I have mentioned multi-signature wallets and transactions in several articles on my site. Although I’ve mentioned what they are and how they work I have yet to do so in anything more than a passing reference. I’d like to take the opportunity to explore this concept a bit more in depth and hopefully shed a little more light on the subject. Hopefully by defining the concept a little better you’ll have the chance to see how powerful multi-sig can be.
You all know by now that Bitcoin relies on addresses and private keys. Bitcoin is moved from address to address using transactions that are authorized by signing with the private key. Once the transaction is signed with the private key the transaction is packaged by the miners and recorded by the node operators confirming the move. It is assumed that if you have the private key associated with an address you have authorization to transfer the bitcoin in the address.
But what if the bitcoin in an address doesn’t belong to just one person? For instance, what if a family has a vacation fund or a household budget? Or what if a company wants to function internally using Bitcoin? Giving everyone access to the same private keys means that any one of them could initiate a transaction and nobody could trace who did so. It’d be like leaving envelopes of cash laying around the house or office without controlling who had access to those envelopes. As you can imagine this could eventually lead to missing money and it has.
There are many examples in the history of Bitcoin where a company discovered vast amounts of wealth were suddenly missing from their stores. It never fails that the company cries wolf, blaming hackers, viruses, malware, or some other similar external force. In nearly every case the culprit ended up being an insider using their access to the private keys to initiate transactions to move company funds into their private holdings. What if it were possible to create budgets with multiple people being notified of transactions and all or most required to sign off on them?
The answer is multi signature, or “multi-sig”. It is a feature of Bitcoin that has been available since early 2012. It was introduced with a new type of address known as P2SH, or “pay-to-script-hash”. You’ve possibly seen this already and didn’t know it. You’ve all see the standard Bitcoin address. It always beigins with a 1. You can recognize a P2SH address by the fact that it starts with a 3 instead of a 1. Among other features, P2SH addresses support multi-sig in arbitrary numbers designated by N number of keys, of which M are required to sign the transaction. For example an address could be created with 3 keys, 2 of which are required to sign the transaction. This would be a 2-of-3 multi-sig address. In order for the bitcoin in that address to be spent 2 of the 3 private keys associated with the address would have to be used to sign the transaction or the funds would not move.
Examples of use could be 1-of-2 addresses allowing either party to spend from an account like in a household budget situation where a couple fund the account with bill money and either can pay the bills. 2-of-2 addresses requiring both parties to agree on spending such as spouses having a vacation or retirement fund. 2-of-3 addresses are the most popular and have a multitude of uses. These can include parents giving kids allowance where the child can spend with one key and either parent could authorize the transaction or the parents could take the money away if needed. Or in a small business in which owners require a majority vote to spend. Or it could simply be used as a backup scheme to insure against loss. 2-of-3 could even be used in escrow services or on exchanges to prevent GOXing.
While the most common multi-sig addresses are created as 2-of-2 or 2-of-3, larger numbers could certainly be used. Imagine 5 roommates in a house each putting their share of bill money into multi-sig wallets, using 3 signatures to release bitcoin to the roommate that actually paid the bill. Imagine a large corporation putting budget money into department controlled wallets that require an employee of the department to initiate a transaction for some business purpose and then requiring one of several supervisors and a member of finance to sign off on spending. Imagine a board of trustees having to all agree to pay out some benefactor. All of this and more are possible with multi-sig.
There are several wallet solutions out there supporting the creation and maintenance of multi-sig addresses. GreenBits and GreenAddress use it as one of their core features and I’ve written a review on them already. The hot/cold wallet I discussed in my DIY Bitcoin Hardware Wallet post, Bither, uses it in a pretty unique way. The wallet I recommend in my early tutorials, Copay, offers this as a feature as well. I will shortly be writing a tutorial on how to create a 2-of-2 multi-sig wallet using my new favorite, Electrum, using two devices: my phone and my computer.
As you can see, multi-sig opens new doors for control and security in the world of Bitcoin. Explore new ways of using it and let me know what you find in the comments. Maybe other readers would benefit from hearing about your use case!