We’re thrilled to announce the Taproot Multisig Wallet, a new type of multisig wallet that leverages Taproot, Schnorr signatures, and the MuSig2 protocol to offer greater privacy and lower on-chain fees. Taproot wallet is a beta feature, so please consider it experimental and avoid storing significant amounts of funds for now. What Is Taproot Multisig? Taproot Multisig is a wallet design that uses Taproot (BIP 341) to make multisig transactions look indistinguishable from single-signature transactions on the Bitcoin blockchain. All Taproot addresses begin with “bc1p”, distinguishing them from legacy Bitcoin addresses. This implementation boosts user privacy and helps reduce fees¹. The key innovations powering Taproot Multisig are: Schnorr Signatures (BIP 340): A more efficient and provably secure signature scheme compared to ECDSA. MuSig2 Protocol (BIP 327): A technique for aggregating multiple signatures into one, optimizing how multisig transactions are handled on-chain. By implementing these cutting-edge technologies, Taproot Multisig offers a sleek, privacy-focused alternative to traditional multisig wallets. Why Taproot Multisig? Enhanced Privacy Taproot transactions make multisig activity indistinguishable from single-sig on-chain. Observers cannot tell how many parties participated in signing. Lower Fees Consolidating multiple signatures into a single Schnorr signature reduces transaction size, which typically results in lower fees. Provably Secure Schnorr signatures boast mathematical proofs of security, unlike ECDSA’s more ad hoc security assumptions. Key Path Spending A Taproot feature called “key path spending” allows a specific subset of keys — which we coined the Value Keyset — to sign a transaction in a way that maximizes privacy and fee savings. Different subsets of keys (also known as “script path spending”) still benefit from Taproot’s privacy and fee improvements, but using the Value Keyset offers the highest advantage.

In the ever-evolving world of Bitcoin, security is paramount. We understand that safeguarding your bitcoin holdings is more than just protecting your assets — it’s about ensuring peace of mind. That’s why we’re excited to introduce the Decoy Wallet on our mobile app, a new feature designed to add an extra layer of security to your Bitcoin experience. What Is the Decoy Wallet? The Decoy Wallet is a specially designed bitcoin wallet intended to hold a small amount of bitcoin as a safeguard against potential threats. In situations where you might be compelled to reveal your wallet, a Decoy Wallet allows you to present a minimal amount of funds, thereby defusing the situation without compromising your main holdings. How Does the Decoy Wallet Work? The Decoy Wallet feature operates using separate PINs: Security PIN: Grants access to your main wallets. Decoy PIN(s): Grant access to Decoy Wallet(s). In a threatening scenario, you can enter one of your Decoy PINs to unlock a Decoy Wallet on your mobile app. Each Decoy PIN creates a separate “space,” allowing you to have multiple Decoy Wallets if you wish. These wallets appear authentic and contain a small amount of bitcoin, providing plausible deniability about the existence of your main wallets. To access your primary wallets, you must enter your Security PIN.

Casa (https://casa.io) just launched an inheritance planning protocol, which has a lot of similarities to the protocol that we introduced at the end of 2022. The following is a comparison between the two protocols, so that interested users can better understand the features and associated trade-offs. During the writing of this report, we’ve uncovered a major security weakness in Casa’s implementation, and suggested that Casa pause the launch of the new inheritance planning service until it is resolved.

Three years ago, we introduced our very first attempt at a collaborative multisig wallet—a Matrix-based solution. Although it was a groundbreaking feature at the time, the reliance on separate Matrix encryption keys for end-to-end-encrypted (E2EE) communication turned out to be inconvenient and prone to issues when users switched devices or reinstalled the app. Additionally, the Matrix SDKs varied in reliability across platforms, adding further friction. After carefully rethinking our approach, we’re excited to unveil a completely redesigned Group Wallet that streamlines collaboration, boosts reliability, and simplifies recovery. Best of all, it’s available to all Nunchuk users—free or paid. A Cleaner, More Reliable Design In the new Group Wallet, we eliminate the need for Matrix and separate chat keys by repurposing the wallet’s Output Descriptors to derive a single, shared encryption key for the group. These Output Descriptors are contained in the wallet configuration file (also known as the BSMS file). By backing up this file, you can reconstruct the group wallet and its encrypted communication channel whenever you need. Note: To actually spend funds, you still need your individual Bitcoin private keys. These are not included in the wallet configuration file, so be sure to keep your private keys secure and back them up separately. This is powered by a two-phase encryption scheme — asymmetric first, then symmetric — but it’s all handled automatically behind the scenes. With the new system, you can: * Easily create a multisig setup with family or business partners * Securely manage funds across multiple devices for yourself * Get everything done in just a few minutes

Multisignature (multisig) wallets have emerged as a gold standard for securing bitcoin, offering an extra layer of security by requiring multiple keys to authorize transactions. However, even the most robust systems can face challenges. Today, we're excited to introduce a game-changing feature that addresses one of the most significant pain points in Bitcoin multisig wallet management: key replacement. The Challenge of Lost Keys Imagine this scenario: You've diligently set up a multisig wallet to secure your Bitcoin holdings. You've distributed the keys across different locations, established an inheritance plan, and feel confident in your setup. Then, the unthinkable happens – you lose access to one of your keys. Traditionally, this would trigger a cascade of stressful events: 1. Creating a new multisig wallet from scratch 2. Carefully setting up and distributing new keys 3. Transferring funds from the old wallet to the new one 4. Updating your inheritance plan and notifying all involved parties This process is not only time-consuming but also fraught with potential for errors, especially under stress, potentially jeopardizing your entire Bitcoin holdings. Introducing Seamless Key Replacement We're proud to unveil our new key replacement feature, designed to streamline the process of replacing a lost or compromised key in your Bitcoin multisig setup. Here's how it works: 1. Simple Initiation: From within your existing wallet interface, you can initiate the key replacement process with just a few clicks. 2. Guided New Wallet Creation: Our system walks you through creating a new multisig wallet, ensuring you're replacing the correct key while maintaining the integrity of your multisig setup. 3. Semi-Automated Fund Transfer: Here's where our feature truly shines. Once the new wallet is configured, our system automatically prepares a rollover transaction to move your funds from the old wallet to the new one. This critical step simplifies the process, but maintains your control: * The transaction is created and prepared automatically. * You still need to verify the transaction and sign it with your existing keys, ensuring you maintain full control of your bitcoin at all times. 4. Inheritance Plan Preservation (Honey Badger and Byzantine wallets only): For users of our premium Honey Badger and Byzantine wallet services, if the replaced key isn't part of your inheritance plan, the entire plan can remain intact, minimizing the need to update and redistribute instructions to your beneficiaries or trustees. Importantly, our inheritance planning feature is non-KYC, setting us apart from competitors and ensuring your privacy throughout the entire process.

At Nunchuk, we’re committed to providing you with secure and user-friendly solutions for managing your Bitcoin holdings. Today, we’re excited to announce an enhancement to our flagship service, the Honey Badger subscription plan: you can now use COLDCARD as your inheritance key hardware, in addition to TAPSIGNER. This update also applies to our Byzantine subscription services, designed specifically for Bitcoin advisors. Both individual users and professional advisors can now leverage our advanced inheritance planning features with greater flexibility. A Quick Recap of the Honey Badger Plan The Honey Badger plan is an assisted 2-of-4 multisig wallet that includes an integrated inheritance planning feature. Here’s how it works: You hold three keys, one of which is designated as the inheritance key. The platform holds one key, known as the Platform Key. This setup ensures that you’re always in control of your wallet. Even if something happens to your devices or our platform, you can recover your funds using your keys. The inheritance key allows your designated beneficiary to access your Bitcoin after a specified timelock, ensuring your legacy is secure. Similarly, the Byzantine subscription offers these inheritance planning features to Bitcoin advisors, enabling them to provide secure and reliable inheritance solutions to their clients. Introducing COLDCARD as an Inheritance Key Option Previously, the inheritance key in the Honey Badger and Byzantine plans had to be a TAPSIGNER card. While TAPSIGNER offers a convenient and secure way to manage your inheritance key, we understand that users and advisors have different preferences and requirements. With our latest update, you now have the option to use a COLDCARD hardware wallet as your inheritance key. Both COLDCARD and TAPSIGNER are produced by our trusted partner, Coinkite, one of the most reputable names in Bitcoin hardware solutions. Why Choose COLDCARD? Using COLDCARD as your inheritance key brings significant benefits: User-Generated Backup Password: Unlike TAPSIGNER, where the Backup Password is pre-generated at the factory, COLDCARD allows you to generate your Backup Password on demand. This adds an extra layer of personalization and security. Human-Friendly Backup Password: COLDCARD’s Backup Password is a 12-word BIP39 mnemonic phrase, making it easier to memorize, write down, and share securely with your beneficiary. In contrast, TAPSIGNER uses a 32-character hexadecimal string, which can be more challenging to handle. Flexible Interaction Methods: The COLDCARD Mk4 and COLDCARD Q support multiple interaction methods, including NFC, USB, microSD card, and QR codes (with the COLDCARD Q). This provides you with a variety of options to suit your preferences.

Recently, a group of Bitcoin researchers (Nick Farrow, Lloyd Fournier, and Robin Linus) disclosed a security vulnerability — called “Dark Skippy” — that potentially impacts Bitcoin hardware signing devices. Here’s what you need to know about “Dark Skippy”: 1. Hardware signing devices insert random values called “nonces” every time they sign Bitcoin transactions. 2. Weak nonces (values that are not sufficiently random) can allow an attacker to mathematically brute-force the private key from the signatures alone, just by analyzing transactions on the public blockchain. This is a well-known class of attack. “Dark Skippy” is a new technique which makes it easier to grind the private key from weak nonces. What are the conditions required for the attack? The attack requires either: 1. Loading malicious firmware onto the device, which generates weak nonces. 2. A bug in the vendor’s official firmware that produces weak nonces. What about passphrases? A common question is whether adding a (BIP39) passphrase to a seed phrase provides protection against Dark Skippy and similar attacks. The answer is no. This attack can work directly against the master private key, not the seed phrase. Therefore, adding a passphrase will not protect you against this class of attack. How do I protect myself from this type of attack? 1. Order hardware signing devices straight from the vendors, if possible. The more direct, the lower the likelihood of tampering. 2. Use hardware vendors that have tamper-resistant mechanisms in place, such as tamper-evident sealed bags, firmware attestation, etc. 3. Use hardware where you can easily verify the integrity of the source firmware and its updates. 4. Use hardware that follows security standards in generating nonces. One such standard is RFC6979 (deterministic nonces). 5. Verify the authenticity of the firmware every time you upgrade. (Tip: bookmark the vendor website to avoid phishing). 6. Avoid upgrading firmware unless you absolutely have to. Use another device if you want to experiment with firmware features that you don’t actually need for your main stash. 7. Use multisig, preferably multi-vendor multisig. This alone significantly increases the difficulty of executing the attack.

We're excited to share that Nunchuk for Android now supports reproducible builds! This is a significant step forward in our commitment to transparency and security in the Bitcoin ecosystem. What are Reproducible Builds? Reproducible builds are a set of software development practices that create an independently-verifiable path from source code to the binary code used by your device. This allows users to verify that the application they're running on their device matches exactly with the open-source code we've published. Why is this Important? 1. Trust Minimization: In the spirit of Bitcoin's "Don't trust, verify" ethos, you no longer have to trust that our published code matches the application you're using. You can verify it yourself. 2. Security: Reproducible builds make it much harder for malicious code to be inserted into the build process without detection. 3. Transparency: This process provides a clear link between our open-source code and the application you use, enhancing our commitment to transparency. Nunchuk's Unique Position We're proud to announce that with this update, Nunchuk joins a select group of Bitcoin wallets that support reproducible builds. This puts Nunchuk at the forefront of transparency and security in the Bitcoin wallet space, particularly for mobile users. Moreover, Nunchuk stands out as the only Bitcoin wallet that directly reuses Bitcoin Core code. Bitcoin Core is the protocol code of Bitcoin and is widely recognized as the most peer-reviewed and battle-tested code in the entire Bitcoin ecosystem. Our decision to reuse Bitcoin Core code from day one was driven by our commitment to minimize dependencies and maximize security. To achieve this, we developed libnunchuk, a cross-platform library at the heart of Nunchuk. This library encapsulates the reused Bitcoin Core code, allowing us to maintain a high level of security and consistency across different platforms while leveraging the robustness of Bitcoin Core. With our new reproducible build process, you can now verify for yourself that libnunchuk indeed reuses Bitcoin Core code. This means you can confirm that your Nunchuk wallet is running genuine Bitcoin Core code internally for Bitcoin-related tasks, providing an unprecedented level of transparency and trust in your wallet's operations. How Can You Verify? We've published detailed instructions on our GitHub repository that walk you through the process of building the application from source and comparing it to the version from the Google Play Store. This includes: * Obtaining the source code * Building the application * Generating Android Package Kit (APK) files from the bundle * Pulling Android Package Kit (APK) files from your device * Comparing the built Android Package Kit (APK) files with the ones on your device Looking Forward We're continuously exploring ways to enhance transparency and security across our platform. We encourage our security-conscious users to try out the verification process and let us know your feedback. Your input is invaluable as we continue to improve and refine this process. Thank you for your continued support and trust in Nunchuk. Together, we're building a more transparent and secure future for Bitcoin multi-signature technology! For full instructions on how to verify your Nunchuk Android application, please visit our GitHub repository: https://github.com/nunchuk-io/nunchuk-android/tree/master/reproducible-builds If you have any questions or feedback, don't hesitate to reach out to our team.

We are excited to introduce a significant update to Nunchuk: the new Wallet Rollover feature. This powerful tool provides a comprehensive solution for migrating from an old wallet to a new wallet while maintaining your preferred coin management strategy. A Leap Forward in Wallet Management Until now, migrating from an old wallet to a new wallet has been a largely manual process, requiring users to carefully manage transactions and coin control themselves. Nunchuk’s Wallet Rollover feature automates much of this process, dramatically reducing the potential for errors and saving time. Moreover, our advanced coin control management is unparalleled in the Bitcoin wallet space, offering a level of granularity and privacy preservation techniques previously unavailable to users. Independent Rollover Feature The Wallet Rollover feature operates independently and can be utilized in various scenarios that require fund transfers between wallets, including key replacement processes. Key Capabilities: * Transfer between any wallet types (single-sig to multi-sig, vice versa, or between different multi-sig configurations). * Preserve coin segregation strategy during transfers. * Enhance privacy further through randomized broadcast of the rollover transactions. Nunchuk is the first Bitcoin wallet to offer this level of automation and granular control in wallet transitions.

When it comes to Bitcoin wallets, your balance isn't just a number, it's a collection of individual coins, also known as “UTXOs”. Think of it like the cash in your pocket: a few $10s, some $5s, and a handful of change. The total sum of all those bills and coins makes up your pocket money, just like your Bitcoin balance. When you go and make a purchase, you might want to choose which coins to use, and which ones to keep for later. That's where coin control comes in. It's like organizing your pocket money - stacking your bills, separating your coins, and setting aside any worn or damaged bills for spending first. With Bitcoin, you have coins of arbitrary values, so it's even more important to keep them organized. Coin control is the process of labeling, organizing, and picking which coins to use in transactions. Since all Bitcoin transactions are public, coin control used properly can greatly improve your on-chain privacy. By mastering coin control, you'll be one step ahead in protecting your information. Let’s look at how Nunchuk’s advanced coin control features work.

One of the most incredible aspects of the Bitcoin network is the fee market.Bitcoin’s fee market is global. It doesn’t rest. It cannot be stopped. No one can put an artificial price floor or price ceiling on its good: scarce block space. The fee market is where the law of supply and demand runs supreme. Arguably, it is the freest market in the world. “Free” in the truest sense of the word. Navigating this dynamic market — which has become increasingly volatile over the years — can be challenging for new and experienced Bitcoin users alike. Long gone are the days where Bitcoin transactions reliably cost a cent or less. One day, a Bitcoin transaction can cost a few cents. The next day, ten dollars. How much should you pay? How much are you willing to pay? If the transaction fees happen to be too low, your transactions might get stuck for hours, even days. This can be problematic when you are in a rush, or have certain deadline to meet. At the same time, you want to avoid overpaying as much as possible.Fortunately, we have a couple of tools to deal with this volatility: Replace-by-fee (RBF) and Child-Pays-For-Parent (CPFP). Both allow you to “bump” the fees on your stuck transactions.

Block recently introduced a self-custodial solution for Bitcoin called Bitkey (https://bitkey.world). This review delves into Bitkey’s features, highlighting its strengths and potential areas of concerns. I. Overview of Bitkey Design Breakdown: 2-of-3 multisig wallet: Bitkey operates on a 2-of-3 multisig wallet system, which requires two signatures to withdraw funds. This setup includes: A hot key managed by the mobile app, An NFC-based hardware key (no display), And a hot key maintained on the Block server. The underlying theme behind the Bitkey architecture is that it prioritizes usability above all else. This is reflected in the decisions to go with a “hot” mobile key (instead of 2 “cold” hardware keys), and a hardware that doesn’t have a display. It also tries to abstract away entirely key generation and backup issues. Specifically, the user doesn’t see how any of the keys are generated when setting up the wallet, which is a sharp contrast to traditional self-custodial solutions on the market. The tasks of backing up the keys and wallet configuration are also mostly hidden, besides being required to connect to an existing cloud storage. Altogether, this results in a smooth onboarding process and a very clean UI. It also comes with major trade-offs.

Today, we are excited to share that a new standard on multisig has recently been finalized: BIP 129 — Bitcoin Secure Multisig Setup (BSMS). In the future, multisig wallets set up using BSMS will be safer, more private, and interoperable. We look forward to seeing BSMS being implemented in the wild.