It's All About the Bitcoins

Here’s How ‘Multisig’ Protects Your Bitcoin Stash From Hackers

Multisig might be the innovation that makes bigger business feel safe using Bitcoin. Let's unpack that a bit...
Cold storage, or keeping your key offline where hackers can't get it, is a solution that only goes so far. (photo via BTC Keychain, CC BY 2.0)

Cold storage, or keeping your key offline where hackers can’t get it, is a solution that only goes so far. (photo via BTC Keychain, CC BY 2.0)

The “Inside Bitcoins” conference is happening in NYC this week, and a collection of investors, businessmen, programmers and hobbyists have gathered to buzz about bitcoin’s future. But the Mt. Gox fiasco and the Chinese government crackdown still weigh heavily on the community’s mind, leading many of the conversations back to one issue: security.

The word on everyone’s tongues this week when discussing bitcoin security was “multisig,” or multisignature transactions. New startups and programmers are making multisig available as a tool for businesses, hoping it might just be the kind of innovation that could bring bitcoin into mainstream adoption.

So let’s go over what multisig is, and why it matters to the future of bitcoin.

What is “multisig”?

The basic idea is simple: a multisig transaction requires multiple people to sign off with their private keys before the bitcoin payment is sent to a receiving address (hence “multiple signatures”). A “2-of-3 multisig,” for example, would mean that three separate keys were tied to the transaction, and two were needed to authorize it.

Multisig allows for multiple parties to be involved in the payment process. Once someone has authorized a payment, a mediator (or multiple mediators) who has one of the keys can look at a transaction, determine if it is valid, and then chose to sign off on it or not.

Bitcoin is designed for the easy transfer of money, so a normal bitcoin transaction generally requires someone making a payment to use one private key to send bitcoin. But this frictionless, instantaneous transfer of funds presents a serious threat to security. A thief who’s gotten ahold of your private key can offload your entire balance.

“A good analogy is a safe deposit box,” said Will O’Brien, the CEO of multisig wallet company BitGo. “The bank holds one key and you hold the other. There’s no way for you to get access to that box by yourself.”

It’s been possible for a long time to program individual multisig transactions by hand, or use a custom multisig address. But those fix-it solutions wouldn’t work on a grand scale if a business wanted to incorporate multisig into a large bitcoin operation.

This is where the multisig wallet comes into play.

Getting bitcoin ready for the business world

When you put multisig protocols right into the actual wallet service where your bitcoin is held, they add a more sophisticated layer of security.

For example: If you run a company and you want to use bitcoin for payment, you can use a multisig wallet to ensure that you or your partners have the final say in approving transactions your employees make. Every time a transaction is made, you can be notified, approve or deny transactions, and set spending limits for various employees or departments.

Multisig even protects bitcoin holders from the multisig wallet services themselves, if they were hacked. If you have a 2-of-3 multisig wallet set up, and the wallet service was compromised, you could use your key and a third key kept in cold storage to get your money the hell out of there.

These types of checks and balances give business leaders comfort in knowing that it’s safe to work with bitcoin.

“If people can’t feel secure, they’re not going to adopt bitcoin,” Mr. O’Brien said. “There are other things that need to happen on the road to adoption, but we believe that 2014 will be the year of multisig.”

Bitcoin’s money-moving capabilities are promising for businesses, but many don’t want to be the first ones to jump in, especially while major financial institutions are still so skeptical.

More robust security may be just the thing businesses need before taking the leap.

Follow Jack Smith IV on Twitter or via RSS. jsmith@observer.com

Comments

  1. raincoaster says:

    Reblogged this on raincoaster media and commented:
    About time someone implemented this. And a great opportunity for the Big Banks to get into the business of clearing Bitcoin trades. Ugh.