A multisig Bitcoin wallet requires several private keys to access bitcoins. There is now even specially dedicated hardware thanks to the company Frostsnap.
Multisig Bitcoin Wallet
A multisig wallet provides additional security by requiring multiple signatures (multiple private keys) to move funds. The idea is that a group of people can cooperate to control bitcoins.
A traditional wallet (singlesig) contains addresses linked to private keys all deriving from a single seed.
The seed is generated when the wallet is created (the famous 12 or 24 words). This seed is the starting point for deriving the master public key of the wallet. Subsequently, the billions of possible wallet addresses derive from this master public key.
With multi-signature (multisig) wallets, several master public keys are involved. The private keys associated with two master public keys are then necessary to spend bitcoins.
This multisig configuration can now even be done using hardware wallets. The Frostsnap company launched its product this year:
Mutlisig and Bitcoin Timelocks
Multisig wallets increase the range of possibilities. For example, the Liana wallet created by the team Wizardsardine invented “timelocks” which ensure that private keys become valid only after a certain time. This allows for many interesting use cases:
Recovery: You can provide a key to a trusted person. The advantage being that this key will only be valid if you have not been able to connect to your wallet for a certain period of time.
This system is also very practical for the question of inheritance. Keys previously given to your children may become active after a certain period of time. Another key can even be left with a notary in case the heirs cannot reach a consensus.
Governance: Two co-directors can establish a wallet requiring two signatures. They could even provide a key allowing a lawyer to access the funds after a certain period of time in the event of a disagreement.
Multisig decomposition (multisig decaying): The number of keys required decreases over time. First 4 keys out of 4, then 2 keys out of 4, etc. Useful if one of the parties to the multisig can no longer sign transactions for x reason.
All of the examples above use what is called a “relative timelock”which refers to the date corresponding to the last time bitcoins moved.
In other words, if the timelock is six months (25,920 blocks), you must carry out a transaction (to yourself) before it expires to reset the counter to zero.
For those who want to know more about how a multisig wallet works, we need to talk about xpub.
Today, all wallets are “HD”, for Hierarchical Deterministic. Clearly, all public keys (also called “addresses”) always derive in the same way from the seed.
Our article on the subject: Bitcoin – How do we derive the keys from the twelve words?
As said above, wallets randomly generate a seed which will be used to generate a master public key, also called Xpub. It is from this that the wallets derive all of the wallet’s public keys according to a predefined process.
“Predefined” means that the same seed will always generate exactly the same private/public key pairs (and same addresses) which will be used to receive bitcoins. So much so that anyone with knowledge of the Xpub of a wallet is able to see the zero or positive balance of its billions of addresses.
You should therefore never reveal your Xpub. Singlesig wallets generally hide it from users. However, xpub comes to the fore for multisig wallets. The different stakeholders will each have to communicate their Xpub to the others to build the wallet.
All Xpub in a multisig wallet must be kept carefully. Your personal xpub can be retrieved from your seed, but xpub from the seeds of other stakeholders cannot.
Let’s imagine that you are part of a multisig that requires at least three private keys out of five to be able to access bitcoins.
[La clé privée (Xprv) est nécessaire pour débloquer les bitcoins liés à la clé publique lui correspondant. Les clés vont toujours par paire. À chaque clé publique correspond toujours une clé privée]
This multisig means you can afford to lose two of the Xprvs, provided you have all the Xpubs. If you lose your computer, you will need your seed to regenerate the multisig wallet, but also the five Xpubs!
To go even further, we need to talk about scripts.
In essence, bitcoins are numbers linked to public keys via scripts (also called “utxo”). That is to say pieces of code expressing the conditions to be met to spend them. Typically, you must provide a signature proving that you have the private key corresponding to the public key.
A script is therefore a list of instructions that change when BTC changes address. Or should we say, as soon as they change their public key. An address is just a public key encoding. It’s the same thing.
At the time of the transaction, a new script is constructed by linking the BTC to a new address (that of the recipient).
The standard address types (P2PKH, P2WPKH, P2SH, P2WSH, P2TR, etc.) refer to different types of scripts. We recognize them by their first characters. Some start with “bc1q”, others “1” or even “3”.
Today, wallets offering the multisig option still support P2TR (Pay-to-TapRoot) scripts. These scripts produce addresses starting with “bc1q”.
Since the Taproot update, Schnorr signatures make multisig transactions smaller (therefore cheaper in transaction fees).
Another advantage is that they are no longer distinguishable from normal transactions thanks to the possibility of aggregating several keys and signatures into one. So much so that the scripts for multisig transactions or lightning channel openings are now identical to those for normal transactions.
When it comes to more complex transactions such as CoinJoins, the gains in terms of signing times as well as transaction fees are also significant.
Receive a summary of the news in the world of cryptocurrencies by subscribing to our new servicedaily and weekly so you don’t miss anything of the Tremplin.io essentials!