in a very good place because it allows you to be relatively flexible with where you store things and how you manage the entire set up. I think it’s a good step forward.

Stephan :

Yeah, and I think there’s a few things I want to dig into here. But I think one point that is worthwhile pointing out is that multisignature with different devices, device types, also helps you versus what’s known as the chosen nonce attack. Whereas many devices in a single signature context, even with a passphrase, are not safe, not necessarily safe against the chosen nonce attack. Now, I think it gets a bit complicated here because there are some devices so, for example, off the top of my head, I believe BitBox02 and the Blockstream Jade have this Anti-Exfil or Anti-Klepto protocol which is there to help you against that. But there are all kinds of trade-offs with that too, because those devices, you get the Anti-Exfil when you are using USB. You don’t get that when you’re using QR code. So I think that’s another reason to think about multisignature as opposed to just single signature and a passphrase. Because it’s possible that without knowing, I mean, it’s kind of theoretical risk, but it could be a thing if the value of Bitcoin got big enough and you were unknowingly purchasing a wallet that had been compromised by maybe somebody in the factory where those wallets are made or those devices are made as an example. Whereas if you have multisignature with multiple device types, now, you’re just so much more protected against that. Right, so I think that’s an interesting point that people have to just consider that passphrases can help you against some types of attacks, but they don’t help you against everything that MultiSig can help you against.

Craig :

Yeah, I think that the chosen nonce attack, the best way that I would protect myself against that is upgrade your firmware to the most recent version when you have your new device. That way you can kind of do at least some degree of it’s not sort of a perfect answer, but I think it does certainly ensure that at least you’re doing that degree of check. Because when you upgrade the firmware, the device should have to check it. And while that check, you still to some extent trusting the device to do it. You at least can also check and you can check, yes, the download that I have made matches the fingerprint on the site. So that I think is a good sort of approach in terms of all of the devices. Now they should be creating the same signatures as Bitcoin Core or Sparrow. So there’s a sort of RFC which details how you choose the nonce, the specific approach, and everyone should be following that approach. And if you follow that approach, then the actual signature bytes are the same. And I’ve kind of gone through a process with many of the vend vendors to make sure that they are actually doing this. So we have signatures which are not only looking the same, but also of the smallest size, which is obviously important if we want to keep our fees low. So there is, as I say, a sort of approach which allows us to then choose the nonce. And if it ends up with a larger signature size, because a nonce is just a random thing, then you can then go on and choose the next nonce. Right. And then that allows you to then see, okay, the signature that I now get out is smaller than the one that I got before and therefore I’m going to use that one. So that is called grinding for low R. It’s kind of a technical thing. But the upshot of all of this is that if all of these devices are literally creating the same bytes, then obviously we can say that unless everything is compromised, we can be reasonably sure that we are not leaking additional information in that package.

Stephan :

One other area that I think would be great if you could help clear up, I commonly run into this and I often explain this for people, but it would be great to hear you explain it for people as well. So if you could explain the difference between these concepts. Right, so I’m just going to list them out. So we have your seed. You can think of it like your twelve or 24 words are a representation of that. You have the passphrase, you might have a pin on the device and then fourthly, you might have a Sparrow password. So could you just help explain the difference between those four concepts just for listeners who are a little bit newer or using this opportunity to learn?

Craig :

Sure. So I think one can think of the Sparrow Wallet password and the pin on the device as very much the same kind of kind of thing. They control access to the device or to your Sparrow Wallet. They are basically just a gatekeeper in front of things which allow you, they don’t change in any way what’s going on inside the wallet or inside the device, they just allow you to access it at all. Otherwise you something you can’t get in. Then in terms of the past phrase that’s actually like an additional word added on to the end of your seed words and that changes your entire seed. So that’s why when we were saying earlier, it creates a completely different and valid wallet. The effect of the passphrase is really to be able to add this additional thing which creates a wallet that only you kind of know about. And the big advantage of that is that you are then able to ensure that even should your Sparrow wallet password be found or indeed your device pin that passphrase, given the fact that it’s a different thing. Somebody would have to enter in a passphrase and then go and check the blockchain to see whether there are any funds for that particular wallet that they have now created. And if they don’t, then they’re going to have to go and try the next one. And that’s a very much slower process than trying to guess, for example, your Sparrow Wallet password. Now even that is slow because Sparrow uses a relatively slow key derivation algorithm by choice in order to make it more difficult to attack. But the passphrase thing is you’re going to a blockchain which is a very large database and you’re trying to look things up and you can imagine that’s never going to be very quick. So we’re just trying to put things in which not only hide the wallet, but also make it much more difficult to brute force.

Stephan :

Back to the show in a moment. When it comes to securing your Bitcoin, think about the hardware you use. Coinkite.com makes some awesome Bitcoin hardware and accessories for your Bitcoin, most notably the Coldcard Mk4. This is an extremely versatile and reliable device. You can use it to spin up your Bitcoin wallet totally offline. All you have to do is plug it into the wall or use the COLDPOWER and you can charge your device in that way. And you can use a micro SD card to move things back and forth between your computer or otherwise. You can also use it with NFC. You can use it in various configurations, whether that’s single signature or multisignature. So to get your Coldcard and your associated gear, go to Coinkite.com and get a discount on your Coldcard with the code livera. Build on L2 is a community for builders by block stream. This is a community led effort with contributors and companies who are building on Core Lightning and the Liquid Network. So it’s an interactive community. Whether you are a builder, a product manager, designer and engineer, or just simply an interested onlooker, you can join. There are mentorship programs to fast track your success. There’s a community space where you can ask questions and discuss with other bitcoiners and build the future of Bitcoin Layer Two. Go and sign up. You can get access on the platform over at buildonl2.com and finally unchained.com. Unchained Capital can help you by improving your security to multisignature. Unchained Capital is secure, transparent, easy to use and sovereign. In most set ups, you have two keys which you keep in different locations and they hold a third key. They can walk you through the process of setting it up or you can go and set it up yourself on the website. If you pay upfront for the concierge onboarding program, they’ll ship you some hardware, they’ll teach you how to use it and you can then increase that security and give yourself that additional peace of mind by removing single points of failure. Unchained are also thinking about that inheritance scenario. So you can give your executor one key from a two or three vault. There are step by step checklists, there are letters for the executor or trustee and other tools available. So go to unchained.com/concierge use code livera for a discount there. And now back to the show. I see. Yeah. And I think it’s an important thing just for people to understand the difference, to understand those four concepts. Because if you misapply that, you can get things wrong and if you confuse things. So for example, if a listener is out there, maybe they’re a little bit newer and they confuse the passphrase with say, the Sparrow application level password. They’re totally different things and it will show you literally a different wallet and a different addresses. And of course, this is partly what the LifeHash, which is the new feature you mentioned, that’s helping, I guess that’s there to help them decide or determine, am I looking at the correct wallet? But it’s just useful to have a conceptual awareness of these concepts so that way we can be more secure and make the right choices when we are deciding how to secure our coins and all of this. Right?

Craig :

Yeah, agreed. I think adding that LifeHash thing was for me just trying to avoid the support requests that come in when people have had a typo or, you know, that’s I think the key key thing. So I’m going to keep on trying to work at that. Hopefully we’ll eventually get get to a point where people are thinking about the passphrase that they enter rather than just going for it.

Stephan:

Yeah. And let’s chat a little bit about NFC support. I know this is something that is available in the tap signer, it’s available in the MK four, some other devices that are out there. I know this is something you have also added support relatively recently as well. What’s that been like and are people using it a lot or not really?

Craig :

I was really unsure of how much use it would get and I’ve only had a few weeks now to judge it. But it’s certainly being used, I’m certainly getting queries and people are talking about it. So I would say that it’s got more use in the last few weeks than I thought it would, which I think talks to the success of the product itself. And I think you kind of have to ask at the price point of buying a card reader, which is required in a desktop setting because generally your computer doesn’t have a card reader in it, plus the card itself for one card, you’re kind of already looking at what, for example, a Coldcard would cost. So you’ve got to ask why would you do it? And my answer to that is that there are setups, for example, MultiSig set of setups. But also I think one that’s interesting is say you have a few kids and you want to introduce them to the Bitcoin world and how to self-custody. Getting them all to buying them all. A Coldcard might be quite an expensive thing and there’s a lot of complexity in using it. But the tap signer is just a single card and put it on the read reader and enter in a short pin and then you have full use of it to import, to sign all of those kind of things. And for me that’s a nice way to be able to get people in. Just from my own point of view, it’s sort of quickly risen to be a common way that I will test things. If I’m testing, for example, a MultiSig what have you, I will generally tend to use that just because it’s so easy to use, you’re not trying to enter a pin and then get this thing to work or do some kind of an air gap thing. You just have a very easy system. So it’s kind of ease of use is high. And I would say that once you started buying more than one, the price point really does start to make more sense.

Stephan :

I see, yeah. And it could make sense, maybe in a business context. Like, let’s say a bunch of people have these tap signers and maybe it’s like a MultiSig. So it’s not just a single signature wallet, but maybe a few people. Like, let’s say five people get together and they have a three or five, and each of them has a tap signer or whatever. They’ve each got their own device. Maybe it makes sense from that context for the larger spending, let’s say. So it kind of remains to be seen what’s going to be the main use there. But certainly it is easy. Like it’s very quick to move that information back and forth with NFC rather than doing it all with Coldcard and these little SD cards in and out all the time, but still a useful feature. So let’s see what happens there. In terms of, I guess, MultiSig adoption, do you see that there’s much, I guess just broadly looking at the user experience for multisignature. I mean, I think most people can agree it’s a massive security improvement. It’s probably an improvement in redundancy, so long as you’ve done it correctly. Do you foresee more people using MultiSig? And in terms of the average, just bitcoiner like just an average guy who’s got a bitcoin stack, let’s say, over the years as the cycles go on, do you see that as mainstreaming and normalizing or do you see them sort of staying in single signature? Do you have any predictions?

Craig :

That’s a hard, hard one to predict. You know, I think that without wanting to get too deeply into it, because it’s an area which I still need to spend some time on myself, I think that if we see this Op vault or a similar proposal come in, then that might really affect things, because that provides a security model which I think would be very interesting to many. But I do think just zooming out, I do think that there is a general progression as more and more people become comfortable with how Bitcoin works, how self-custody works, how these different concepts like output, description, how they can be used. I think we are going to see MultiSig come to the fore. It’s really just about getting people used to the ideas of it. I think that just a few years ago we had a relatively difficult I remember trying to set up a MultiSig using Electrum wallet back in the days before I built the Sparrow and it was difficult, it wasn’t easy for me to do. So things have now changed a lot. We’ve got a lot more apps, we’ve got a lot easier import of being able to import the right way, the right kind of formats to get a MultiSig wallet going. And I think that the fears that you sometimes hear are generally maybe coming from that sort of earlier era where you had systems that were really just not well designed for it. For me, I can’t imagine how it could be much easier to set up a MultiSig wallet in the Sparrow right now. It’s really not a difficult thing to do and I would encourage anyone who thinks it is just to try it, just give it a go, create a bunch of seed phrases and try and sort of get it set up and see how it goes because it’s really not a difficult thing. I suspect we will see more of it as a result. So yes, I think MultiSig is coming.

Stephan :

Yeah. And I think OP_VAULT may change things a little bit and it could also be layered together, right? You could even have multisignature and maybe depending on how things go, it may be common to people for people to use OP_VAULTt in combination with multisignature. So then it just makes it even harder that let’s say you have your two or three or your three or five multisignature and you’ve got an OP_VAULT recovery pathway. So then if that becomes really mainstream and it’s known that any serious hoddler is using some combination of multisignature and or OP_VAULT, it might really reduce the overall amount of theft in a way. Right? Like as my friend Michael Flaxman has mentioned, that we might be able to make it clear that multisignature is such a common and easily used feature for anyone with a lot of coin that it actually helps prove out this whole idea of Bitcoin as this uncensorable or difficult to seize money. And to me that’s just a really cool idea. But of course it remains to be seen where OP_VAULT goes if it comes or not. But I think it’d be a cool thing to see. So that’s kind of how I’m seeing it. Do you have any other thoughts on OP_VAULT?

Craig :

Not hugely at this time, apart from the fact that I think it would be a very useful thing to add. I’m certainly not saying we should add it fast or rush it in. I think it requires a lot of due care. But I think that the idea is certainly good and that’s the general view that I have seen is that most people seem to regard the sort of idea behind it as good and there are, I think, some positive views on the way in which it’s been implemented to date. The other thing about MultiSig that I would like to just say is it is obviously, as you mentioned earlier, when you have multiple individuals involved, it is really useful for that, particularly in a business context. If a business wants to store funds, the immediate question is how do we do it? And MultiSig is the obvious answer because it allows multiple employees to then hold the keys and one of them can then run off and that kind of gives everyone a feeling of we’re doing the right thing. So as I was saying earlier, the next version of the Sparrow is going to have a standard in it. It’s called BSMS or BIP 129. And that is basically an import and export standard which allows people to share the different key stores, or shards if you will, in their MultiSig setup. The different signers can then exchange over whatever secure channels they use and then one of them can then take all of those different sonas, compile them into a MultiSig wallet and then share the MultiSig wallet as another file, also a BSMS file, and then everyone else can import that. So it kind of just gives you a mechanism to be able to conduct this remote MultiSig setup in an easy way.

Stephan :

Yeah, so just to be clear, today you could have the same Sparrow wallet database file, right? That .mv.db file. Let’s say you, me, and a third person, we could share that database file today and share let’s say we had a signal chat. Let’s say you, me, and this third person had a signal chat, and we could share our PSBTs through that, and one of us could just kind of do that coordination role and do it that way. But I presume BSMS would be an easier way to do that, maybe across wallets. Is that the goal here or what’s the goal?

Craig :

Yeah. So, I mean, it must be said that this first implementation, there’s a lot to BSMS, which rarely to get the full benefits, requires integration with the hardware devices themselves. Because the idea is that every single signer signs their own information before they send it out. And then when the information is all compiled and brought together, it includes the first address of the wallet. And then the idea is that that first addresses, then the device then goes and checks. Okay? A, I am the signer in the quorum, and B, the first address of this wallet matches the one that I think it should be. Now, unfortunately, we’re just not there today in terms of vendor support. It’s one of those difficult things where it requires a lot of people to kind of work in concert to deliver a UX experience. So this first implementation that I have been working on is really just the basics of being able to share the information back and forth. And for many people who don’t necessarily want to, you can’t, for example, at this point, save an invalid wallet file in Sparrow. Sparrow, it prevents you from doing that. So what you should do is then everyone then imports their own device in whatever that is, whether it’s a software wallet, hardware wallet, whatever it is, and then they export this BSMS file, they share it, and then everyone can import those. So it’s just a means at this early stage of being able to share that information out. Otherwise you’d have to send around X pubs and the sort of other details, which is less of a convenience. So I think it’s really just making it easier to do those remote MultiSig setups.

Stephan :

I see. Yeah. So I guess today it’s possible even now, but it just requires a little more technical competence and a little bit more manual jiggling with the system, let’s say, as opposed to the hypothetical BSMS future is, I guess, one way to explain that, right?

Craig :

Yeah. I think the idea here is to kind of solve the need of people who just want to set up a remote MultiSig now and kind of make that particular task easier. But in time, I hope that we’ll see vendor support as well, which will just allow all the kind of verification angles of it to come into play. So as with most of these things, it’s a road that we walk on and we gradually get to the end goal.

Stephan :

And so let’s also chat about your BIP 329. So this is related to the import and export of transactions. So can you tell us a little bit about that, how it came about and how that’s progressing?

Speaker B :

Sure. So what we have everyone kind of heard of the kind of common staff standards around seed words. For example, BIP 329 is what it’s called and that kind of defines how those seed words look and how they work. And that allows us to transfer our funds from almost any wallet on the market to a different wallet. And that’s a really useful thing. Being able to not be locked into a particular wallet is an immensely powerful thing that we all kind of enjoy. Now what we don’t have is the ability to transfer the labels in one wallet to a different one. That is until BIP 329 came about. So the idea here is that you don’t want to have application lock in for any data that sits within that particular wallet. And what BIP 329 is, it allows you to export all of the labels from your wallet and then for any supporting wallet, you can then import that file and then essentially all of your labels will then be brought across. So it’s a means to be able to do that. And as we know, labels are really important because we have this UTXO model, which means that all of your privacy is linked to whatever their UTXO came from. So being able to label it gives us a hint of, okay, well, I spent this before, it was a change output from a transaction there, so if I spend it to someone else, they’re going to be able to follow that back. And it just allows us to be more private when we can label things and understand what that trail looks like. So I think labels are important, labels should be used and we shouldn’t be locked in to any particular application and that’s really what the import and export of them is all about.

Stephan :

So yeah, that could be handy for people who need to just keep records as well, like of what did I do, what does this transaction relate to? And being able to easily move that across wallets or export it out into other applications, even just for assessment or accounting or other purposes. Also wanted to chat about the privacy aspect of it. I know there’s been a lot of discussion, it’s ongoing discussion about BIP47 pay nims or just this idea of having a payment channel, but it’s like an on chain payment. And so I think there are some debates online about whether that should be used or adopted. We are seeing, I saw recently there were some news about a new wallet called Stack Wallet, who has it? So Samourai Wallet has it. First, obviously Sparrow Wallet has it. There is some chatter about some other wallets adding it, but at the same time there are people critiquing the idea. So why is BIP47 important or good from your perspective, just for people to understand?

Craig :

Sure. So I think the key thing that it gives you is how can I, in a non-interactive way, receive payment from someone else? Right. And when I say non-interactive, I mean I’m not going to be talking to them, I don’t know who they are. They’re just going to send me funds and I don’t have to speak to them or do anything on my part. And there’s a number of ways that you can do that today. Number one, you can put a Bitcoin address out there in the world, still a very highly used approach it has. The huge downside is that the entire world can see exactly how much money I have got on that address. Right. That’s completely open. So that is a very big disadvantage to that. And if I want to spend those funds, everyone can see that as well. So that’s generally not the best route. The second kind of approach is to run something like BTCPay Server, which allows a new address to be sent. But of course that requires you to run a server. And for many people in the world, that is not an easy thing. You now have to set up a server somewhere, you have to keep it going, and then that server can then generate new addresses as required. So BIP47 is a different approach, if you can say, kind of a third approach which allows you to put up this thing called a payment code. It’s a really long series of letters and numbers and any BIP47 compatible wallet can take that payment code and can then construct an address which that payment code and only that payment code can see. And that’s a really powerful thing. It’s kind of allowing people to you could create a banner, a placard for example, with a payment code on it and anybody can run the world can send you money to that. And if that, that’s a powerful idea, I think, you know, it’s an idea that one can have this static address that anybody can send to and that sending is then private. That’s generally the, that’s I think the, the key kind of idea that BIP47 is trying to solve. Now we have a number of other competing approaches which have come about in the last sort of year or so. We’ve got silent payments and then another one called, I think it’s BIP351 private payments. And that one, both of those are doing the same thing as what BIP47 is. They try to improve on it in certain ways, which we can get into. But I think BIP 47, ultimately for me is still the key one because it has this ability to be used and integrated with all wallets, whereas some of the others require full nodes, which is not something again, if you can run a full node, maybe you can run a server anyway, in which case you might as well be using BTCPay Servers. So for me, I haven’t seen anything that rivals 47 and it’s not a perfect spec. I would say that it has downsides for sure, but I think that the utility that it has is really unmatched. Being able to run a Lights Wallet client and receive funds from a static address anywhere in the world, I think is quite a unique feature.

Stephan :

Right, and so, as you were saying, I think that’s probably the key point that BIP47 solves for, that some of the other approaches may not. And so in practice I think it’s more likely that BIP47 is going to stay, at least for the users who are focused on on-chain. Perhaps in the future, if more commerce shifts to Lightning, then maybe some of it moves to things like Lightning Address or maybe in the future Bolt12, LNURL, these kinds of approaches. But yeah, it seems to me like BIP47 is going to be the useful approach, especially in the case where you need to regularly pay the same person again and again. So especially in the context of an employer relationship or even mining pools, I believe Lincoin has this feature as a mining pool, which is pretty cool. So maybe over time we sort of see a shift towards the Bolt 12 or Lightning Address style because maybe that’s more scalable and usable for these smaller transactions. But I think the BIP47, it seems to me like it’s here to stay, at least in certain niches. I think maybe the criticisms I could understand against BIP47 is, one, there’s not a lot of wallets who support it, right? And I think that’s fair. And secondarily is the aspect of needing a notification transaction on chain for every individual that you want to set up this BIP47, let’s call it a BIP47 channel or have that transaction notification. So I think that’s the other aspect where I could understand if you want to take donations, it’s a lot more friction if you need somebody to be able to do that on chain notification and then take donations, certainly it makes sense for large donations that people would do that. But I think in the context of, let’s say I need to just put this QR up and just take quick donations, I think maybe BOLT 12 or Lightning Address style approaches are faster in that way, but certainly they come with their own trade-offs too. Right, yeah.

Craig :

I mean, the big downside is that of course Lightning requires you to be online, right? You need a node. And either if you’re going to run your own node, which you should, of course, because we’re all trying to be as non custodial as we can, then that node needs to be online, stay online. In which case you’re very much in the same situation as BTCPay Server, which I’ve got no issue with. But it is a more difficult thing for many people in this world. I would actually say that, I do note that some people have an issue with sending this notification transaction. The cost of it is actually really small. It’s like the minimum amount that you need to spend, like 500 and something sats. So I mean, from a cost point of view, it’s really minimal. I would say that the more impactful thing is the fact that you have to be a little bit aware of the UTXO that you use to send it. And Sparrow does some work to try and make sure that it doesn’t respend UTXOs or deep the change from notification transactions unless it needs to. So I think that that’s more of a concern than spending what is really a tiny amount of money. The other, I think downside is that you need to use a hot wallet. And for many people that isn’t ideal. That said, I will say that there are many, many hot wallets in this world and we hear remarkably few cases where those hot wallets are being compromised. I’m sure it does happen, but the reality is most of the time you hear about people forgetting their passphrase, not about the fact that somehow their hot wallet was hacked. So I think that those two are downsides, but they’re not massive in my view, and certainly not a reason that people shouldn’t be trying to implement BIP47 and trying to use it.

Stephan :

Yeah, and I think one other aspect that if we want to see more Bitcoin use, and I think most of us agree with that, we want to see more people using Bitcoin and adopting Bitcoin. One thing that would be really useful there is having a feature, something like a contact list in our applications. And I think maybe that’s been one difficulty so far. I know some people have tried it, there have been attempts at this, but it hasn’t seemed to stick really, other than, let’s say in Samourai wallet or perhaps in Sparrow wallet, if you have a few Pay NIMS that you have already set up with, or BIP47 codes that you’ve set up with. And I’m curious your thoughts there, how important or relevant is this notion of a contact list in our Bitcoin wallet?

Craig :

Yeah, I mean, I do think that it certainly makes things easier and I think that that’s the reason why Pay NIMS have seen such adoption really. It is unusual for Bitcoiners to use a centralized kind of service and I don’t think that it’s going to stay that way. I think it is due to change and become a more decentralized thing. But Oay NIMS certainly indicate to us how it’s so much easier just to remember someone’s NIM and then be able to enter that in. So it’s useful. But again, we want to be cautious here because we don’t want to get tied to something which connects too many connections to a service that we might not be able to control. So I think some pros and cons, but I can certainly see how if you want to send a donation to Sparrow Wallets, you can just enter that in as a sort of pain and it pops up, so it makes life so much easier.

Stephan :

Right. And so when it comes to just bitcoin more broadly, we’ve been talking a lot about security and a little bit about privacy as well. I’m curious if you have anything on your wish list or things that you would like to see kind of as a closing comment. Is there anything that if we could wave our magic wand or if you could see development go in a particular direction, what sorts of things would you like to see?

Craig :

Well, I guess my sort of perennial one is really sizer cross input signature aggregation. That one is just a particular approach to being able to have one signature for all of the inputs of a transaction. And the big advantage to that is not only that it makes transactions smaller and less, cost less, but I think the key one is that it changes the feed dynamics to favor transactions where you have multiple people coming in and that of course breaks the common input ownership heuristic. So for me, that is always going to be toppled my list and I’m going to be asking for it and wanting it until hopefully one day we see it. So if there was ever I do believe that there is some work ongoing on it, but I’m kind of unaware of how much and how far off it is. But that for me is always going to be very high on the list.

Stephan :

Yeah. And in fact, I know Jonas Nick and Tim Ruffing were doing some work on half aggregation, which is a related idea, I’ve got an episode on that. But in terms of the broader the full piece, I think that’s going to be some ways off. Of course, I would like to see that as well. I think it would be a big win for scalability and potentially for privacy also. So it’d be really cool if we see that. I’m hoping he’s hoping, right. I’m hoping, absolutely, yeah. All right, well, listeners, make sure you follow Craig, sparrowwallet.com is the place to go to get Sparrow Wallet. Follow him you can find his handle is Craig Raw in most places. And I’ve got the I’ll put the Nostrand Pub and a few other details in there. Craig, thanks for joining me and great job with everything you’re doing on Sparrow Wallet and Bitcoin development.

Craig :

Thank you, Steohant. It’s been great to be here again. Yeah, it’s looking forward to the next few months and seeing everyone. Hopefully we’ll be able to get out to a few conferences this year. So, yeah, looking forward to seeing you.

Stephan :

Get the show notes over @stephanlivera.com/462. Thanks for listening, and I’ll see you in the Citadels.