# Bitcoin Cosign: Multi-sig collaborative custody provider ## Outline: Create your own service such as [Casa](https://keys.casa/) that provides secure and collaborative custody of bitcoin. You need to create a 2-of-3 multi-sig wallet where the user holds two of the keys and the service holds one. In this setup, it's impossible for the service to move any user funds as they only posses a single key. In normal operation, the user makes use of both of their own keys and the service just coordinates the signing process. You must also allow the user to ask the service to sign with its key in the event the user does not have access to one of theirs. Allowing a hardware wallet as one of the user keys would be a bonus, where the client can interact with the hardware wallet to sign. ## Format Backend service | APIs ## Service Name 1. cosign 2. cosine 3. bitcoin-cosign [x] 4. bitcosign 5. coinsign 6. multisign ## User stories/features As a user I want these features: 1. Create an account: - User will provide basic identification information: email, name(s) 3. Create wallet - If user has no existing wallet, they should create a new HD wallet 5. Create transactions - Save their BTC to a 2-of-3 multisig address created with us - Spend their locked BTC by either: + providing 2 valid signatures in their custody or + providing 1 valid signature + 1 from us 6. Swap keys by giving users the ability to refresh their keys by spending from old/existing: - Create a new transaction spending the existing 8. Create multiple 2-of-3 multisig addresses 9. View `balance` of all spendable UTXOs 10. Wallet recovery 11. Wallet capabilities: - Construct transactions - Generate addresses: P2WSH - Sign transactions - Keys management - Fetch all UTXOs for wallet addresses Stretch goals/features: 1. Create transactions with a hardware wallet 2. UTXO labeling * 3. Coin control * 4. On-platform PSBT signing by users. This will require providing wallet functionalities for each user * needs more research ## Language 1. Rust 2. Bitcoin Development Kit 3. rust-bitcoin 4. bitcoincore-rpc ## Possible Flow: #### User registration 1. User supplies valid email and password for account creation 2. We send an account verification link to email 3. User verifies account #### Xpub collection 1. User provides two xpubs, ideally generated from different seeds 2. We save the provided xpubs #### 2-of-3 Address Generation 1. We generate a third public key 2. We generate children xpubs from user-provided xpubs 3. We create a script hash from 3 public keys 4. We generate an address from the script hash and send to user #### Collaborative signing 1. User provides txID/outpoint and 1 (or 2) signature(s) - endpoint: `/cosign` - request body: - txID:outpoint: 6eb628eb785d08fed46a32784f96c914da6c72a3cbba1a695d3f96011a76e350:1 - sig_1: - sig_2 (optional): - We create, sign, and finalize PSBT (function: `create_psbt`) - If len(signatures) < 2, we add a signature - Returns: - the serialized finalized transaction back to user #### Broadcast transaction - endpoint `/broadcast` - request body: - Serialized finalized PSBT or any other type of transaction - returns - the txID to user #### User management | Schema considerations - [Schema](https://docs.google.com/spreadsheets/d/1dhFrfvdc2ZuocE0gI0SWJsEXAjpKxJQ8YYV-htBk_wA/edit?usp=sharing) #### Balance 1. For addresses we generate, provide a balance of the UTXOs they can spend - Query blockchain for UTXOs associated with the generated addresses - Compute balance ## Code management Repository: [Bitcoin Cosign](https://github.com/enigbe/bitcoin-cosign) Project: [Bitcoin Cosign Project](https://github.com/users/enigbe/projects/2) **Guidelines**: 1. We follow the git branch naming convention {feature|fix|docs}/{issuenumber}{description} 1. We merge all code into main branches through PRs 1. All PRs are reviewed by two persons 1. Branch policy will not allow a merge if the pipelines are not successful (Require status checks to pass before merging in github) 1. We look through open PRs to make sure all PRs have reviewers.