Multisig: that technology that everyone is talking about on Bitcoin forums. It sounds cool, makes wallets more secure, allows for more corporate use cases, makes trustless escrow/arbitration possible, and generally solves lots of problems. But really, what is it and how do I use it?
Let’s dig down and get dirty: how do Bitcoin wallets work? For the sake of this article and without getting too complicated, you can say that Bitcoins aren’t actually moved between addresses, but rather they always just sit in an invisible vault. Also, instead of sending them, you actually just change the locks.
For example, when Alice makes a simple, normal Bitcoin transaction to Bob, she’s actually just removing her lock from the vault with her key, and putting Bob’s lock on it (which Bob can later remove with his key and so on).
If you read my article on PGP (specifically the part about asymmetric cryptography), this might make more sense: the lock is the public key, and the key is the private key. Everyone has a copy of Bob’s lock, so they can encrypt anything they want for him. Or, in this case, lock Bitcoins for him, and only Bob can unlock them with his private key.
So far, it’s pretty simple. It starts getting really cool when you think about more complicated locks. See, Bitcoin has a scripting language built in that allows you to design all kinds of locks. You can make locks that aren’t locked, so anyone can open the vault without a key. Or a lock that only locks after a certain amount of money is put in (so you can crowdsource Bitcoins). Or a lock that cannot be unlocked before a certain amount of blocks are found (say, for instance, when your child reaches age 20).
Enter multisig (short for multi-signature), a lock that only opens with enough keys, out of a set of predefined keys. Let’s say that Alice, Bob and Charlie all want to open a business together and invest some of their money. But none of them actually want only one person to have the private keys to this money. So they each get one key and use a multisig wallet that requires two out of three of those keys. This way none of them can run away with the money alone, but they also don’t need all three of them to pay an expense. For example, if Alice wants to run with the money, she can’t because she only has one key. But if Bob is missing and Alice and Charlie want to pay an expense, they can do it with their two keys (out of the three).
Multisig doesn’t have to be two out of three – it can be almost any combination. Let’s think of a few combinations and some examples of how to use them.
- 1 of 2: A couple wants to have a shared account and they trust each other. They both share the same money while using their own separate wallet.
- 2 of 2: Two-factor authentication for you money. You keep one key on your computer and another key on your phone. Whenever you want to spend money, you have to use both.
- 2 of 3: Trustless arbitration/escrow. Someone wants to buy a product from a stranger on the internet, but cannot trust him. The buyer and seller agree on an arbitrator who will help them in case of a dispute. They each get one key out of three, and the buyer sends the money to a two of three address between the three of them. If the product is delivered and there are no issues, the buyer and seller can use their two keys to release the money to the seller. If there is a dispute, the arbitrator help the buyer to get a refund or help the seller to release the funds. For instance, Bitrated.
- 2 of 3: Safer paper wallets. Instead of having one key with access to all your money, why not make it two? The third key is a backup in case you lose one of the other two. For example, keep one key on your phone, another key where you would keep your paper wallet, and a third key with a trusted family member.
- 4 of 7: Company board of directors. Suppose a corporation has a board of directors who wish to own the control of the corporation’s reserves, instead of trusting their executive management to handle all their money. The board of directors can decide that a majority vote (four out of seven) should be enough to delegate funds to executive management.
All of these examples would traditionally require a financial institution or third party to mediate, but with Bitcoin, it is all programmed directly into the payment and secured by the Bitcoin network. This is why I personally find multisig technology to be some of the most impressive working concepts that exist in Bitcoin today.
Getting started with multisig: A full step-by-step picture guide
Bitpay has made a multisig wallet called Copay that in my opinion is the best currently available on the market. It is open source and free, and runs on any computer/phone (it even looks the same on my phone and computer). I’ll show you how I create a simple two of three wallet: one key for Alice on her phone; one key for Bob on his computer and one key for Charlie on his computer. You can translate this to any sort of combination with whoever you wish.
- Always have backups! It is extremely important just like with any Bitcoin wallet.
- Don’t require all keys (2 of 2 / 3 of 3 / 4 of 4 / etc.). If you lose one of the keys, you lose the money! If you have two of three or three of four, you can still recover your money if you lose a key (better than regular Bitcoin wallets).
- You cannot make a wallet with an infinite amount of keys, there are some technical limitations, and Copay specifically doesn’t let you make more than four of six.