Multisig is short for “multisignature” and refers to having more than two private keys to approve a transaction. In order to access the cryptocurrency, more than certain number of private keys are required and it is used to divide up responsibility for managing of cryptocurrency. Generally ( in the case of single–signature transactions), a private key is managed by single device and single password. In this case, you could lose your cryptocurrency if your PC or smart phone is infected with virus, or your password is hacked. To put it simply, security improves when multisig is implemented rather than singlesig, just like having two or three vault keys is more robust than one key.
The most popular multi-signature account
“2 of 3” transaction style which requires the two signatures of three registered signatures is the most popular type.
Suppose you hold two private keys and an exchange holds one private key. Your asset won’t be accessed with just one key held by the exchange, thus, no one can illegally withdraw your cryptocurrency even if the exchange is hacked. On the other hand, you can access your asset anytime using the keys you hold. Even if you lose one of your keys, you can still access your asset without problems by using the key held by the exchange and another key you hold. Off-course you won’t be able to access your asset in the situation that the both keys you hold were in one device and your device is hacked, or both keys are lost.
Generally, singlesig cryptocurrency addresses starts with “1” and multisig address which provides more security starts with “3”.
A typical example of multisig is “Multisig Escrow” that is a trading method which provides security to both the seller and buyer.
Troubles could happen when people do internet shopping. For example, a bought item is not delivered after a buyer made a payment. In order to prevent this kind of troubles, escrow service which is an arrangement in which a third party holds buyer’s money and disburses money to the seller once the bought item is in the buyer’s hand is implemented in the trading on internet, such as BASE, a free net shop.
Likewise,”Multisig Escrow” is used for cryptocurrency payments. OpenBazzar, an online commerce in which sellers and buyers participate freely, actually implement multisig escrow.
Suppose a person A purchases an oil painting from a person B. First, a buyer A sends cryptocurrency to a multisig address. This multisig address has three private keys and each person, A, B and the third person, has a key each. B sends an oil painting to A once the payment from A to multisig address is confirmed. A declares about receiving the oil painting when he/she confirms the arrival of painting and no issue with it, then “2 of 3” is performed by B and the third person response to A’s action, and then the cryptocurrency which was held in multisig address is released and the trade is completed. If B does not receive the oil painting, A contacts the third person and he/she arbitrates the matter from an impartial position. If A’s claims is accepted, the cryptocurrency held in the multisig address will be refunded to A using the third person’s private key and A’s private key.
If this trade was carried out with singlesig, the purchaser may not receive the item after making a payment, or may not receive refund even the item has some kind of defects. By using multisig escrow, unknown parties can safely conduct business transactions at ease.
Pros of Multisig
1. Enhancement of security
Even if one of the information of private key is hacked, you won’t lose your asset as long as you set more than 2 signatures as a requirement for transaction.
2. Risk hedge for losing the private key
You can still access your asset even if a private key is lost when you set a multisig, such as “2 of 3”.
3. Mitigation for embezzlement risk
By applying“Multisig Escrow” system into an organization such as a company, it can be an measure to prevent embezzlement within the company.
Cons of multisig
1. Increase in a transaction cost
Compare to singlesig, multisig service fee for transaction increases.
2. Increase in managing cost
If multisig is set, multiple private keys are required for cryptocurrency transaction and it is time consuming to perform the operation. It is more complicated, if private keys are managed by multiple people. “2 of 3” setting is not too bad, it becomes more fiddly as the number of private keys increases to improve security. At the same time, the managing cost also increases.
3. The number of operation increases
The number of operation, multiple people have to sign by using private keys every transaction, increases.
A trade-off between convenience and security as above could occur, therefore, multisig is recommended for storing a large amounts of cryptocurrencies for a long period of time.
Popular Multi-Signature Cryptocurrency Wallets
Copay is one of the most popular multisig wallet currently available on the market. Copay is a HD wallet (offline) which supports multi-signature addresses. Risks of hacking dramatically lowers and robust security is promised as cryptocurrency can be stored in an offline wallet in your PC. At present, it is available for various models including Windows, Mac OSX, Linux, Chrome Extension, iOS, and Android. With any wallet, you cannot make a wallet with an infinite number of keys, there are some technical limitations, and Copay specifically doesn’t let you make more than four of six. Other wallets such as BitGo and Nanowallet are also popular.
While cryptocurrency has become widespread, damage such as hacking and fraudulent access has become worsen. About160,000BTC (US $1.4 billion at the time) was stolen in 2014 by the operation performed by one person, the CEO of Mt. Gox, cryptocurrency exchange,
The announcement made by Coincheck about the incident that 523million NEM (US $534 million at the time) was stolen in fraudulent access in the beginning of January this year is fresh in our mind. The cause of this incident was that Coincheck was hacked and private keys were stolen. The exchange was pointed out not implementing multisig to store private keys and they were widely criticized.
The risk of these incidents could be reduced by applying multisig as one of security measures for cryptocurrency exchange. Multisig is definitely a robust system to protect cryptocurrency. We recommend you start implementing multisig to manage your asset while reviewing past incidents.