Everyone is concerned about the security of their bitcoins, and we are constantly reading stories of one or another persons getting their bitcoins stolen. Of course, following bitcoin best practices should reduce your chances of being victimized. Advice such as is described at: http://bitcoinsecurity101.com/getting-started/ is a good start.
One big step forward in the improvement of bitcoin security is a little known, rarely used feature called “multi-signature”. The bitcoin core reference libraries support multi-signature capabilities and I expect to see a significant uptake in the usage of this important feature. Let’s explain what multi-signature is all about.
Just like the name implies, a multi-signature transaction requires more than one signature. Let’s say that Bella has some bitcoins and needs to pay Murray. In a regular Bitcoin transaction Bella will simply use her wallet to enter one of Murray’s Bitcoin addresses and “send” the bitcoin. Murray would see the new bitcoin in his wallet and that’s the end of the story. In a multi-signature transaction Bella would still be sending bitcoin to Murray, however in order for Murray to actually receive the bitcoin, a third party, Gail, would also have to sign the transaction. Note that this requirement for a third party, an arbitrator, also greatly improves the security of the bitcoins in your wallet. Even if a nasty party found the private key for Bella, he still couldn’t spend the bitcoin without also knowing Gail’s private key, a much less likely event.
By the way, a multi-signature address always begins with the number 3, and looks like: 34CRZpt8j81rgh9QhzuBepqPi4cBQSjhjr. This lets you quickly visually scan the address and verify that it is indeed a multi-signature transaction.
Using multi-signature features will let you organize secure payments in a variety of creative ways. Some of the types of transactions enabled by multi-signature are an escrow service where a trusted 3rd party holds the money until all are satisfied or a chargeback service so consumers have recourse in case products are not delivered.
To quote from information on the bitcoin.org site describing multi-signature capabilities:
“Bitcoin includes a multi-signature feature that allows a transaction to require the signature of more than one private key to be spent. It is currently only usable for technical users but a greater availability for this feature can be expected in the future. Multi-signature can, for example, allow an organization to give access to its treasury to its members while only allowing a withdrawal if 3 of 5 members sign the transaction. It can also allow future online wallets to share a multi-signature address with their users, so that a thief would need to compromise both your computer and the online wallet servers in order to steal your funds.”
When reading descriptions of multi-signature features you will typically see statements such as “m of n signatures” are required, and so on. In a concrete example, we can say that 2 of 3 people in a transaction would be needed for the spending of the bitcoins. Alternately 7 of 11 members might be needed. The point is that there are a total of “n” people (or entities) involved in a transaction. Of the total population “n”, “m”, usually a lessor number, must sign off. It’s a little confusing at first but makes a great deal of sense. Some subset of all the people involved must sign the transaction. This prevents one person from having the ability to steal bitcoins and ensure that some percentage of people agree to whatever transaction is taking place.
There is a good, more technical article, about multi-signature on BitcoinMagazine at: Multisig: The Future of Bitcoin by Vitalik Buterin. Multi-signature wallet capabilities are just beginning to fill the Bitcoin ecosystem and we can look forward to many new innovative wallets that will make the creation and usage of multi-signature transactions simple. There are a few multi-signature capable wallets, such as BitGo, Bitrated and the core reference Bitcoin-QT. Usage of multi-signature is still new and somewhat novel, so beware. However multi-signature transactions promise to greatly improve the security of Bitcoin, and I’m very much looking forward to lots of user friendly implementations.
Don’t forget to check out BitcoinInPlainEnglish.com