What is a Multisig? How Bitcoin Multi-Signature wallets work?
When you want to spend Bitcoin from your wallet you need to create a transaction and sign it with the corresponding private key. Its not a manual process. The wallet typically manages them automatically for you. By signing a transaction you are basically saying that “I have the key to mange these coins, I am the owner of the funds and I approve this transaction.” The signed transaction is then broadcasted to the network and the coins are transferred to the recipient Bitcoin address.
Most Bitcoin wallets uses single signature setup. Bitcoin core, electrum and even hardware wallets like Ledger and Trezor uses single-key address. This kind of setup only requires one signature to sign a transaction.
Now instead of holding your Bitcoin with a single key you can also hold them with several set of keys. This kind of setup is known as Multisig, short for Multi-Signature. Wallets like Ledger, Trezor, Electrum and other single sig wallets can also be configured as a Multisignature wallet which requires two ore more signatures to sign a transaction.
So what is a Multisig? How Bitcoin Multi-Signature wallets work? What are the features of this wallet and should I be using Multisig to store my Bitcoins?
Here in this article we’ll explain everything about Multi-signature wallets. Also we’ll take a look at some of the Best multisig wallets available Today.
What is a Multisig?
Multisig stands for Multi-Signature. Multisig is produced through a combination of several unique signatures. This type of digital signature helps two or more participants to sign a document in group. It is generally used to divide up responsibility and to avoid key person risk when it comes to handling funds.
Multisig is not something that is new to cryptocurrency. This idea is also being using used in the traditional banking system as a security measure. Imaging a bank vault where the banker has 1 key for the locker and you hold the other key. The locker can be opened only if you use both the keys.
Now that’s how a multisig Bitcoin / cryptocurrency wallets work. The only difference is that bank vault requires more than one key to open the vault and the keys are physical. Whereas in multisig wallets the keys are digital where multiple digital signatures are required to authorize a Bitcoin transaction.
What is a Multi-Signature wallet?
A Multi-Signature wallet is also known as Multisig wallet. As the name indicates multisig Bitcoin wallet requires two ore more signatures to authorize a Bitcoin transaction.
Only a handful of Bitcoin wallets support multisig configuration and this type of wallet requires two ore more private keys to sign and send a transaction. This kind of setup can be useful for adding extra security to your personal wallet. But it is more useful in managing a joint account where users divide up the responsibility for the possession of Bitcoins.
Now before we see how multi-signature wallet works lets look at the difference between single-sig vs multi-sig.
Single-key vs. Multisig
Normally, users store their Bitcoins in a standard single key address (except for advanced users who hodl Bitcoin using Multisig wallets). Single signature Bitcoin wallets are basic wallets that only need one signature to sign a transaction.
With single-key address only the person who holds the private key to that specific address can access the funds. Only they can sign the transaction. They don’t need authorization from anybody else and they can transfer coins at their own will.
Bitcoins stored in a single-key address are faster and easier to mange compared to multisig. However there are some security issues.
With single-key address your coins are protected by a single point of failure. If you lose your backup you’ll lose your coins. If someone gets access to your private keys your funds are gone forever (not if you are using hardware wallets like Ledger or Trezor). Also due to key person risk single-key address is not a suitable option for businesses involved with Bitcoin and cryptocurrencies. Multisig wallets has a built in way to manage this sort of risks.
By storing Bitcoins on Multisig address the coins can only be moved if multiple cryptography signatures are provided which is generated through different corresponding private keys. Since it uses more than one signature to access the wallet multisig provides enhanced security.
Features of Multisig wallet – Benefits of Multisig
Multisig wallets mainly offers two benefits:
- They provide a more secure storage solution. Multisig can keep your coins safer even in vulnerable environment (only if you use them right).
- Sharing authority among several parties to spend coins with no single point of failure.
Let’s say your wallet has 1 BTC stored in one of the address. Each Bitcoin addresses have a corresponding private key. If you have the private key of the specific address that holds 1BTC you can spend that money. This is single sig. But the problem is if cybercriminals; with all their advanced phishing techniques if they somehow get access to your private keys / seed phrase they can easily steal your funds. Now this can’t be done if you are storing coins using Multi-Signature technology.
Multi-Signature can improve the overall security of your digital currencies. They’ll keep your coins ultra safe. Since it requires more than one keys the attacker who gets access to one your wallet still cannot steal your funds. This is why many Bitcoiners recommend multisig for Bitcoin storage.
Other than benefiting the end users it also improves the wallet security for businesses. This feature is most commonly used by cryptocurrency exchanges to ensure that the coins cannot be moved by a rogue employee. Since it requires two or more copayers to sign a transaction and send funds from the wallet it allow for trustless escrow transactions.
Another good example where multisig can be beneficial is that it can be used to avoid key person risk. For example OKEx in 2020 suspended crypto withdrawals citing that the key holder who has authorization has “been out of touch” with the exchange. Without their authorization they’ll not be able to process any withdrawals. As a result customers funds were temporarily locked in the exchange. Now multisig can help mitigate the hazards of dealing with digital bearer assets if properly used.
Alright! Now that we’ve learned the use cases of multisig lets understand how multi-signature transaction and wallets works.
How multi-signatures work?
Most standard transactions on the Bitcoin network are single signature transactions which only require one signature. The person who owns the private key to that specific Bitcoin address can transfer the funds.
Other than single signature transactions Bitcoin network also allows for more complicated transactions which requires multiple signatures of users before the coins can be transferred. These are multisig transaction which is also referred to as M-of-N transactions.
In general all types of multisig wallets require M-of-N signatures. The person who configures the multisig wallet determines the overall number of keys and the threshold needed to spend the coins. There are numerous combinations ranging from 1-of-2, 2-of-2, 3-of-5, 3-of-6, 5-of-7 and 5-of-8 etc. 1-of-1 defines a single-signature wallet.
The most common multisig combination is 2-of-3 where at least two keys out of three is needed to move funds from the wallet. Most popular escrow-based services and exchanges use 3-of-4 and 3-of-5 setups to secure their hot / cold wallets. There are numerous permutations available and users can set the rule as per their own requirements. So how do they work?
How does a multisig wallet work?
Multisig wallet is a wallet that is commonly shared by two ore more users also known as copayers. Imagine a security deposit box that has two locks and keys. The two keys are held by two separate users. The box can be opened only if both the users use their keys. With this kind of security layer one cannot open the safety box without the consent of the other. Now that’s how multi-signature wallets work and that’s why multisig wallets also commonly known as vaults.
When setting up the wallet you can choose the number of keys allowed to open the multisig wallet and the minimum number of keys required to unlock the funds. It depends on your requirements.
For example lets say You, Alice and Bob wanted to open a business together. For some obvious reasons none of you want any one person to handle the business money. So you setup a multi signature Bitcoin wallet for 2-of-3 authorized signatures. This wallet will be shared and each one of you will be presented with an unique set of keys. Now to make a payment that is to send transaction from this wallet at least two person should use their keys.
Let’s assume you are creating a transaction and signing it with your key. After signing you’ll send the signed transaction to either Alice or Bob. They’ll verify the transaction details and sign it with their private key. Since it is a 2-of-3 multisig wallet only two out of three keys are needed to sign the transaction. Until enough copayer approves the transaction the funds will stay in the wallet.
Once enough signatures are met as per requirements the transaction becomes valid. The wallet will then automatically broadcast the transaction to the network and the funds will be transferred to the recipient address.
At anytime all three of you (copayers) can open the wallet and see the funds and transactions. But to send coins out any two must authorize and sign. This way none of you can run with the money alone. Also you don’t need all three to manage your business expense at any given time.
In multisig wallets there is no copayer hierarchy. This means anyone can create a transaction proposal and all the copayers will get equal permission to sign the transaction. Also there is no time limit since the transaction proposal does not expire.
Now let’s understand the address and the signature concept behind multisig wallet.
You now know that the funds in the multisig wallet only unlocks if enough keys, out of a set of predefined keys are used.
Multisig doesn’t always have to be two out of three. As we said it can be almost any combination. But the number of signatures required to authorize a transaction will always be lower or equal to the total number of the copayers of the wallet.
For example with 2-3 wallet only two out of three people keys required to sign a transaction. If it is a 3-3 wallet then all three copayers need to sign. Only then the transaction will be sent.
To understand better lets see how the multisig wallet address are generated and how signatures are done.
In ordinary Bitcoin wallet the Bitcoin address (public address) is the hashed version of the public key (Plus few extra bytes). When you want to receive funds you’ll reveal the public address to the other party. Each public address have an associated private key which is the what used to spend funds from that specific address. So in standard Bitcoin wallets the public address has a private key.
Now consider you want to create a multisig wallet with three copayers. All the participants (copayers) share the same public address to receive funds. But since the address is not the hash of the public key there is no private key directly associated with any public address.
Multisig wallet in general do not reveal the private keys. The address generated in multisig wallet is the hash of a script. The script lists the public keys of all the copayers whose signatures are needed to redeem the transaction. Even if a hacker gets access to one of the copayers wallet they’ll not be able to spend funds. They’ll only get to know the public address and the public keys of the other copayers.
This you’ll better understand when you setup a multisig wallet for yourself.
So is a multisig wallet safe?
When multisig goes wrong
There is no such thing as perfect Bitcoin wallet. Mobile wallets can get lost, desktop wallets are vulnerable to attacks. Paper wallets can perish. Custodial wallets are just an exchange hack or exit scam away from losing your money. And even hardware wallets has some complexity.
With that said multisig has increased complexity over single-sig and it has its own pitfalls.
Sure, multisig provides an extra layer of protection to your cryptocurrency holdings. But it does not come without risks. With single signature wallet there is an associated seed phrase which users can use to backup and recover their entire wallet. In multisig setups there is no such backup mechanism. Each copayers has to backup their own seed phrases of their wallets. If any one losses access to their wallet or backup everyone losses access to the whole vault.
For example with a 2-of-3 setup only 2 copayers signatures are required to approve a transaction. Each copayer will manage their own wallet and each cosigners backup includes extended public keys (XPUBs) of all the other copayers. It also includes the derivation path, threshold and the scrypt type used in setting up the multisig wallet. If any one cosigner losses their backup then technically the multisig wallet cannot be recovered. The other two cosigners have to use their access and move the coins immediately to a safe place. This is for 2-of-3 setup.
Say for example it is a 2-2 wallet where one cosigner has lost access to their wallet and they do not have their recovery phrase either. Unfortunately in this case there is no way to recovery coins from this wallet. This is why you should never set a higher threshold needed for spending coins.
Even though multisig has come a long way it still has some complications and is not recommended for less technically savvy users. The user experience of multisig is also not simplified enough for common users. So only those who are familiar with the mechanism should deal with multisig. For personal use single sig hardware wallets such as Trezor and Ledger are more than enough to secure your funds.
So when should someone use a multisig wallet?
Who needs the multisig wallet?
Multi-signature is a niche custody practice among Bitcoin holders and not everyone uses this kind of setup to store their Bitcoins. These days multisig wallets are most commonly used by cryptocurrency exchanges, investment funds, brokers / OTCs and other companies that are looking to secure their holdings. They share the wallet access among the key people to keep the financial decision process less risky and more distributed.
Other than this one can also use multisig for personal purpose. Say you wanted to share your wallet with one of your family member or wanted to open an escrow account for buying / selling property. Multisig can be useful in this scenarios.
Should I use multisig?
One common question among beginners is can I use multisig for my own personal wallet instead of storing coins using single-sig. Sure, you can create a multi signature wallet for yourself especially if you don’t want to invest on hardware wallet.
You can setup one of the multisig wallet on your main machine and the other on a offline computer. This way even if the attacker gets access to the wallet on your main machine they’ll not be able to steal your coins. But remember to backup both the wallet and store both the backups in a separate location.
Also it is worthy mentioning that it is not advisable to setup 2-2 multi-sig wallets on same PC. If the PC gets compromised then your multisig wallet becomes less secure. So there is no point of having multisig if you have all the keys on same PC. Its the same as single sig, doesn’t add any extra security.
Does multisig wallet involves higher fees when sending funds?
This is another common question. Yes, since multisig requires more signatures to include in the transaction the size of the transaction (in bytes) becomes larger and so you pay a higher fee compared to single sig transactions.
Alright! What is the right wallet for setting up multisig?
Multisig wallets for Bitcoin
There is a huge list of multisig wallets available for Bitcoin. We’ll explain how to setup multisig and we’ll share the complete list of wallets in a separate article. For now here are quite some list:
- Casa Keymaster
If you’re looking to enhance the security of your bitcoin wallet, multi-signature might be the answer. Hope this guide has cleared all your doubts regarding multisig.
More info on Multi Signature: https://en.bitcoin.it/wiki/Multi-signature