Is there an equivalent to the Xpub/Zpub for multisig wallets?

0

When I have a typical wallet, I can give my Xpub to someone to generate addresses whenever they need. ("they" here could be an instance of BTCPAY server or some other application that I don't want to expose private keys to).

When I have a multisig scheme/wallet. How do addresses get generated? And is there an equivalent key (Xpub, zpub etc) that I could generate and put in my btcpay server?

Thanks

FKrauss

Posted 2019-09-09T11:48:34.950

Reputation: 111

Not really an answer to your question, but here I talked about the "output descriptors" that have been introduced to Bitcoin Core a while ago: https://bitcoin.stackexchange.com/a/89281/208

Pieter Wuille 2019-09-09T18:19:59.003

Answers

1

A multi-sig address is a hash of a script that combines multiple separate keys. In other words the purpose of it is to require multiple signatures from multiple keys that are stored (and usually generated) independently. For that reason it can not be generated from a single extended public key (xpub).
What you can do, is to have multiple extended keys, and for each address derive a public key from each xkey at the same path and combine those pubkeys to get your address.

For example a 2 of 2 scheme between Alice an Bob would work like this:

  1. Alice generates a master private key, stores it in a safe and private place.
  2. Bob generate a master private key, stores it in a safe and private place.
  3. Alice gets her master public key for a specific path like: m/44'/0'/0'/0* and shares it with Bob.
  4. Bob gets his master public key for a specific path like: m/44'/2'/1'/0* and shares it with Alice.
  5. They both agree that Alice pubkeys have to come first** and start at index 0.
  6. To get an address they each independently derive the same public keys from the two extended pubkeys they have, combine them (OP_2<AlicePubKey><BobPubKey><OP_2><OP_CheckMultiSig>) hash it and get the corresponding address.
  7. Each time they want a new address, they get the next index and repeat step 6.

*. These paths are optional but the keys that are derived from these extended public keys can only have non-hardened paths.
**. Note that in step 5 the order is important and they have to agree on it first. Otherwise the address for OP_2<BobPubKey><AlicePubKey><OP_2><OP_CheckMultiSig> is different and mistakes like that could lead to losses.

Coding Enthusiast

Posted 2019-09-09T11:48:34.950

Reputation: 488