Hardware device manufacturer Ledger has implemented a new wallet registration procedure for signing bitcoin transactions with their devices.
Ledger users will be prompted to register your keys the first time you send funds from a keyset that makes up your Casa vault.
You can check out Ledger's blog post on for more details about this here: https://blog.ledger.com/miniscript-is-coming
This new process is intended for Bitcoin app version 2.1.0 and higher. While Casa's web application is backward compatible with earlier versions, we recommend users update their Bitcoin app in Ledger Live to take advantage of the latest features and security benefits. In this support article, we will discuss this new process and how it differs from the previous process.
While you will only need to register your keys once per keyset (the first time you send), keep in mind that you must register again for each subaccount you use within your vault, and again should if you ever rotate a new device into your vault's keyset.
What's happening when I register my keys, and why?
When you send bitcoin to an address generated by your multisig wallet, you are trusting that the address really is generated from the set of keys you're expecting, and with the same spending conditions (2-of-3, 3-of-5, etc.). If you want, you can set up a watch-only wallet to verify this, but any individual key can only verify whether its key is part of the set.
Software or hardware wallets are required to be "stateful," which means they are aware of the state of the every key in the keyset--at least when you set them up. If an attacker were to compromise the wallet software, though, they could cause the wallet to generate a receive address or a change address from different keys (or with different spending conditions), and none of the original keys would have any way to know this had happened.
This is known as a "swap attack." A malicious actor alters the software to generate a receive address or change address from keys they control instead. In this type of attack, a hardware device in the keyset can only verify its own key in the multisig change address and cannot authenticate any of the other keys.
For example, if you had set up a 2-of-3 wallet, compromised software might generate an address from a 3-of-6 wallet generated from the original three keys and three keys controlled by a bad actor and have you send funds to that address instead! Once the funds arrived, the attacker would control the funds, since they would control three keys, and three is enough to sign a transaction.
With the introduction of Ledger 2.0, Ledger developed a new method for registering all the keys in a way that the Ledger can verify, so it can be sure it's only signing a transaction from a keyset you have approved.
When you want to use your Ledger to sign a transaction, the wallet must first provide Ledger with the extended public key (XPUB) for all signers in the multisig keyset, as well as the spending conditions. Once it receives this information, it generates a cryptographically secure token called an HMAC (hashed message authentication code) as proof that a specific set of keys and spending conditions has been approved by the device. This token is tamper-proof and cannot be altered or forged. Every time you go to sign with your Ledger, your wallet also sends the Ledger the HMAC so it can confirm that the transaction really is for the set of keys and spending conditions you previously approved, no watch-only wallet required!
If a new key is added or replaced in the multisig keyset, it will be necessary to re-register the new keyset and spending conditions with the Ledger. To make it easier to keep track of which subaccount is being registered, a wallet name will be used. The wallet name will always be "CasaMultisig" followed by a hyphen and a number that indicates the subaccount the wallet represents.
What does it look like?
When you first connect your device to apply a signature to spend funds, you'll notice a screen on your laptop / desktop prompting you to "register your wallet."
When you continue with the signing process, you will see a prompt on your Ledger device which says "Register wallet." Click both top buttons on the Ledger to approve.
On-screen device messaging for key registration
When signing a transaction with Ledger, you will see a new screen that says "Spend from: known wallet." This is normal.
On-screen device messaging for transaction signing
Do I need to register my keys?
Registering your keys before signing is huge advancement in multisig security, and a requirement to use Ledger with Casa.
We're excited to work with Ledger and other hardware device makers in the future to bring further security enchantments to your multisig vault while providing the best user experience. As always, it is important to stay vigilant and take all necessary precautions when securing your digital assets.