multisig.txt

# 4‑of‑7 Multisig for NT

## What we’re doing

- We are creating a multisig wallet for NewTendermint that requires **4-of-7 approval** for any transaction.
- This step-by-step guide explains how to generate custom entropy, create a key from that entropy, operate the multisig, and store an entropy safely—assuming modern devices may be compromised.

## Quick rules (from https://github.com/jaekwon/openpgp)

- **Only SHA‑256** as the hash we rely on.
- **No phones** for entrop. We do **not** trust Ledger or smartphones. **Trezor** is preferred for on‑chain use.
- **No hardware randomness**. Entropies come only from **42 rolls of a 20‑sided dice** or from a **thoroughly shuffled deck of whole cards**.
- **24‑word mnemonic** (BIP standard) is allowed **only on truly offline devices**; never type it into anything that touches the internet.
- **Zero‑knowledge systems** are not used.
- **Never show full entropy on screen**; sensitive inputs must appear as `******`. Never pass entropy as command‑line flags.
- **Offline computer** must have **no Wi‑Fi/Bluetooth** (physically removed). Use a simple/old keyboard and, if possible, an older monitor.
- Assume entropy can leak in strange ways. **Do not read, repeat, or mentally rehearse** your entropy sequence. Only view a tiny part at a time.

## 7 Signers (alphabetical order)

- Dongwon
- Guilhem
- Jae Kwon
- Maxwell
- Nemanja
- Milos
- Morgan

## Checklist

### Before the ceremony day (Could be done asynchronously)

1. Prepare **a deterministic key generation tool** (currently blocked by jaekwon/openpgp, jaekwon/crypto, and gnokey entropy).
2. Prepare **an offline computer** with wireless hardware physically removed, and a set of old/manual keyboard, mouse and monitor to interact with the offline computer.
3. Prepare **a test pack** for the key generation tool. A few **public test inputs** and the **expected public results** so we all know we’re using the same tool.
4. Prepare **materials for your custom entropy**. Either a twenty-sided dice (D20) or a complete deck of cards, a pen and sheets to write down.
5. (optional) Prepare **a Trezor device** for on‑chain use.

### On the ceremony day (Should be done synchronously)

1. Everyone creates their entropy following the guide:
- Double check that your room has no phones, watches, cameras, or smart devices.
- (Dice (preferred)): Roll a D20 dice and write down the number until you have 42 numbers, wrap it and never look. This will be your custom entropy.
- (Cards): Shuffle the deck 20 times and write down one card at a time until you go through the deck. Write it like "As" for Ace of Spades, "4h" for 4 of Hearts. Once done, wrap it and never look. This will be your custom entropy.
- Do not open it until you use it with your safe-offline computer to generate the key.
2. Everyone creates their key using the custom entropy:
- TBD
2. All 7 public keys have been exchanged.
3. The multisig has been created, and everyone knows the address.
4. A test transaction has been successfully executed with 4 of 7 signatures.
5. Throughout this process, no one has typed their entropy into an internet-connected device.

### After the ceremony day

1. Everyone knows each other's pub keys and the multisig address.
2. Everyone understands how to store their entropy safely.
3. Everyone understands how to use their key to sign multisig transactions.
4. Everyone understands the importance of each signer’s role in the multisig, and that if anyone mishandles or loses their entropy, they must immediately notify all members so the group can act right away.

*End of guide.*