Multisig Wallets – Some Basics

As crypto multisig (or multisignature) wallets gain traction, below are some more info, quick tips and examples to guide you through.

Since as early as 2012, Bitcoin has had an alternative to single-­key addresses. Around that time, a new type of address called pay-­to-­script-­hash (P2SH) was defined and standardized. Among the functionality supported by P2SH addresses is the ability to require multiple private keys in order to transact, known as multi-­signature, or more commonly, multisig. A P2SH address can support arbitrary sets of N keys, any M of which are required to transact — this is commonly referred to as “M-­of-­N.” In practice, the blockchain does enforce some limits as to the size of N, and by far the most typical multi-­sig implementations are of the form 2-­of-­2 or 2-­of-­3. (Note that using this terminology, a single-­key address would be considered 1-­of-­1.)

The easiest real-­world analogy for explaining multisig is a safe deposit box with 2 keys, one held by the customer, the other held by the bank. In order to open the box, both keys are required, making a safe deposit box analogous to a 2-­of-­2 multisig address.

There are some immediate advantages that can be gained from using multisig technology. First, we can completely eliminate single points of failure by ensuring that the keys for an address are generated and stored on completely separate devices. For instance, one key might be generated on the user’s laptop, while the other is generated on the phone, making it necessary to have both devices in order to transact. Malware which infects the laptop cannot steal any funds, because it does not have the key stored on the phone. Secondly, we can achieve redundancy. In the previous scenario, what happens if the user loses their phone?

If a third key were kept offline in a vault, and a 2-­of-­3 scheme were used, then the user could tolerate losing either device, and still manage to recover his funds using the remaining device in conjunction with the offline key.

Third, we can begin to address the access control problem. A husband and wife can construct a multisig wallet which requires both of them to transact, while a 3-­person partnership can create a wallet which requires at least 2 of them to be in agreement. Additionally, entirely new possibilities can be unlocked by multisig technologies — consider the following scenarios.

Example: Trustless Escrow

Alice wants to send Bitcoin to Bob, but only if Bob delivers the merchandise he has promised. Bob wants to ensure he is paid for his merchandise. They both trust Trent to adjudicate a dispute but do not wish to trust him with the funds. They create a 2-­of-­3 multi-­sig address with one key each from Alice, Bob and Trent. If the transaction goes smoothly, Alice and Bob can jointly release the funds without Trent’s involvement. If there is a dispute, Trent can adjudicate, and can move the funds in conjunction with either Alice or Bob. During the course of the transaction, the Bitcoin is effectively in a kind of limbo, since no one person can move the funds on his own.

Example: Organizational Limits

A company desires to set up a Bitcoin wallet accessible by 3 of its employees, but require 2 of them to be involved on any transaction exceeding $5,000. In order to do so, it creates a 2-­of-­2 multisig address where it holds one key, and an outside policy-­enforcement service holds the other key.

When one of the three employees wishes to transact, he signs the transaction with the company’s key, authenticates to the service, and requests a co-­signature. The policy service uses the pre-­arranged spending limit to determine whether to co-­sign the transaction or to request a secondary approval from one of the other two employees. The service cannot steal funds, but it can block the company’s ability to transact. If that is not desirable, the company can instead use a 2-­of-­3 configuration in which another employee or security officer retains an additional backup key which allows the company to recover the funds in the case the policy service becomes uncooperative.

Example: Trustless Margin

A user wishes to trade on an exchange, but does not wish to entrust full custody to the exchange, since he does not fully trust their security measures. He establishes a 2-­of-­2 wallet in which he and the exchange share a single key, and an outside policy-­enforcement service holds the other key. He deposits Bitcoin into the wallet which the exchange allows him to use as margin for trading, loans or other purposes. The role of the policy enforcer in this case is to ensure that the customer cannot withdraw funds while he has outstanding orders or unsettled trades, while assuring the customer that the exchange cannot unilaterally steal or lose all funds.

 

As the above scenarios demonstrate, multisig can strongly benefit both individuals and organizations in improving security, establishing access controls, and enabling the delegation of partial trust. As exchanges and other businesses begin to enable customers to deposit without fear of loss, there will be increased consumer pressure on other businesses to adopt similar technology. And if the risk of loss can be minimized, there should be substantial benefits to transparency and liquidity across the entire ecosystem. For these reasons, it is anticipated that the majority of Bitcoin will, over time, be moved to P2SH multi­sig addresses.

 

In the traditional world of finance, a custodian is a trusted third party who holds assets on behalf of another. It’s important to note that with Bitcoin, there is no longer always a clear custodian of funds. In a 3-­of-­3 multisig wallet where Bank of America, JP Morgan and State Street each hold 1 key, who is the custodian? With Bitcoin, final custody lies only with the blockchain, which is, of course, decentralized itself. As a consequence, lawmakers and regulators will need to understand this new paradigm as they best determine how to adapt existing regulations and create new ones.

Do you know a scenario where multisig can benefit and improve the security of a process?

 

Excerpt from Coin Center, What is Multi-Sig, and What Can It Do?

Read more: