A simple backup scheme for wallet accounts

The main concern is how to securely back up wallet descriptors without compromising the privacy or security of the wallet itself. A wallet descriptor provides information on how to derive public keys from the master seed, crucial for transaction signing in a multisig setup. The challenge lies in securing these descriptors from unauthorized access while ensuring they are recoverable by the wallet owner or authorized parties.

One proposed solution involves using Shamir's Secret Sharing to split a secret into multiple shares, with each share encrypted using an extended public key (xpub). This method requires a certain number of shares (k out of n) to decrypt the secret, aligning with the multisig requirement where multiple signatures are needed for transactions. This approach adds a layer of security by encrypting sensitive data like xpubs and master fingerprints, leaving only derivation paths in plaintext to aid users in deriving their xpubs.

Another aspect of the conversation touches upon the encryption scheme for wallet backups. It suggests a deterministic encryption method that combines the benefits of symmetric and asymmetric encryption techniques, optimizing for both security and practicality. By encrypting the payload with a symmetric secret generated from the public keys involved in the wallet, this method aims to provide a secure yet easy-to-implement solution for digital backups. This includes considerations for accessibility by authorized parties, determinism in backup outcomes, and vendor independence to support a wide array of hardware signing devices.

Security concerns are highlighted, distinguishing between the concepts of secrecy versus privacy in the context of seeds and descriptors. While seeds (which allow fund spending) must be kept secret due to their high value to attackers, descriptors (that only allow fund observation) are considered private. The risk associated with replicating seeds is emphasized as significantly higher than that of distributing descriptors, which can have multiple copies without substantially increasing the risk of fund loss.

Collaboration and standardization efforts are suggested to address these challenges, with references to existing works and tools developed by participants in the discussion. This includes links to GitHub repositories and external posts detailing specific backup schemes GitHub repo and a Delving post, showcasing the community's effort towards more secure and user-friendly wallet backup solutions.