Comments (13)
All right, thank you for explaining. I believe your described fix should be sufficient to restore previous functionality to Electrum.
from mcu.
Hi @JeffVandrewJr, please excuse the delay and the inconvenience. The patch is now ready to be signed and should be released tomorrow on Thursday or at the latest on Friday.
from mcu.
Here is the signed firmware that should solve your issue with multisig in Electrum: https://github.com/digitalbitbox/mcu/releases/tag/v6.0.4
Please contact us if you still have problems.
In case you can't update the firmware via the command line with our Python script, we will also release a new version of the desktop app with the new firmware this week. Once the app is out as well, I will close this issue.
from mcu.
Thanks a lot for reaching out. We are aware of the issue and are working on releasing a fix. Sincere apologies for the inconveniences caused in the meantime!
from mcu.
I would be interested to know why this limitation was introduced in the first place.
I can fully understand a limitation on the path to the change output, but not a limitation on the path to the input.
Somewhat unfortunately (in this context), Electrum allows (and has allowed) the user to choose basically any derivation path, so you cannot really just impose arbitrary restrictions now. :/
One thing you could do is to remove restrictions on input derivation path, and make the change path restriction "relative". E.g. change must be sent to either
- a path "similar" to the derivation path of at least one of the inputs
- a few known common paths (bip44/49/84/...)
from mcu.
Hi @SomberNight, I'm happy to answer your questions. We started to enforce restrictions on the change keypath because it is chosen by the desktop app and is thus in the control of the attacker if your computer is compromised. As it turned out, we were overly restrictive by enforcing five derivation levels (with the first three having to match the keypath of the inputs). We are currently working on making this more flexible by allowing an arbitrary number of derivation levels up to six and simply enforce that the keypath prefix of the change up to the depth minus two (i.e. without the change and address index levels) matches the keypath of the inputs (and that they all have the same number of levels). As far as we can judge, this should solve the multisig with Electrum problem.
from mcu.
enforce restrictions on the change keypath because it is chosen by the desktop app and is thus in the control of the attacker if your computer is compromised
Yes, that makes sense, I thought that was the case, that explains the restriction on the change output.
What I am not sure about is why there are restrictions on the derivation path to the input. What could a compromised host do? (I understand the change output scenarios such as hiding the owner's coins on random paths)
allowing an arbitrary number of derivation levels up to six and simply enforce that the keypath prefix of the change up to the depth minus two (i.e. without the change and address index levels) matches the keypath of the inputs (and that they all have the same number of levels).
Sounds reasonable, I guess that fits my a path "similar" to the derivation path of at least one of the inputs
idea :)
What about the restriction on the path to the input? Is that restriction currently for "the path to have 5 levels"? Are you changing that to "path to have at most 6 levels"? Just inferring from your change path description.
from mcu.
What I am not sure about is why there are restrictions on the derivation path to the input. What could a compromised host do?
Sorry that I was not explicit on this. There is no reason to enforce restrictions on the keypaths of the inputs. However, since transactions typically have a change, we did not deem it necessary to treat transactions without a change differently (and simply enforced these restrictions on all keypaths).
I guess that fits my
a path "similar" to the derivation path of at least one of the inputs
idea
It does. 🙂 It is also more in line with what Trezor does. However, since the BitBox does not verify the transaction (this is left to the mobile verification app) and simply signs various hashes at various keypaths, we will continue to enforce that all inputs/utxos share the same keypath prefix up to the last two levels. If we only require that the change matches the keypath of at least one of the inputs, then an attacker could also request a signature at an arbitrary keypath, send the change "there" and simply discard/ignore the returned signature.
And yes, we will also make the keypath depth of the inputs more flexible again. In order to allocate memory, we have to cap the number of levels. Our patch under review made this configurable (before compilation) and set the value to 6. However, nothing speaks against increasing this value a bit more to, for example, 10, which we might do.
from mcu.
@KasparEtter @benma Any ETA on the patch being released? I hate to be a nag; I'm asking only because the BitBoxes I bought are unusuable for my intended use in the meantime.
from mcu.
@KasparEtter Thanks man!
from mcu.
And here is the desktop app with the firmware 6.0.4 that you can use to update the firmware on your BitBox: https://github.com/digitalbitbox/bitbox-wallet-app/releases/tag/v4.7.0
Thanks once more for bringing this to our attention!
from mcu.
I assume I have a problem related to this issue, my setup:
Electrum p2wsh wallet with 2 out of 4 multisig, where I use a bitbox01 as an co-signing device. I've upgraded from:
- Electrum: 3.2.2
- Bitbox01: Release 4.0.0
to:
- Electrum: 3.3.8
- Bitbox01: Release v7.0.0
Now when I try to sign a transaction I get this window:
i.e. my funds are stuck. I'm not sufficiently knowledgeable to judge if the issue is due to Electrum or the BitBox. Would be really nice if you could help me out.
from mcu.
Thanks for the report. Can you tell us the keypath you are using? If you haven't done so already, you should contact us at [email protected].
from mcu.
Related Issues (20)
- getting master xpub is not possible HOT 3
- sign/checkpub should use pubkeys
- Unable to load modified firmware to the device HOT 3
- Invalid JSON returned on DB_ERR_SD_OPEN_DIR
- Support for Cardano HOT 2
- allow `https://app.essentia.one` access to web usb iface
- Update to 4.0.0 firmware locked out hidden wallet HOT 1
- Add Bitcore BTX HOT 2
- Consider adding a simulator HOT 1
- add simulator build into travis file, example python script, and instructions to README
- Upgraded to 6.03 Firmware / No signing in MEW HOT 4
- Tezos support HOT 1
- Live-device unit tests for hijack api fail on OSX Catalina
- GPG sign git commits HOT 3
- {"backup":"list"} use json array or remove whitespace
- {"device" : "lock"} response `{"lock": true}` instead of `"locked"`) HOT 1
- device:info returns xpub HOT 1
- device:lock should not be possible if device is not seeded
- mcu part needs to call secp256k1_context_randomize() with 256bit entropy from ATAES132A
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mcu.