A Bitcoin generally can only be spent by its owner as identified through their public key hash, e.g., their Bitcoin address. The Bitcoin protocol allows for different kinds of rules to define precisely which cryptographic keys can have which control over an account.
The most popular kinds of non-standard Bitcoin accounts are multisignature (multisig) accounts. These addresses, which start with 3 instead of 1, have only been around since 2012—three years after Bitcoin’s inception.
Basic functionality of a multisignature wallet
When creating a multisig wallet, you can define how many signatures there should be in total, and how many of them should be required to make a transaction.
The most commonly created wallet-type is a 2-of-3 wallet, meaning there are a total of three signatures, of which two are needed to sign a transaction.
In practice, the functionality is similar to bank accounts that require multiple signatories. But because the Blockchain is built not on trust, but on cryptography and consensus, it is impossible to cheat, and no central party can arbitrarily seize your funds.
Here are 4 times when 2-of-3 multisignature wallets could be useful:
1. How to use multisig wallets as two-factor authentication
Two-factor authentication (2FA) is not common for Bitcoin wallets but highly recommended for online accounts like your email or cloud storage. With a multisig wallet, two-factor authentication can also become possible for Bitcoin wallets.
- Wallet 1: Your computer (without backup)
- Wallet 2: The online 2FA service
- Wallet 3: Paper wallet in your safe
How to do it:
Every time you initiate a transaction on your computer or phone, the transaction has to be signed off by the online service. Before they sign off on your transaction, they will require you to enter a two-factor authentication code.
A 2FA code could be generated on your phone, be sent to you by text message, or even come from a hardware device. They can also impose transaction limits on your account or require different levels of authentication for different transfers.
If the 2FA service goes offline or gets DDoSed, your funds will be unavailable until you can find the paper wallet in your safe. If somebody has both your device and access to your paper wallet, they can bypass the 2FA service completely.
2. How to use multisig wallets for better security
If you fear that your computer or smartphone might get hacked, you can use a 2-of-3 multisig wallet to increase your security.
- Wallet 1: Mobile wallet on your phone (without backup)
- Wallet 2: Wallet on your computer (without backup)
- Wallet 3: Paper wallet in separate location
Note: We are not making backups of our wallets because we don’t want to have to worry about them becoming compromised that way.
How to do it:
Every time you want to make a transaction, you have to initiate the transaction with one device (for example by scanning a QR code on your phone), then review and confirm the transaction on your other device.
It’s not possible to make a transaction with only one device, so if your phone or computer is hacked, you won’t lose your Bitcoins. If you lose or break your computer or phone, you can recover your coins with the paper wallet and the other wallet you still have. If the paper wallet gets stolen, the thief does not gain access to your coins (due to the multisig requirement).
If both your computer and phone break at the same time, you lose your Bitcoins. You may prepare yourself for this by creating backups of your digital wallets, in which case you need to be careful with how you back them up. Only put two backup seeds together in the same place if you are certain they are safe!
3. How to use multisig wallets as an escrow service
Imagine Alice wants to buy stuff from Bob over the internet, but she has never met Bob before and is unsure if she can trust him. Alice doesn’t want to send the money first, and Bob doesn’t want to send the goods first. To resolve the issue, and allow Alice and Bob to trade, they can create a multisig wallet with a third-party escrow, Emma.
- Wallet 1: Alice on her phone or computer (with backup)
- Wallet 2: Bob on his phone or computer (with backup)
- Wallet 3: Emma on her phone or computer (with backup)
How to do it:
Emma could be a person or company. Alice and Bob don’t need to trust Emma with their money or their goods, but they do need to trust her to not collude with other participants. All three create a 2-of-3 multisig wallet, and Alice sends her funds into the newly created address.
Bob can now see that Alice has made the payment. She can no longer take the money back after the goods have been shipped, as she only has one of the needed three signatures.
After Bob has shipped the goods and they have arrived with Alice, Alice and Bob can forward the money to Bob. If everything goes well, Emma’s signature is not needed at all, as Alice and Bob’s signatures are sufficient to complete the transaction. A 2-of-3 multisig wallet makes it very easy and cheap for Emma to provide that service (unlike in traditional, bank-based escrow solutions).
Only if something goes wrong will Emma step in and make a judgment. She can choose to side with one of the parties, or split the funds in agreement with one of the participants. Emma can’t take the money herself, as she requires the signature of either Bob or Alice to make any transfer.
Escrow services are beneficial in situations where the participants cannot trust each other at all, like when all participants are anonymous. However, it’s not easy to ensure that Alice and Emma aren’t colluding with each other, or even the same person. Alice or Bob could also still try to bribe Emma.
4. How to secure company funds with multisig wallets
A company running on Bitcoin may have a hard time securing their funds in a traditional single-signature wallet. Who should have the keys to the wallet and who should prepare the payments?
If keys are replicated too often between various authorized signers, there’s a risk of having the keys hacked or stolen. If too few people have access to the funds, they might become inaccessible after an accident.
- Wallet 1: The CEO (without backup)
- Wallet 2: The accountant (without backup)
- Wallet 3: Paper wallet in a safe held by the board
How to do it:
In this setup, neither the CEO nor the accountant can run away with the company money. But the accountant can still prepare, sign, and pass the payments to the CEO, who confirms them by adding their signature. If either the accountant or the CEO disappears or loses their device, they can regain access to the company funds by explaining themselves to the board to get the paper wallet.
The CEO and the accountant may still collude with each other and run away with the company funds. But if they don’t, they’d better avoid using the same car or plane. If both their keys are destroyed or become accessible to third parties, the funds are gone.
Why aren’t multisignature wallets used more?
Multisig wallets are relatively expensive, and few wallets have the functionality. Since each transaction contains multiple signatures, they are also far more costly to store on the Blockchain, making multisig setups less attractive in your everyday life.
Also, Bitcoin is not yet used enough in the situations that really warrant a multisig wallet, such as international trade or cryptocurrency funds that require escrow or need a distributed and safe setup.
Bitcoin’s new transaction format, known as ‘Segwit,’ handles the signature data differently to allow for cheaper multisigs, but few wallets support it yet.
However, you can use Electrum Wallet to make use of low-cost multisignature Segwit transactions.
Also published on Medium.