Digital Bitbox fw 6.x fails to sign transactions with pubkeys on certain derivation paths. Multisig UTXOs unspendable

[JeffVandrewJr]

Urgency Level: I would consider this a fairly critical issue, since it allows the user to create the wallet and deposit funds, however the funds are then stuck in the wallet and cannot be spent. Luckily this did not happen to me as I tested with small transactions first.

Electrum version: 3.3.4
Digital Bitbox Firmware: 6.0.3

Issue: Cannot sign Segwit native multisig. Electrum properly creates the wallet using one or more BitBoxes, however when attempting to sign a transaction, it throws "Invalid Keypath" error.

Description: Electrum properly creates a Segwit native multisig wallet using Digital BitBoxes as one or more signers. However, when later attempting to spend from the wallet, attempts to sign with the BitBox will fail with error message: "Invalid Keypath".

Workarouds tried (and failed): manually set the derivation scheme to m/48'/0'/0'/1' and m/84'/0'/0'/0' (as well as tested with default m/48'/0'/0'/2'). All attempts yielded the exact same error,

[JeffVandrewJr]

Ping @digitalbitbox

[SomberNight]

I have just tested and p2wsh multisig works for me
Though I have older fw, not exactly sure about version, 5.x probably
will update fw now

EDIT: hid.get_serial_number_string() returns dbb.fw:v5.0.0 on my device

[SomberNight]

Ok, so I've upgraded the firmware to 6.0.3, and am getting the same error.

Traceback (most recent call last):
  File "Q:\prog\misc\electrum_ws\electrum\electrum\plugins\digitalbitbox\digitalbitbox.py", line 643, in sign_transaction
    raise Exception(reply['error']['message'])
Exception: Invalid keypath

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "Q:\prog\misc\electrum_ws\electrum\electrum\gui\qt\util.py", line 679, in run
    result = task.task()
  File "Q:\prog\misc\electrum_ws\electrum\electrum\wallet.py", line 963, in sign_transaction
    k.sign_transaction(tx, password)
  File "Q:\prog\misc\electrum_ws\electrum\electrum\plugins\digitalbitbox\digitalbitbox.py", line 681, in sign_transaction
    self.give_error(e, True)
  File "Q:\prog\misc\electrum_ws\electrum\electrum\plugins\digitalbitbox\digitalbitbox.py", line 466, in give_error
    raise Exception(message)
Exception: Invalid keypath

[SomberNight]

This seems to be some kind of restriction on the derivation path.
I am testing with 2of2 p2wsh UTXOs.

If the derivation path for the bitbox keystore is m/84'/1'/0' then no error is raised;
if the path is m/48'/1'/0'/2' then it raises Exception: Invalid keypath

This is evidently a change in the firmware.
As there is no standard for derivation paths to use for multisig, and because reusing pubkeys is bad practice, Electrum has been using paths such as m/48'/1'/0'/2' by default
See #4465

These coins are unspendable using the upgraded firmware, due to these new restrictions.
If this was e.g. Trezor, I would just suggest users to restore from seed words on an offline machine and offline sign transactions, so coins would not be locked, but with a bitbox, I do not know of any workarounds.

EDIT: Actually IIRC there is a way to extract an xprv from the bitbox, so that would work.

@benma

[JeffVandrewJr]

@SomberNight Even on override to m/84'/1'/0' when creating the multisig wallet, signing will still fail for invalid change keypath.

[SomberNight]

Oh, I tested without change outputs.

[benma]

@SomberNight, @JeffVandrewJr

We are working on a fix. Thanks for raising the issue.

[Tomasvrba]

@JeffVandrewJr Reproduced the issue with Electrum's default m/48'/1'/0'/2' keypath.
However could not reproduce it with keypath set to m/84'/1'/0' with two BitBoxes as signers. Signed the transaction and it went through ok, even with change output.
Working on a fix for the first issue.

[JeffVandrewJr]

@Tomasvrba I had the change address issue using a Trezor and a BitBox together, both m/84'/1'/0'.

[JeffVandrewJr]

This issue has been resolved by the new BitBox firmware update: BitBoxSwiss/mcu#268 (comment)