written by @veriphibtc
Bitcoin’s digital nature permits a wide array of possibilities in regards to its security and the way in which coins are allowed to be moved.
There are no debit or credit balances in the Bitcoin network. There are only a set of unspent transaction outputs, also known as UTXOs, that can be unlocked only if the corresponding signature proving the ownership of a certain coin is applied to one’s coin locking script.
This means that there is a set of conditions applied to each UTXO that need to be fulfilled in order for it to be spendable. If someone loses the private keys corresponding to a certain public key, all the UTXOs locked within that public key will be lost forever.
What Is A Multisignature Scheme?
One really interesting condition that can be applied to a set of UTXO’s is the requirement of multiple private keys to generate their corresponding signature for certain coins to be unlocked. That particular feature is known as a multisignature scheme in the Bitcoin ecosystem and is increasingly used in different security solutions and products.
Elliptic curve digital signature algorithm (ECDSA), the current cryptographic algorithm used in Bitcoin to generate digital signatures, permits the creation of multisignature schemes of up of to 15 signatories (M) and the corresponding choice of signatures (N) required out of the number of signatories created in the first place. This means that any possible variation of a multisignature scheme such as 2 (N) out of 3 (M), 4 (N) out 7 (M), 15 (N) out of 15 (M) are all possible with the current digital signature algorithm.
The possible variations are already numerous and flexible, but nonetheless some are excited about the fact that the limit of 15 signatories will be removed once Schnorr Signatures replace ECDSA in a few years.
Multisignature schemes are really efficient at bringing additional security to your Bitcoin holdings as they eliminate the risk of single points of failure. If all the necessary information to access your Bitcoin is held at a single location, potential hackers or thieves only have to exploit the corresponding vulnerabilities of that location in order to steal all your funds.
The task becomes much harder and costlier to conduct if the malevolent person or organization has to simultaneously attack multiple locations that can be as dispersed as your imagination. Well, perhaps nobody has sent their keys in space or another planet, not yet anyways.
Imagine you are a relatively wealthy Bitcoiner holding $100k USD in Bitcoin value. You might want to protect your holdings with a 2 out 3 multi-signature scheme. You can then distribute geographically your 3 keys at locations that you trust and know that you're in control of. For example, that may implicate your house, your cottage house, and the house of a trusted relative or acquaintance. Without the right combination, just having one of these keys is virtually worthless since it would not permit its owner to access the protected funds. Considering the protected amount, this kind of setup where keys are distributed in a range of a few hundred miles is sufficient in most cases.
The same multisignature scheme (2-of-3) could be extended to a more sophisticated geographical distribution as well. Some holders may prefer to distribute their keys into different countries and even continents in order to further increase the relative cost of an attack on their funds. Also, the nature of the key holder can be modified as well. Some will distribute their keys in bank vaults or already existing secure location services offered for other types of commodities such as gold, art, or diamonds.
Multisignature schemes, along with other conditions such as timelocks, are really useful when it comes the time to build a solid Bitcoin operational security system.
Complexity Doesn’t Mean More Security
As you saw with just two multisignature setups explored above, the possibilities are endless. An individual multisignature scheme must encompass one’s personal situation, predisposition, and risk aversion.
One thing, however, must be kept in mind when one decides how many signatories will be created and the required number of signatures. If your system is really complex and hard to use it can also pose some serious risks to your security as it will be more prone to human errors, losses, and defaults.
A 2-of-3 multisignature scheme might not seem enough for really large holdings. However, just for that kind of setup, you will need to protect and monitor 6 secure locations. Why 6 locations? Ideally, you will not only have one copy of each of the individual keys of your multisignature scheme. You may want to keep each hardware wallet used and backups for each seed (on a metal seed plate or encrypted files for example) in separate locations in case one gets lost or compromised. Of course, you can’t keep all the backups in the same place because it will break the purpose of having a geographically distributed multisignature scheme in the first place.
Imagine now that you decided to do a 4-of-7 multisignature scheme, the number of locations of the keys and individual backups are then multiplied accordingly, meaning that you will need a total of 14 secure locations. That task can quickly become cumbersome and expensive.
Now that you know the benefits and related risks of having multisignature schemes, let’s explore a few wallets that offer that functionality on the market. For a full list of software wallets that offer that feature, check out this full analysis by Veriphi.
The Green wallet from Blockstream is the perfect way to start exploring the power of a multi-signature scheme. It’s best suited for those who want to start playing with a multisignature scheme but don’t feel completely comfortable with the technology yet.
This mobile wallet works with a co-signatory model with a 2-of-2 multisignature scheme. You’re one of the holders through the application and Blockstream keeps the other set of keys on their server. The second signature will only be applied if the pre-existing set of rules applied by your are respected, such as a time-lock or a 2-factor authentication (2FA).
This co-signatory model has some drawbacks, such as the loss of your privacy to Blockstream servers.
For More Advanced Users
Another great tool to further pursue your exploration of multisignature schemes is the multisignature coordinator named Caravan. It’s an open-source tool produced by Unchained Capital.
Derived from their own proprietary software they use for their custodial service, it helps users create a multisignature scheme with hardware wallets such as Trezor and Ledger through a well designed and user-friendly interface.
The Ultimate Bitcoin Hodler
For the most fierce and technically advanced users, you may want to build a multisignature scheme with the ColdCard hardware wallet. It is the most advanced personnel hardware wallet on the market offering high-grade security features such as the PSBT transaction format. That particular feature will let you create a complete cold storage solution since you will never have to plug your ColdCard into a computer.
For a concise and clear tutorial on how to do it, check out this article by Veriphi.
Last Bits Of Advice
Don’t use something that you don’t understand to protect your Bitcoin. Multisignature schemes are a magnificent piece of technology that are already helping countless Bitcoin holders to protect their funds. However, new software products and interfaces are popping up everyday in the Bitcoin ecosystem. If you don’t feel comfortable yet with sovereignty tools, patience might reward you with something easier and safer to use soon enough.
If you have any feedback on this or any other topic, please feel free to reach out to us at any time at email@example.com or @BTSEcom on Twitter. We always love to hear from our amazing BTSE community.