Multisignature Wallets 101

A multisignature wallet (or “multisig” for short) is a type of cryptocurrency wallet that requires two or more private keys to sign and send a transaction. This means that multiple private keys from different sources are needed to create a signature for a transaction, providing an added layer of security. If one of the keys is compromised, the assets are still secure, making multi-sig wallets a more secure alternative for managing crypto funds.

How Multisignature Wallets Work

1. Setup and Configuration: When a multisignature wallet is created, the wallet owner(s) decide on the number of signatures required to authorize transactions. The concept of “M-of-N” in multisig refers to the specific configuration of a multisignature wallet, where “M” represents the minimum number of signatures required to authorize a transaction out of “N” total possible signatories. In other words, “M-of-N” denotes the minimum number of private key signatures needed out of a total of “N” keys associated with the multisig wallet to validate and execute a transaction. For example, in a 2-of-3 multisig setup, there are three private keys associated with the wallet, and any two of these keys are required to sign a transaction. Similarly, in a 3-of-5 multisig configuration, five private keys are involved, and any three of these keys must provide their signatures to authorize a transaction.
2. Private Keys: Each participant in the wallet generates a private key. These keys are kept secret and are used to sign transactions.
3. Public Keys: Each private key has a corresponding public key. The public keys are shared with the wallet, but the private keys remain with the participants. A multisignature address is created by combining the public keys of all the participants involved. This address is a cryptographic hash of the combined public keys and is where funds can be sent.
4. Transaction Authorization: To make a transaction, the required number of participants must sign the transaction with their private keys. The wallet then verifies these signatures against the public keys stored in the wallet. If the required number of valid signatures is provided, the transaction is authorized and can be broadcast to the blockchain.
5. Security: The security of a multisignature wallet comes from the fact that even if one or more private keys are compromised, the attacker still needs the private keys of the other participants to authorize transactions. This makes it much more difficult for unauthorized individuals to access or transfer the funds.

The simple structure of a 2 out of 3 Multisig Wallet that keep your coins safer (If you use the correctly)

Constructing a Redeem Script for a 2-of-3 multisignature (multisig) setup

package main

import (
 "encoding/hex"
 "fmt"
)

func main() {

 pubkey1, _ := hex.DecodeString("034f355bdcb7cc0af728ef3cceb9615d90684bb5b2ca5f859ab0f0b704075871aa")
 pubkey2, _ := hex.DecodeString("02466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f27")
 pubkey3, _ := hex.DecodeString("023c72addb4fdf09af94f0c94d7fe92a386a7e70cf8a1d85916386bb2535c7b1b1")

 redeemScript := []byte{
  0x52, // OP_2
  0x21, // OP_PUSHBYTES_33
 }
 redeemScript = append(redeemScript, pubkey1...)
 redeemScript = append(redeemScript, []byte{0x21}...) // OP_PUSHBYTES_33
 redeemScript = append(redeemScript, pubkey2...)
 redeemScript = append(redeemScript, []byte{0x21}...) // OP_PUSHBYTES_33
 redeemScript = append(redeemScript, pubkey3...)
 redeemScript = append(redeemScript, []byte{0x53}...) // OP_3
 redeemScript = append(redeemScript, []byte{0xae}...) // OP_CHECKMULTISIG

 fmt.Printf("Redeem script %x\n", redeemScript)

}

Using Golang as my language of choice, I have constructed a 2-of-3 multisig redeem script. The breakdown is as follows:
redeemScript  is initialized as a byte slice containing 0x52 (OP_2), indicating that 2 signatures are required, and 0x21 (OP_PUSHBYTES_33), which is a prefix indicating that the next 33 bytes are to be pushed onto the stack. Public keys pubkey1, pubkey2, and pubkey3 are appended to redeemScript. Each public key is followed by 0x21 (OP_PUSHBYTES_33), indicating that the next 33 bytes are to be pushed onto the stack. This is because Bitcoin public keys are typically 33 bytes long. Finally, 0x53 (OP_3) is appended to indicate that there are 3 public keys in total, and 0xae (OP_CHECKMULTISIG) is appended to indicate that the multisig script is complete and ready for execution. The resulting redeemScript will represent a 2-of-3 multisig script, requiring two out of the three specified public keys to sign off on a transaction.

Use Cases for Multisig

Multisignature (multisig) wallets offer a wide variety of use cases that enhance security and flexibility in managing cryptocurrency transactions. Some of these use cases include the following:
1. Multisig wallets provide an added layer of security by requiring multiple private keys to authorize transactions. This feature is particularly beneficial for securing personal funds in cold storage and protecting business accounts where multiple stakeholders, such as the CEO, CFO, and board members, can provide signatures for a transfer.
2. The use of multisig wallets enables two-factor authentication, enhancing the security of cryptocurrency transactions. By requiring multiple signatures, these wallets provide an additional layer of protection against unauthorized access and fraudulent activities.
3. Multisig adds an extra layer of security to escrow transactions by requiring multiple parties to authorize fund release. This reduces the risk of fraud, theft, or misuse of funds, as all parties must agree before funds can be transferred.

Conclusion

The use cases of multisig are widespread as they are functional for both personal and corporate use. The enhanced security of multisig makes it particularly useful and interesting especially when the multisig setup is carefully planned.