this post was submitted on 06 Nov 2023
4 points (66.7% liked)

Monero

1662 readers
19 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS
 

Is An XMR Version of Nunchuk Wallet Technically Possible?

I've read about secret sharing as a means of doing multisig in Monero, and I know services like Haveno & RINO implement 2-of-3 wallets as a service (for exchange escrow and shared custody respectively). I'm interested in a different sort of implementation, one that doesn't rely on a third party host.

Nunchuk.io, for example, develops a BTC wallet that allows multiple users to collaboratively create multisig wallets & share custody of bitcoin. They can sign/approve transactions via an integrated messenger (which is third party hosted, but doesn't technically need to be afaik). This has multiple use cases, but it interests me primarily as a trustless escrow service between individuals.

As a non-programmer, I'm curious if anything about XMR secret sharing prevents the development of an equivalent application for Monero. Haveno and RINO have their own use cases, but I'd be more interested in something that can work between individual users without any third party company/service/platform.

@monero

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

@Saki Interesting, thank you. Was the CCS wallet not using multisig the reason for the breach, then? I haven't followed the incident in detail, I wasn't sure what allowed the attacker access in the first place.

[–] [email protected] 1 points 1 year ago

Nothing is sure. It might be skilled attacker(s), it might be simply bad opsec, or it might be an inside job. Several people think and say that we need to minimize trust via mltisig (in retrospect, this seems so obvious but that’s just hindsight).