How-to: Use Monero with Multisig

From Whonix
Jump to navigation Jump to search
Monero
Monero Logo

Introduction[edit]

Multisig feature is only available via a command line wallet. You should be familiar with the CLI wallet before playing with multisig.

Credits: based on Multisignature instructionsarchive.org by monerodocs.orgarchive.org and How to Use Monero Multisignature Wallets (2/2 & 2/3)archive.org by monero.stackexchange.comarchive.org user jollymortarchive.org.

The following addresses and seed phrases on this wiki page are functional. Do NOT use them. Do NOT send funds there.

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

Warning[edit]

Quotearchive.org XMR2020archive.org, /r/Monero moderator:

Without a commercial solution, doing it safely on your own would require being an experienced monero dev. Would not be sane. Monero multisig in general carries a high risk of foot gunning yourself for regular users.

Setup[edit]

Note: In monero-wallet-ws-1.

monero-wallet-cli --offline

Monero Wallet CLI will show:

This is the command line monero wallet. It needs to connect to a monero
daemon to work correctly.
WARNING: Do not reuse your Monero keys on another fork, UNLESS this fork has key reuse mitigations built in. Doing so will harm your privacy.

Monero 'Oxygen Orion' (v0.17.2.3-release)
Logging to monero-wallet-cli.log
Specify wallet file name (e.g., MyWallet). If the wallet doesn't exist, it will be created.
Wallet file name (or Ctrl-C to quit):

Enter the name of the wallet, for example: wallet1

Monero Wallet CLI will ask:

No wallet found with that name. Confirm creation of new wallet named: wallet1
  (Y/Yes/N/No):

Type Y and press enter.

Monero Wallet CLI will ask:

Generating new wallet...
Enter a new password for the wallet:
Confirm password:

Enter a password or leave it empty. Arguably how useful it is when using Full Disk Encryption on the host operating system. Re-enter password to confirm.

Monero Wallet CLI will ask:

List of available languages for your wallet's seed:
If your display freezes, exit blind with ^C, then run again with --use-english-language-names
0 : Deutsch
1 : English
2 : Español
3 : Français
4 : Italiano
5 : Nederlands
6 : Português
7 : русский язык
8 : 日本語
9 : 简体中文 (中国)
10 : Esperanto
11 : Lojban
Enter the number corresponding to the language of your choice:

Enter 1 recommended. In the opinion of the author this is the most common language and least likely to suffer from potential restoration issues in a few decades. Optional: choose a language of your choice.

Monero Wallet CLI will show:

Generated new wallet: 496qfvthZzy99adqviEhoDdFivmwcDH3vBZvPRSX8V6VScBTkR2VuMdb8xEgeMjyPqCigRfBK4cfrEXiX6YEdkF55rWD2Rq
View key: 89298e00f35bd89928b23d8a199bcfb49c61d63e242ffe0ca6b235cc0ddb8706
**********************************************************************
Your wallet has been generated!
To start synchronizing with the daemon, use the "refresh" command.
Use the "help" command to see a simplified list of available commands.
Use "help all" command to see the list of all available commands.
Use "help <command>" to see a command's documentation.
Always use the "exit" command when closing monero-wallet-cli to save
your current session's state. Otherwise, you might need to synchronize
your wallet again (your wallet keys are NOT at risk in any case).


NOTE: the following 25 words can be used to recover access to your wallet. Write them down and store them somewhere safe and secure. Please do not store them in your email or on file storage services outside of your immediate control.

launching okay honked putty zoom zoom people grunt
ajar cylinder sake gypsy comb dexterity ethics square
sincerely fictional glide equip fierce january journal kisses zoom
**********************************************************************
The daemon is not set up to background mine.
With background mining enabled, the daemon will mine when idle and not on battery.
Enabling this supports the network you are using, and makes you eligible for receiving new monero
Do you want to do it now? (Y/Yes/N/No): :

Backup the 25 words seed phrase as Monero Wallet CLI requested above.

Press n to disable mining.

Monero Wallet CLI will show:

Background mining not enabled. Set setup-background-mining to 1 to change.
If you are new to Monero, type "welcome" for a brief overview.
Error: wallet failed to connect to daemon: http://localhost:18081. Daemon either is not started or wrong port was passed. Please make sure daemon is running or change the daemon address using the 'set_daemon' command.
Background refresh thread started
[wallet 496qfv (no daemon)]:

[wallet 496qfv (no daemon)]: represents the Monero Wallet CLI command prompt.

Optional. Disable Monero Wallet CLI timeout. [1] Run the following command.

set inactivity-lock-timeout 0

x. prepare_multisig

Every participant independently generates initialization data. This is not an address.

Every participant sends his initialization data manually to all other participants over secure channel.

prepare_multisig by running the following command.

prepare_multisig

Monero Wallet CLI will show something similar to:

MultisigV1E3JYRrTjFnbJpfGZdmcwX8YRbQzjGCF9YXzrKwnjoX72E39odmpQPVhMNjmdaxD5bZTvVEcwQyBoyUE5PyTvL56vRNspFfoPYRYd1JqMhofhcDfeHz7Dokw81ej3vsdy7ekdKFUoGP1KbzjY69cV4aoXSJLD3Dzb1kQeeRLLR8QfsmCD
Send this multisig info to all other participants, then use make_multisig <threshold> <info1> [<info2>...] with others' multisig info
This includes the PRIVATE view key, so needs to be disclosed only to that multisig wallet's participants

Note: In monero-wallet-ws-2.

The steps for monero-wallet-ws-2 are similar to the steps for above monero-wallet-ws-1.

  • Wallet name: wallet2
  • Also backup the 25 words seed phrase which will be different.
Generated new wallet: 48Xy1mAiMjYPVikauazPPwExzaNdMwCuHXX5Dd7KGCwcCSqAbQtNdy1YBYw7K8NVcMaDHfsuBrJVSe2W8VuNNGFqRDQFV72
View key: afc72bea71f59402e1967a3d080694ac9f175bcf7a24f073b6b6d909a2e1b80d

NOTE: the following 25 words can be used to recover access to your wallet. Write them down and store them somewhere safe and secure. Please do not store them in your email or on file storage services outside of your immediate control.

innocent berries because romance tuition fuming number react
inroads buying bids bite koala unsafe myth pawnshop
aplomb snout usual dying ornament petals artistic banjo aplomb

prepare_multisig

MultisigV1AzBrfK5HC5VAnqxaUxw99P2tEqgVmbKjs5KSt16WxVPSQUR2UaH8VfPdX7FG16ahWwJWcvr8dpb38JWvMQ2269tz8sTfmJ5H3EYENxdSzQkh68U5CDfgAZ2LPN4TG1djwuHCd7FxdSkWhP3DAaqZGReRN3PQGwcpezj6hcMJgSgHJQP8
Send this multisig info to all other participants, then use make_multisig <threshold> <info1> [<info2>...] with others' multisig info
This includes the PRIVATE view key, so needs to be disclosed only to that multisig wallet's participants

Note: In monero-wallet-ws-1.

Run the following command:

Note: Replace MultisigV1...replace-with-MultisigV1-from-monero-wallet-ws-2 with the actual MultisigV1 from monero-wallet-ws-2.

make_multisig 2 MultisigV1...replace-with-MultisigV1-from-monero-wallet-ws-2

Example command.

Note: Do not use!

make_multisig 2 MultisigV1AzBrfK5HC5VAnqxaUxw99P2tEqgVmbKjs5KSt16WxVPSQUR2UaH8VfPdX7FG16ahWwJWcvr8dpb38JWvMQ2269tz8sTfmJ5H3EYENxdSzQkh68U5CDfgAZ2LPN4TG1djwuHCd7FxdSkWhP3DAaqZGReRN3PQGwcpezj6hcMJgSgHJQP8

Example printout.

Note: Do not use this multisig address!

2/2 multisig address: 47MUEkfUt16EeANKFtpkAqBJfXtW2c6kFCRv7bRjvi2CV7HmKbYYL748BLjwgikHBbK17rKexSVmxE3x8aqvhT7H4pts3F8

Note: In monero-wallet-ws-2.

Run the following command:

Note: Replace MultisigV1...replace-with-MultisigV1-from-monero-wallet-ws-1 with the actual MultisigV1 from monero-wallet-ws-1.

make_multisig 2 MultisigV1...replace-with-MultisigV1-from-monero-wallet-ws-1

Example command.

Note: Do not use!

make_multisig 2 MultisigV1E3JYRrTjFnbJpfGZdmcwX8YRbQzjGCF9YXzrKwnjoX72E39odmpQPVhMNjmdaxD5bZTvVEcwQyBoyUE5PyTvL56vRNspFfoPYRYd1JqMhofhcDfeHz7Dokw81ej3vsdy7ekdKFUoGP1KbzjY69cV4aoXSJLD3Dzb1kQeeRLLR8QfsmCD

Example printout.

Note: Do not use this multisig address!

2/2 multisig address: 47MUEkfUt16EeANKFtpkAqBJfXtW2c6kFCRv7bRjvi2CV7HmKbYYL748BLjwgikHBbK17rKexSVmxE3x8aqvhT7H4pts3F8

Note: In monero-wallet-ws-1.

finalize_multisig seems not required for this 2/2 multisig.

Error: This wallet is already finalized

Offline Signing Considerations[edit]

Transactions cannot be spent while being offline. All signatories's Monero Wallet CLI need to have seen the transactions they are intending to spend and run the export_multisig_info command to "sync" the wallets. Source: https://www.reddit.com/r/Monero/comments/o1ervn/rpc_transfer_method_returns_no_transaction_created/archive.org

to do a sync with empty wallets, i.e. before the arrival of the first funding transactions, does not do anything useful, because there are no outputs yet with the need of exchanging any info :)

Hardware Wallet Considerations[edit]

Can Monero Multisig be combined with Hardware Wallets? Would that be sane? Or would it be considered that so few people are doing it that it would actually be more risky to lock oneself out form one's coins?

Asked on Can Monero Multisig be combined with Hardware Wallets?archive.org, answer by XMR2020archive.org, /r/Monero moderator (underline added):

It's possible, infact, Casa a bitcoin multisig self custodial service was working on an implementation in 2019.

https://medium.com/casa/a-monero-multisig-users-guide-b313cf92a2b1archive.org

They pivoted to bitcoin only and abandoned the project.

Without a commercial solution, doing it safely on your own would require being an experienced monero dev.

Would not be sane. Monero multisig in general carries a high risk of foot gunning yourself for regular users.

Quote A Monero Multisig User’s Guide (archived incomplete version)archive.org [2]

Disclaimer: There was a bugarchive.org in the M/N multisig implementation that sometimes prevents spending from M/N wallets. It was fixed after the latest release version of Monero (v0.13.0.4), so be sure to test your wallet workflow before storing significant funds with it. The process in this guide works reliably on the Monero master development branch.

TODO[edit]

  • Restoration.
  • Receiving.
  • Spending.

See Also[edit]

Donations[edit]

After installing the Monero with multisig, please consider making a donation to Monero and Whonix project (Donate) to help keep it running for many years to come.

Monero accepted here Donate Monero (XMR) to Whonix.

84ZZSsqyh5niztCgxmWAejDLu9eDerWo4Wsx8woEhDGpdKP3BWPtqenNjKuv8vojrB968U3hqYTKgLGt2zEcGopX1qaEPew

Footnotes[edit]

  1. https://monero.stackexchange.com/questions/11737/how-can-i-slow-down-or-disable-cli-wallets-automatic-locking-due-to-inactivityarchive.org
  2. Incomplete:

    We’ve moved our blog! To keep reading this article, visit the link below:

    That link is also down and no archived version available.

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!