MultiSignature Technology: The players and the potential

Monday 04 August 2014

At the end of 2013, in an interview with BitScan, bitcoin entrepreneur and angel investor, Trace Mayer, alluded to the fact that “2014 is going to be the year of multisignature.” Looking across the range of wallet providers and payment processors, which have set up and adopted this technology over the past few months, he might well have been right in his prediction.

MultisignatureBitcoin security is certainly an area of great interest, but has been challenging for most users. The choices for holders of bitcoin are limited, and sometimes the complexity can be intimidating. One issue is protecting against loss or theft of a private key - the sole item needed to spend bitcoins from an address. Another issue is that of joint management of bitcoins among a group. Bitcoin has a solution for both of these; it’s called multisig.

How does Multisig work?

Multisig stands for multiple signatures, and true to its name it means more than one private key is needed to spend the bitcoin from some address. Multisig solves the key loss/theft issue because a user can store the keys separately. Since multiple keys can be required, it is more resistant to theft, and since not all keys need be presented to spend, it helps mitigate the risk of key loss. Multisig also offers options for groups, like requiring 2 of 3 managers to present their keys in order to spend company funds.

In the past it's been difficult for the average user to use this terrific feature. Tech-savvy users can run scripts to create these addresses, but for the average Joe with a nice bitcoin wallet, it has been out of reach. That's all now changing.

The players

One of the foremost names in multisig technology is Armory, but several others are coming into the fray.

Just a few weeks a go, BitGo secured $12 million in Series A funding led by Redpoint Ventures for its new, multisig wallet services. They claim to be the “world’s most secure bitcoin wallet” and CEO and co-founder Will Obrien told us, “BitGo's multi-signature technology issues three keys for your wallet, two of which are required to send Bitcoin.We hold one key, you control a second key, and a third key is stored offline as a backup. If a single key is compromised, your Bitcoin can’t be stolen. This makes our wallet virtually hack proof.

“Unlike most other Bitcoin companies, BitGo doesn’t have the ability to access your Bitcoin. We only hold one key, which isn’t sufficient to transact on your behalf.”

Frozenbit multisig

Last month, BitPay announced its new open source multisig wallet, Copay, currently in beta. “We believe that multi-signature technology will play an important role in helping people secure their bitcoins against loss or theft. We also believe it is essential for wallet technology to be open source and peer reviewed,” their engineer, Stephen Pair writes in their blog.

In addition, Greenaddress and Frozenbit have also launched multisig wallets. Frozenbit founder, Calvin Harsh, explained to us, "We use the same encryption techniques the military... We assign a cryptographic footprint to every account to sign their transactions when spending funds."

Their focus is on simplicity and ease of use and long term they are hoping to take the wallet to a mobile platform.

So, BitScan spoke to the experts in the field and the founders of different multisig solutions to get their take on their services and the potential of multisig technology.

Armory: An overview

Armory Wallet has a powerful solution built into their latest product offering. It supports multisig transactions, by allowing users to create Lockboxes. These are addresses to which bitcoin can be sent, but multiple signatures are needed to spend. The standard multiple-signature transactions supported in the bitcoin protocol have M-of-N private keys needed to spend the bitcoin.

Armory’s lockboxes provide generic ability to create M-of-N addresses where you choose exactly who holds every key. Many providers have the strategy of using their service as one of the signers, but if you prefer not to go down that route, Armory Wallet might be an option.

Couples may setup 1-of-2 or 2-of-2 accounts, to enable either to spend from a checking account or to require both to sign off on expenditures from a savings account. When you create a lockbox in the wallet, simple drop down menus are used to choose what type of multisig is created.

Users can create 2-of-3 signature lockboxes to let a child have money they can spend with the approval of either parent, for example. Or a company may wish to require 3-of-4 signatures to spend from a discretionary account. And so on. The point is, with Armory the user is in complete control.

This product is unique in its ability to afford users with usable features in offline mode as well. A computer that is disconnected from any network can be used to sign multisig transactions. This allows the user to securely sign via a USB drive, without revealing her private key to anyone else at any point in the process. Armory Technologies‚ Senior Developer Andy Ofiesh explains it to us this way:

An offline installation of Armory is for signing transactions while keeping an air gap between your private keys and the internet. Now that we've added the Multi-Sig capability, your offline installation of Armory can also sign Multi-Sig transactions.

Special Features

Armory multisig walletArmory has a feature called fragmented backup that sounds similar as well. This is commonly confused with their multisig feature, but it is actually different. Any wallet, including their lockboxes can be securely stored offline (cold storage) using this feature. A lockbox secured by requiring multiple signatures to spend from it can also be backed up in pieces, allowing you to require M-of-N fragments in order to recover. This is not multisig, this uses a 32-bit integer which is recreated from a number of pieces by a clever bit of math trick called Shamir's Secret Sharing. In fact Armory's solution will allow users to combine multisig with their fragmented backup feature. When we asked Alan Reiner, the founder and CEO about multisig and fragmented backup, he explained,

Technically you can use Armory to create a 3-of-5 multisig lockbox (requiring 3 signatures for every transaction), and each of the 5 devices can use a 2-of-3 fragmented backup to protect the individual keys. Yes, that's 15 pieces of paper! While few users need anything that complex, it does demonstrate the astounding flexibility of the system we have created! I could see that done in large companies where five board members individually create their wallets for the lockbox, and manage their own backups for their single signing device, which will likely include fragmented backups.

As you can tell, Armory Wallet provides an easy way for users to require multiple keys to spend bitcoins. No keys being held by Armory, it's totally controlled by the user. Their solution is very flexible, with outstanding security including the offline signing option, and you can do it all via their wallet interface. When you need to be secure, Armory is a great choice.

BitGo: An overview

BitGo is for the less technically-minded, who still want the security of a multisig wallet. The company was founded by veterans in online security, digital currency, and financial technology and have an impressive line-up of names as co-founders. CEO, Will O’Brien is a seasoned expert in bringing disruptive businesses to market and virtual currency payments. CPO, Ben Davenport co-founded Beluga, which went on to become Facebook Messenger and both he and CTO, Mike Belshe previously worked for Google. Belshe is the brain behind the multisig protocols used at BitGo.

That protocol involves a 2-of-3 key setup. BitGo holds one key, the owner controls a second and a third is generated and stored offline for backup, for disaster recovery. Where other multisig wallet providers remove themselves from the equation, BitGo do hold one of the private keys.

According to CEO, Will O’Brien, “The BitGo technology actually reduces risk both for us and our customers by removing any single point of attack or failure.”

They see themselves as an alternative to wallets such as Armory, not necessarily a competitor.

Armory and other desktop wallets are great tools for very technical bitcoin users who want complete control of their holdings. It is not a suitable tool for our customers - such as those in the financial services sector - who need to prove control, ownership and security of their holdings to LPs, auditors, and ultimately the public markets.

Special Features

BitGo multisig walletApart from their multisig security, their wallet offers options to users such as:

Spending limits, which might cap the amount, which can be spent without a secondary approval – particularly useful for businesses.

Audit and trail reporting, like familiar financial software, this option “provides full transparency into the history of transactions and approvals.”

100% on blockchain. BitGo does not hold a customer’s bitcoin and holds 1 of 3 keys to act as a co-signer. Crucially, BitGo can never access your holdings, nor can an attack on BitGo steal your bitcoins. If BitGo is ever unavailable, the backup key can be used to move your bitcoins to a new wallet without logging into BitGo.

O’Brien reassures those with concerns about them acting as a co-signatory:

In every transaction, BitGo acts as a security layer – authenticating, running anti-fraud checks, and confirming corporate treasury policies – and a co-signer on the account.
In BitGo Enterprise, we employ a method we call BitGo Cold Key, which means the backup key is generated offline and held by either a security officer employed by the customer or a custodian selected by the customer.

The BitGo team pride themselves on their best practices for security. “A home-grown system is much more difficult to maintain and an easier target for an attacker,” states O’Brien.

Although they will not disclose how many people use BitGo, they do say that “hundreds of companies” were interested when they launched and their customer base includes hedge funds, bitcoin miners, e-commerce companies, exchanges and marketplaces.

Moving forward, they hope to use their recent VC funding to “secure the world’s bitcoin.”

“You can expect us to expand our platform to empower businesses - from exchanges to remittance to marketplaces - operating in Bitcoin and hopefully accelerate the commercial adoption of Bitcoin,” O’Brien says. “We also believe we will see the first multi-sig exchange, secured with BitGo, in the next year.”

Multisig Future

Multisignature technology appears to have the potential to transform the way bitcoin payments are made and more importantly, improve the public perception about the trust issues with spending with bitcoin. Just as companies came along in the early days of the internet to secure online payments, multisig services may well be the answer to securing bitcoin holdings and transactions.

Obvious implementations of multi sig include escrow services and BitGo's CEO, Will Obrien believes it has the potential to go much further. "Multi-sig will be the cornerstone of much of the innovation in bitcoin. For example, you could complete a real estate transaction where the buyer, seller, and agent each have a key."

Those that already use it or are involved with multisig are firm believers. "We know people want to be in control of their coins, we know people want privacy, we know people don't want another Mark [Karpeles] managing a system where their coins could be at risk,” Frozenbit's Calvin Harsh says.

As more organisations and providers come on board with multisig wallets, it could not only provide security options beyond payment services but also aid in one of the community's main goals of mainstream adoption.

Contributors:

Louise Goss

Chris Emberley

Mike Ward


comments powered by Disqus