Many are the cases where some individuals lost their private keys, and as a result, lost their coins. These are some of the concerns that people worry about, to bolster Bitcoin security, and prevent such losses.
Today most people are learning and researching ways to keep their Bitcoins securely. Considering that people and entities keep appreciating the value of Bitcoin each day, this is understandable. By the time this post was published, the Bitcoin value was more than $7,000.
Traditionally, the Bitcoins wallets use a single signature key. This is a private key that allows one person to verify and sign off on any transaction. While the notion of using a single key allows the funds owner full and exclusive access to their funds, it’s a very risky idea.
Why is this so?
It’s risky because the security of your funds is solely dependent on the private key, which is nothing but a chain of alphanumeric numbers. There are several risks here, including theft or misplacing the key. If any of these were to happen, you would lose the funds.
To prevent this from happening, it is wise to consider multi-signature wallets or addresses over the single key traditional wallet.
What’s a Multi-Signature Wallet?
The safety and security of cryptocurrencies are underlined by multi-signature technology. All the multisig wallets work under this architecture. By design, all the multi-signature wallets need M of N signatures for any transaction to proceed.
If, for example, you have your multi sig wallet configured for 3 of 5 signatures, this means that for any transaction to be processed, you will need at least three of the five signatures to approve before the transaction can be validated.
In concept, this explains why multi-signature wallets have become the best way to protect your funds, especially when you are operating or starting a community or startup project, and you are worried about reserving all the power to control funds in one person.
How to Use Bitcoin’s Multi-Signature Wallets
Bitcoins are only usable by the person identified by the public key hash, which is the Bitcoin address. Different rules apply within the Bitcoin protocol, which defines cryptographic keys, and the type of control they have in each account.
Multi-signature accounts (multisig) are by far the most popular non-standard Bitcoin accounts and have been in use since 2012. The addresses, instead of 1, start with 3.
Basic Features of a Multi-Signature Wallet
While creating one of these wallets, you get to choose the number of signatures that will be used or authorization, and the minimum number needed to authorize a transaction.
2 of 3 wallets are the most common multi-signature wallets created. In this case, the wallet requires three signatures, but only two are needed to authorize a transaction.
This feature generally works in the same way that banks need signatories to account. However, since blockchain technology does not run on trusts, it is built on consensus and cryptography, which makes it virtually impossible to beat. Therefore, at no point will a single entity or individual be able to hold your funds arbitrarily.
The following are instances where such wallets can come in handy:
- How to Use Multisig Wallets as Two-Factor Authentication
Bitcoin wallets generally do not use two-factor authentication. However, this is an important feature of online accounts like cloud storage, emails and so forth. For multi-signature wallets, two-factor authentication can as well be useful.
- Wallet 1: Your computer (without backup)
- Wallet 2: The online 2FA service
- Wallet 3: Paper wallet in your safe
How to Do It
Whenever you initiate a transaction over the phone or a computer, it must be signed off through an online service. For this to happen and complete the transaction, you must key in a two-factor-authentication code.
This code will be generated and sent to you either through a message, email or a hardware device, whichever you choose. Another option would be to create transaction limits on the account or set unique identification levels for each transfer.
Should the two-factor authentication service be offline or suffer a DDoS attack, you will be unable to access your money, until you get the paper wallet. In case someone has access to both your paper wallet and the device where the two-factor authentication code is sent, nothing can stop them from bypassing your security.
- Improving Security with Multisig Wallets
In case you are worried about your phone or computer security being compromised, you can boost your security with a 2 of 3 multi sig wallet.
- Wallet 1: Mobile wallet on your phone (without backup)
- Wallet 2: Wallet on your computer (without backup)
- Wallet 3: Paper wallet in a separate location
Take note that we do not make wallet backups because this has a high chance of compromising the wallets.
How to Do It
Before you carry out a transaction, you must first initiate it on one device, for it to be reviewed and confirmed on another. Initiation can be as simple as a QR code scan. It is virtually impossible for you to use only one device to make any transaction. Because of this reason, if you were to suffer a hack on your phone, computer or tablet, you would not lose the Bitcoins.
Should you break or lose whichever device you use, it is still possible to recover the Bitcoins through the wallet you still have access to, and the paper wallet. Because of the multi-signature requirement, someone who steals your paper wallet will not be able to access the coins.
You will lose all your Bitcoins in case you lose or break both the phone and your computer simultaneously. To prevent this, it is wise to create digital wallet backups. While this might be helpful, you have to be careful about how the storage is done. You should never keep two or more backup seeds in the same place unless you are very sure they are safe.
- Using Multisig Wallets for Escrow Services
Let’s have an example of Bob, who is selling Alice some items online. Alice and Bob have never met before, and they do now know one another. Therefore, none of them trust each other. Alice is afraid of sending her money to Bob first, and Bob is also afraid of sending his products to Alice first.
The only way to resolve this trust issue is for both of them to create a third-party escrow using a multisig wallet, Emma.
- Wallet 1: Alice on her phone or computer (with backup)
- Wallet 2: Bob on his phone or computer (with backup)
- Wallet 3: Emma on her phone or computer (with backup)
How to Do It
Emma might be an organization or an individual. Bob and Alice do not necessarily need to trust Emma with their property or their money, but they have faith that Emma will not collude with other entities in the transaction. Together, the three of them come up with a 2 of 3 multi sig wallets where Alice will remit funds into the address they just created.
Bob can also acknowledge the payment made by Alice. At the same time, Alice only has one of the three signatures needed, so she cannot withdraw her money after the goods have already been sent.
Once Alice has received the goods that Bob shipped, they can both sign and forward Bob the money. Assuming everything went well, there will be no need for Emma’s signature. To complete this transaction, only the two signatures are necessary. This wallet makes transactions affordable and easy for Emma, as compared to the traditional escrow options offered by banks.
Emma’s input might only be needed in a situation where things did not go according to plan. In this case, her judgment would be required, either siding with Bob or Alice, or splitting the money after agreeing with either of them. On her part, Emma cannot collect the money for her use, since she would need signatures from either Alice or Bob first.
Escrow services are often used in cases where none of the participants trust one another, especially where they are all anonymous. It is, however, not easy to prove that Emma or Alice are not working together, or they are the same person. Besides, one of the parties could try to bribe Emma.
- Securing Company Funds with Multisig Wallets
Companies that run transactions through Bitcoin might not have an easy time securing their funds through the normal single signature wallets. One of the biggest concerns would be the holder of the wallet keys, and the person who prepares the payments.
There is a big risk of misplacement or having the keys hacked, especially if they are replicated between different signatories so often. Another option would be to have the keys and access to funds in the hands of fewer people, but in the event of an accident, they might be inaccessible.
- Wallet 1: The CEO (without backup)
- Wallet 2: The accountant (without backup)
- Wallet 3: Paper wallet in a safe held by the board
How to Do It
Through this setup, neither the accountant nor the CEO can disappear with the money. However, the accountant is still tasked with preparation, signing and passing payments to the CEO, which appends his signature to approve the transaction.
Should either of the CEO or accountant become indisposed or lose access to their devices, all they need to do is meet the company board and explain their predicament, before they are allowed access to the paper wallet.
It is still possible for the accountant and the CEO to plan a scheme where they steal the company funds. Even if this does not happen, these two persons must avoid being together all the time, especially using the same flight or car. This is because as long as the funds are inaccessible to a third party, especially if destroyed, the money will be gone.
Top 5 Multi-Signature Bitcoin Wallets
The following is a brief overview of some of the best, reliable multisig wallets at the moment:
- Armory (Desktop Wallet)
This is an HD Bitcoin wallet that allows users access to their private keys without depending on any third-party servers or even the Armory servers. Armory is an open source wallet, with multisig support and cold storage facilities. Users can create different multi sig addresses, complete with the lockboxes feature.
For any Bitcoin transaction, you can create up to 7 of 7 authorities for approval. Armory is one of the best options in case you are running an exchange, or if you plan on running a startup. Armory is also available on Linux, OSX, and Windows.
- Electrum (Mobile/Desktop Wallet)
This is a lightweight wallet with multi-signature support and cold storage. It is one of the most reliable and oldest Bitcoin wallets in the market. Electrum runs under an MIT license, as an open source project. Because of this, there is no point of failure, and anyone who needs to can run Bitcoin nodes on it.
Electrum can be integrated into third-party wallets like Keepkey, Trezor, and Ledger. With Electrum, you can create authorizers up to 15 of 15 for a Bitcoin transaction. It is currently available on Android, Linux, Mac OSX, and Windows.
- Copay (Mobile/Desktop Wallet)
This open source HD wallet uses multi-signature addresses to protect funds. There are no third party or hidden servers, and the user is completely in charge of their private keys. Copay is the first of a unique kind of multi-signature wallets, given that it allows for testnets on iOS and Android. Through the testnets, you can test how the wallet performs before you deploy it.
To sign Bitcoin transactions, Copay users can create up to 2 of 3 authorizers. It is presently available on Android, iOS, Chrome Extension, Linus, Mac OSX, and Windows.
- BitGo (Web/Mobile/Desktop Wallet)
BitGo is one of the mainstays in the cryptocurrency world, having been around since 2013. It supports multisig functions and is largely popular with a lot of users. BitGo is also popular thanks because of the success in powering exchanges such as Kraken, BitBay, Bitstamp, ShapeShift, UnoCoin and BitQuick through its API service.
It is even possible to integrate your multi-signature addresses with BitGo together with Ledger Blue and Ledger Nano S. To authorize Bitcoin transactions, BitGo allows 3 of 3 authorizers. It currently is available for Android, iOS, Chrome Extension, Linux, Mac OSX, and Windows.
- Coinbase (Web Wallet)
Coinbase is another Bitcoin wallet that has been increasingly popular. It’s a hosted wallet, so they control the private keys for you. For those who might not be comfortable with this, Coinbase also offers non-hosted multisig wallets. In this case, you are in control of your private keys.
The Coinbase system uses a 3-key system; the user key, a shared key, and the Coinbase key to allow you control over the funds. To authorize any transaction, 3 of 3 authorizing keys must approve the transaction.
A study on the multi-signature wallets indicates that they all operate under the same model, sharing the private keys or addresses. The good thing is that your funds are safe because they are inaccessible with a single key.
To allow access or transfer of funds, the multi-signature wallets must require M of N signatures, depending on the type of wallet. If, for example, you are using a 3 of 5 wallet to approve a transaction, at least three of the signatories need to approve.
There are several multi-signature wallets available. However, the ones discussed in here are the ones I have reviewed and ascertained to be reliable. I will keep updating and adding more as I confirm their reliability. Before that happens, however, protect your funds by using multi-signature Bitcoin wallets, and share your thoughts and experience with the multi-signature wallet you are currently using.