multi-signature – Is there a multi-signature scheme that doesn’t need xpub backups?

One drawback of a multi-signature scheme over Shamir’s shared secret scheme is the need to back up xpub keys. There is no BIP39 type encoding for xpubs, they are long and sensitive, so you cannot just distribute them widely to counter the risk of loss.

Is there a multi-signature scheme that only needs private keys, greatly simplifying backup (and restore)?

In my very rudimentary understanding of Taproot, you can effectively chain multiple scripts together. Would it work to reduce an M-of-N scheme to a set of M-of-M OR combined schemes? For example, splitting a 2 of 3 with the keys A, B, C into a script that accepts (A AND B) OR (A AND C) OR (B AND C)?

Source link