Figured out a way to have…

Figured out a way to have a Bitcoin multisig that can be restored with nothing but the original seed for each key and a secret password.

This is done using encrypted messages in the OP_RETURN field. This field holds an HMAC encrypted version of the xpubs. The max size for an OP_RETURN message is 80 bytes. So the encrypted xpubs need to be split in half.

I sent a transaction in these formats to each of the three signing wallets with the following as messages in the OP_RETURN fields.

1p1/2 <encrypted xpub part 1>

1p2/2 <encrypted xpub part 2>

2p1/2 <encrypted xpub part 1>

2p2/2 <encrypted xpub part 2>

3p1/2 <encrypted xpub part 1>

3p2/2 <encrypted xpub part 2>

Derivation Info

Encryption info

This series of transactions was sent to each wallet so that each one could rebuild the multisig with nothing but the private keys and the encryption password.