Bitcoin is stored in an “address” based on public/private key pairs. For most of Bitcoin’s history, each Bitcoin address was based on a single private key. Anyone who possesses the private key for an address is authorized to transfer Bitcoins. This nature of single-key storage resulted in a couple of critical problems for Bitcoin.
Problem 1: Single Point of Failure
A single-key Bitcoin wallet is simply a collection of private keys that allow users to spend their Bitcoins. These private keys are usually generated and stored on a single machine, and are secured using an encryption method while stored on the disk. However, despite the best security practices, single-key wallets are vulnerable to single point of failure — the private key can be stolen or the encryption can be attacked offline or a malware can damage the system where the private key is stored.
With the growing popularity and adoption of Bitcoin, the malware has been re-engineered to attack Bitcoin wallets. These security risks resulted in the development of protocols to generate and store private keys offline — often referred to as cold wallets.
However, cold wallets have their own risks. If the Random Number Generator (RNG) on the machine that is used to generate the private key has loopholes, funds might be at risk of getting stolen. Cold wallets alleviate security concerns, but do not eliminate them completely.
Problem 2: Access Control
More often than not, businesses assign the responsibility for technology integration to their team of IT professionals. But, giving a responsibility of Bitcoin wallet to IT staff is certainly not wise because anyone with access to private key can move Bitcoins without leaving a trace. With multiple people having access to the private key, it becomes almost impossible to prevent insider theft and identify the individual responsible for the same.
To combat such problems, Bitcoin businesses used techniques like key-splitting to prevent a single person from executing a transaction on his own. However, for larger businesses, it is quite difficult for CEOs and CFOs to involve themselves in every transaction.
The Solution: Multi-sig Technology
A multi signature Bitcoin wallet is a secure alternative to a single-key wallet. The multi-sign technology requires multiple private keys to perform a transaction, known as multi-signature or multi-sig.
Multi-sig works this way — it has an arbitrary set of N keys, out of which M are required to transact, ergo “M-of-N.” The blockchain technology has certain limits on the size of N. The most common multi-sig implementations include 2-of-2 and 2-of-3.
To understand the working of multi-sig technology, let’s take a real world example of a safe deposit box with two keys. One of the keys is held by the bank and another is held by the customer. To open the box, both the keys are required, thereby making the safe deposit box akin to 2-of-2 multi-sig address.
Benefits of Multi-sig Technology
Multi-sig technology eliminates the problem of single point of failure by ensuring that the private keys for an address are generated and stored on different devices. For example, one key may be generated on a user’s laptop while the other one may be generated on a user’s smart phone; both of these devices would be required to transact.
Having keys stored on different devices further leads to other benefits. First, protection against malware –even if one of the devices (for example, laptop) is infected by malware, the attackers cannot steal Bitcoins because the other key stored on the smart phone is safe.
Second, multi signature Bitcoin wallet helps achieve redundancy. Earlier, with a single-key wallet, if a user lost the device on which the key was stored, the Bitcoins were also lost ultimately. However, with multi-sig, this can be prevented. If a 2-of-3 scheme is used, then a user could tolerate losing either of the devices and recover Bitcoins by using the third device together with the offline key.
Third, the access control problem can be addressed. For example, a husband and wife can create a multi signature Bitcoin wallet which requires both of them to sign a transaction, while a 3 person partnership can construct a wallet that needs at least two of them to be in agreement.
Multi-sig technology fortifies the security paradigm and allows users to transact with confidence. By addressing problems like single point of failure and helping achieve redundancy, multi-sig technology is certainly reinforcing cryptocurrency wallets, making them more secure and reliable.