Bitcoins are generally stored in Bitcoin’s blockchain addresses, which are Public/Private key pairs of ECDSA. Around 80% of the bitcoins are stored using standard (single-key)🔑 addresses, which usually starts with number “1”. Therefore, anyone who have access to any private key corresponding to that standard address can move funds and these transfers are irreversible. This kind of bitcoin(₿) storing nature led to critical problems.
When user creates wallet, wallet generates pair of Key. These wallet files are typically stored on machines and securely store on disk using encryption. However, after taking best practices for securing wallet, there are chances of being offline attack. There are possibly chance of malware or hacker’s attack on your system when user login to their wallet. This kind of single-key storage is risky and led to create protocol that stores key offline. These wallets known as “Cold storage or Hardware wallet”. Hardware wallets generates key based on Random number generator and if that generated key had weaknesses, funds may be at risk without any malware or hacker attack. Obviously attacking on hardware wallet have their own expenses, so it is safer than storing on machine.
Access Control 🔑
When it comes to business for handling bitcoin, then its different game compared to individual. In most of organization, leaving key of bitcoin wallet to employees is not reliable as one can move funds without leaving any traces. There are some way to get rid of them by splitting keys and giving access to their CEO, CFO but again for larger business where many transactions needed, it is not reliable. Businesses need some internal policies for transaction. Nevertheless, there is another solution for it.
The Solution: Multi-sig 👥📝
Blockchain industry is evolving rapidly and to overcome above-mentioned flow of bitcoin, they have upgraded their protocol and brought up alternative to single-key addresses. In upgraded version, new type of address defined and standardized that is called P2SH (pay-to-script-hash) and these addresses starts with “3” instead of “1”. The new addresses need multiple private keys to transact bitcoin and this known as Multi-signature or “Multi-sig”. The X number of keys are required out of arbitrary set of Y key to transact a P2SH address. This also called as “X-of-Y”. Therefore, single-key address considered as “1-of-1”. Because of limitation of blockchain, most of multi-sig implementation are either “2-of-2” or “2-of-3”.
The easiest example of “2-of-2” multi-sig address is “bank locker” 🏦 with 2 keys where one key held by bank and other is customer. To open deposit box, both keys are needed else it is impossible to open locker.
Unlike single-key, the malware or hackers attack on machine can be avoided using multi-sig “2-of-2” address scheme by storing keys of wallet on two separate devices i.e computer and phone. As both keys are stored on different devices, funds cannot be stolen on malware or hacking attack. However, question arise, what happen if one loses their phone? In such cases “2-of-3”, address scheme is useful by storing another key offline. In case of loss of one device, still fund can be recovered using offline key and available device.
As we can see, multi-sig technology helps both business and individual users by improving security and access controls.