Is An XMR Version of Nunchuk Wallet Technically Possible?

I’ve read about secret sharing as a means of doing multisig in Monero, and I know services like Haveno & RINO implement 2-of-3 wallets as a service (for exchange escrow and shared custody respectively). I’m interested in a different sort of implementation, one that doesn’t rely on a third party host.

Nunchuk.io, for example, develops a BTC wallet that allows multiple users to collaboratively create multisig wallets & share custody of bitcoin. They can sign/approve transactions via an integrated messenger (which is third party hosted, but doesn’t technically need to be afaik). This has multiple use cases, but it interests me primarily as a trustless escrow service between individuals.

As a non-programmer, I’m curious if anything about XMR secret sharing prevents the development of an equivalent application for Monero. Haveno and RINO have their own use cases, but I’d be more interested in something that can work between individual users without any third party company/service/platform.

@monero

  • Saki
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    The fact that multisig was not widely used yet, was indirectly related to the unfortunate CCS Wallet Incident, which happened a few months ago, as well.

    @ErC (ErCiccione), a contributor, commented elsewhere a few days ago:

    This is a bit of a dog biting its tail. Multisig was shipped and has been live for a long time. Nobody really used it, so it ended up being unstable and full of problems, but that came out only relatively recently (couple of years ago) when services started to build on it.

    People are now saying, “If multsig had been used…” “should have” “could have” (Hindsight is 20/20 😢). Anyway, fluffypony replied, “when it reached a level of maturity (this year? late last year?) it should have been prioritized.”

    We can expect that multisig will be now more prioritized and to be carefully tested and tuned, soon to be available more generally, if not right now. So perhaps the answer to your question is, “No, but maybe soon…”?

        • xmr_unlimited
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          You can try out their claims. I havnt tried multisig their myself jusy tried a normal account ages ago. My only wish is to have email as an option only or some other network id. Xmpp/nostr/monero. They could use monero for spam protection? Also im not sure how multsig with other parties work, is the email shared with other participant? May be good idea to make that private too…but how to monitize i dont know…

          • チャノさん@mitra.anon-kenkai.comOP
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            @xmr_unlimited I’m not terribly interested in RINO… they’re a third party service, not a piece of software so it doesn’t fit my use case. The fact that I need to register & sign in to even try it out is a big turn off.

            What I am curious about, though, is if they’ve refined XMR multisig at all in developing their service, and if so whether they’ve pushed those improvements upstream or not.

            • xmr_unlimited
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Im pretty sure participants can get their funds out without rino if they saves all their keys

              • チャノさん@mitra.anon-kenkai.comOP
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                @xmr_unlimited That’s probably true, but fund security/access isn’t my main problem. I don’t like having to go through RINO to begin with. I’m not very familiar with multisig, but I believe they at least have a Private View Key, and partial access to the Private Spend Key. Their own FAQ admits they can see outgoing transaction info (this can be mitigated by the receiver always using clean subaddresses of course, but RINO still has the info regardless).

                The use of email and accounts also means RINO stands to have access to metadata about user activity, especially if they use convenience features like fast sync & cross-device access. I’d prefer a multisig solution without the middleman if possible.

    • チャノさん@mitra.anon-kenkai.comOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      @Saki Interesting, thank you. Was the CCS wallet not using multisig the reason for the breach, then? I haven’t followed the incident in detail, I wasn’t sure what allowed the attacker access in the first place.

      • Saki
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Nothing is sure. It might be skilled attacker(s), it might be simply bad opsec, or it might be an inside job. Several people think and say that we need to minimize trust via mltisig (in retrospect, this seems so obvious but that’s just hindsight).

    • チャノさん@mitra.anon-kenkai.comOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      @silverpill @monero The only user-facing implementations I could find were Haveno (proposed) and RINO (existing), but both are tethered to their respective services, and not useful in a more general sense.

      I’m just curious if the lack of GUI implementation has a reason (technical limitations etc), or if it’s just never been attempted. Nunchuk’s design is great for BTC multisig, and an XMR equivalent would be useful.

      • silverpill@mitra.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        @japananon @monero Apparently it was never attempted. What is so great about Nunchuk, integrated chat?

        Given that monero-wallet-rpc provides CLI interface, GUI shouldn’t be difficult to build. I think it can be even built by integrating multisig into an existing chat or social application.

        • チャノさん@mitra.anon-kenkai.comOP
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          @silverpill @monero The integrated chat is part of it, but not the whole.

          Multisig is usually pitched as a security or shared custody feature, but a niche I think is underserved here is the use of multisig for trustless escrow between individuals. Haveno’s implementation is integrated too deeply into their exchange platform to be useful independently, and RINO is an enterprise service focused on shared custody, so neither is exactly fit for that purpose.

          I talked about Nunchuk in a video last year:

          https://peertube.anon-kenkai.com/w/bSyQSapGr7QUaXwiJHUPLV

          I went into it in more detail there, but in a nutshell what I like about it is how it incorporates all the necessary tools for trustless escrow in one package. You can generate wallets collaboratively via the integrated chat, discuss the terms, fund the wallet, and disburse funds without needing to fumble between multiple tools.

          Since my main focus is providing tools for artists, I can see how such a thing would be very useful for things like commission work. But it can certainly be used for other things too, of course. It’s an otherwise purpose-neutral tool so it’s easy for anybody to just pick it up and use it for whatever purpose they want.

          Nunchuk is BTC only, and it can still be useful, but an XMR version would suit my needs even better.