0

I'm currently working with Partially Signed Bitcoin Transactions (PSBTs) and trying to understand the best practices for handling transactions that require signatures from multiple parties. Specifically, I want to create a transaction that needs signatures from two different individuals using PSBT.

Storage of Signatures: When I, as the first signer, add my signature to the PSBT, where is this signed data stored while we wait for the second signer to add their signature? How does the PSBT format handle this interim state?

Security Concerns: Are there any recommended security practices to ensure the integrity and confidentiality of the partially signed transaction during this process?

I would appreciate any insights or guidance on managing multi-signature transactions using PSBTs, particularly regarding the secure storage and handling of the transaction until all required signatures are gathered.

Improve this question

1 Answer 1

Reset to default
2

When I, as the first signer, add my signature to the PSBT, where is this signed data stored while we wait for the second signer to add their signature?

In the PSBT file.

How does the PSBT format handle this interim state?

The PSBT file format can be thought of as a set of key-value stores for each input and output of the transaction. When you add a signature to a PSBT, you add a field saying "a signature for input X, with key Y, in Z". A future finalizer can then use this information (once enough other signatures have been added) to construct a valid transaction input.

Are there any recommended security practices to ensure the integrity

Not particularly. Generally, PSBT files are just an interchange format, for giving potential signers all the information they need to sign. This includes the (unsigned) transaction being signed, the UTXOs it is spending, information about scripts and keys that signers may need, and so forth. If the information is wrong/corrupted somehow, the outcome will just be an inability to sign, or the resulting signature will be invalid.

and confidentiality of the partially signed transaction during this process?

PSBTs do contain information that does not eventually end up on chain, and may be somewhat privacy-critical, such as the xpubs and key derivation paths used by the participants.

Because of this reason, it is not advisable to share the file with anyone but the other signers.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.