Ownership of bitcoin is based on the cryptographic keys for each address, usually stored in users’ bitcoin wallet software. A bitcoin “wallet” is actually nothing more than matching sets of public and private keys. Even the wallet software is a secondary layer; all that matters in bitcoin is the keys. Whoever holds the private key to a given bitcoin address can spend whatever bitcoin is at that address – no ifs, ands, or buts.
Naturally, this makes it very important to secure those keys. In large part, this is what the wallet software is for – store the keys, keep them organized, keep them secure. But since any machine can be compromised, storing all your keys on one machine has a severe disadvantage.
In a situation where control of funds is shared, like a business, things get even more complicated. If more than one person has access to the one and only set of keys, theft becomes easy – and the easier it is, the more likely it is to happen. Bitcoin is essentially cash, and you wouldn’t just leave a briefcase full of cash in the break room.
How could we improve bitcoin security and increase accountability in business interactions?
Bitcoin multisignature addresses are bitcoin addresses that have more than one set of private keys. Moving away from single key addresses gives bitcoin an incredible amount of flexibility. It allows shared control over a bitcoin address, configurable to fit the user’s needs.
Managing multisig bitcoin can sometimes be technically daunting for newcomers. But bitcoin multisig wallets are becoming more commonplace and easier to use. Likewise, companies are beginning to offer services that make the technical and organizational challenges easier to overcome on an enterprise level.
Let’s take a closer look at what multisig is and what it has to offer, which boils down to two things:
Security and Accountability
Multisig addresses can provide enhanced security, but the configuration of the keys determines what security it provides. As with most things, security and convenience are generally at opposite ends of the scale.
The different configurations of multisig rely on two variables:
- How many keys does the address have, and
- How many of those keys are needed to process a transaction?
Since a regular bitcoin address works by having one key and requiring one key, the simplest multisig we could do would be an address that has two keys and requires two keys, which would be a 2-of-2 address.
If two people want to share access to a bitcoin address, a 2-of-2 address is a simple solution.
Maybe you’re saving up for a VW bus together, and you each want to make sure the money remains untouched until closing. Since both keys are required to unlock the funds, neither of you can spend without the other one’s OK.
But two keys doesn’t need to mean two people. A 2-of-2 address could offer a simple two-factor authentication process, with one key on your phone and the other on your laptop.
The biggest problem with a 2-of-2 address is that if either key is lost, the funds are irretrievable. The other person could disappear, your phone could get stolen, who knows – but without both keys, that bitcoin is untouchable by you or anyone else.
The simple configuration at the other end of the spectrum is to create many keys, but only require one in order to spend anything. This creates the opposite problem.
Say we have a frat party planned with beer on the menu. Each of the frat bros gets a key so that whoever goes on the beer run can pay from the shared wallet. None of the other keys need to be present.
Because only one key is required, we have all the disadvantages of single-key bitcoin addresses. Anyone who has a key can spend the money; none of the other keyholders need to participate, so it could all be spent by one person with no one else knowing.
On the positive side, this setup creates redundancy. No matter who loses their keys, as long as just one key remains available, the funds can be spent. Back on the negative side, any of those half-dozen lost keys could be used by whoever found them to clean out the wallet.
2-of-3: The Sweet Spot
We find our multisig sweet spot more or less in the middle. 2-of-3 is the multisig configuration with the lowest number of keys that offers the widest range of possible use cases. There is something about the 2-of-3 model that just seems fair. It fits our basic ideas about majority rule while at the same time providing redundancy.
The 2-of-3 configuration offers improved security for multisig 2FA. The third key provides redundancy. A user could spend from an address using the keys on a laptop and phone, but store the third on paper in a safe, just in case one of the devices is lost or stolen. Using either device and the paper key, the bitcoin could still be spent.
By far the most popular use of multisig is for 2-of-3 escrow.
Escrow is a common means of protecting buyers and sellers in a transaction so that each can be assured the transaction is handled fairly before it is finalized. Generally, this involves some trusted third party holding your money for you, but with bitcoin it doesn’t have to.
With multisignature bitcoin wallets, escrow can be achieved on a trustless basis. Private keys to a 2-of-3 bitcoin multisig address can be given to the buyer, the seller, and a trusted dispute resolution provider – this might be the market operator where the transaction takes place, a dedicated service like HashTrust, or even an attorney.
The key difference between multisig escrow and traditional escrow is that once it is in a 2-of-3 multisig wallet, no one party in the transaction has control over the money. Only by two parties acting together can the funds be released from escrow.
So if the transaction goes smoothly, the buyer and seller sign off on the transaction, and there is no need for the third party at all. If there is a dispute, we turn to the third party to resolve the dispute. They can then use their third key to grant either party access to the funds based on the conditions of the transaction.
The main difference with multisig escrow over regular escrow is that the escrow agent in multisig never holds or controls the funds. So the third party is really not an escrow agent at all, simply a dispute arbitrator.
The next post will offer a tutorial for 2-of-3 multisig escrow using Electrum.