A simple backup scheme for wallet accounts

In an innovative approach to enhancing the security of multisig wallets, a distinct encryption scheme has been proposed that intricately ties the accessibility of a wallet's encrypted descriptor to the knowledge of specific extended public keys (xpubs). This method is designed to mitigate risks associated with storing encrypted data on potentially compromised servers by ensuring that only individuals who possess one or more of the designated xpubs can decrypt and hence access the multisig descriptor. The essence of this strategy lies in its ability to differentiate between an attacker and an authorized individual, essentially nullifying any advantage an attacker gains from accessing the encrypted descriptor without the requisite xpubs.

The core of the proposed encryption technique revolves around the use of Shamir's Secret Sharing algorithm, which is applied to divide the secret necessary for accessing the multisig descriptor into several shares. In a $k$-of-$n$ configuration, the secret $s$ is split into $n$ parts, with each part being encrypted with a unique xpub. Consequently, decryption requires possession of at least $k$ specific xpubs, aligning with the number of shares needed to reconstruct the original secret. This method introduces a layer of complexity while maintaining manageability, albeit with limitations in adaptability to more sophisticated wallet configurations, such as those involving time-locked recovery partners.

To accommodate scenarios where a recovery partner may need to access the funds if the primary spending path is compromised, the scheme suggests maintaining redundant copies of the backup without granting direct access to these third parties. Instead, encrypted backups would only be shared with the recovery partner under circumstances where the primary spending mechanism fails, thereby preserving security without compromising recoverability. Additionally, the scheme recommends keeping the derivation paths in plaintext. This practice ensures users are aware of how to derive their xpubs, significantly narrowing down the decryption search space to a finite set of known xpubs, thus enhancing both usability and security.

This refined encryption scheme represents a thoughtful balance between securing multisig wallets against unauthorized access and ensuring legitimate users can recover their funds under adverse conditions. By leveraging Shamir's Secret Sharing in conjunction with strategic encryption practices, it offers a promising solution to the complex challenges of multisig wallet security.