Cryptocurrency wallets that can be opened with only one private key are a major security flaw. Since the key holder retains full access to the wallet, any key that is compromised leaves the wallet fully vulnerable to theft. At present, they don’t scale very well for companies either. Multisignature security is a step towards solving both problems.
If you’ve ever opened a safe deposit box, you may have used 2-of-2 multisignature security. In essence, two keys that exist to open a deposit box. One held by you and the other held by the bank. In such a scenario, both keys are required to unlock such a box. For a third party to gain access to a safe deposit box, both you and the bank must be compromised. Or consider the 2-of-2 multisignature capability required to launch a nuclear missile. As shown in the movies, two keys are simultaneously turned to activate a missile launch. If only one key is turned, the missile stays dormant. This added security keeps a bad actor from easily launching a missile.
This same principle can be applied to cryptocurrency. A multisignature wallet can be created to support an M of N multisignature application, where M is the number of keys needed to unlock the wallet and N is the total amount of keys that are assigned to the wallet. A 2-of-2 multisignature setup is the most common configuration (as it is with a security deposit box). A 2-of-3 multisignature configuration also exists. That is, three keys are assigned to a wallet but only two are needed to unlock it.
A 2-of-2 multisignature configuration can help an individual keep their wallets immensely secure. Opening such a wallet generally requires generating one key on a desktop computer and the second key on another device (desktop computer or smartphone). An attacker would need to compromise both machines in order to gain access to the wallet funds. In contrast, a 1-of-1 signature wallet (a standard wallet) has one point of failure leaving a wallet vulnerable. Therefore, breaking into a 2-of-2 multisignature wallet requires a much higher degree of sophistication. The attacker must somehow coordinate a strike that compromises two completely different devices.
Although Overstock.com and other companies require their wallets to be secure from outside attack, they must still be made accessible to certain employees. A 2-of-3 multisignature wallet enables three employees to have access to a wallet but requires two employees to unlock a wallet at any one time. This reduces the chance of any one employee moving funds in an unauthorized manner. It also makes it highly unlikely that an outside attacker can gain access to the needed keys.
Take a look at a Biffinex exchange cold wallet address shown as 3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r. It’s an obvious multisignature address because it starts with a 3 where a single signature address starts with a 1. Here, the company employs a 3-of-6 signature structure to secure the 1.3 billion dollars worth of BTC stored in the wallet.
Finally, multi-signatures are highly popular with escrow services (as they normally incorporate a 2-of-3 multi-signature configuration). If the transaction is agreed to, both parties can sign off on the transaction and consider it completed. However, if a dispute arises, a third party can hear both party’s arguments and sign off with the party they believe is in the right.
While multi-signature wallets certainly provide needed security benefits, their current implementation on the BTC chain may create problems. For instance, user misunderstanding remains problematic. Multisignature can add security to your wallet but only if it is implemented correctly.
The Bitfinex cold wallet up above is an example of a secure cold wallet. But Bitfinex in 2016 was hacked and 60 million dollars worth of Bitcoin was stolen from its users. Bitfinex had advertised how secure each user’s wallet was because it used the multi-signature third party BitGo wallet. What they failed to do was to distribute the keys correctly.
For normal traders, one key was held by BitGo and two keys were held by Bitfinex. Somehow the attacker was able to access enough keys to unlock and drain the wallet. The attacker wasn’t able to steal coins from margin traders since those exchange users were given correctly distributed keys (one key to access BitGo, one key to access on Bitfinex, and one key held by the user). The story suggests that multi-signatures are not the end-all answer to security. However, a multisig wallet that is correctly configured greatly improves the odds of defending against an attacker (and all the more so when combined with a cold storage setup).
When correctly deployed, multisignature wallets produce extra transactions and require additional storage on the blockchain. The former occurs since multisig wallets require each transaction to be signed individually. That latter results in slower confirmation times and higher transaction fees. Given the strain it puts on the network, expect calls for either newer solutions or different security protocols.
Researchers are already developing solutions to answer such calls. A solution based on the Schnorr multi-signature scheme called MuSig aggregates all signers into a single message and signature (rather than require individual transactions signatures). This signing and verification algorithm allows verifiers to forego knowing each public key involved in a transaction. They only need to know the single aggregated key. It’s expected that MuSig will save 25 percent or more off current multisig blockchain storage and bandwidth requirements. MultiSig specialists believe its adoption will dramatically improve BTC performance and help facilitate a greater devotion to security.
As cryptocurrency gains in popularity, users can expect wallet theft to become more sophisticated. In reaction to this, the blockchain industry can expect new demands for wallets that enjoy more secure protocols. In the meantime, individuals and institutions should be adding multisignature protections to their wallets as a standard security practice. The end result will be a safer cryptocurrency market and fewer headlines of stolen coins and lost keys.