September 15, 2014
Gavin Andresen, chief scientist of the Bitcoin Foundation, made a proclamation during his State of Bitcoin Address at the Bitcoin 2014 conference in Amsterdam. He said without hesitation, “This is the year of the multi-signature wallet.”
That was in May. So where are the multi-signature wallets? Let’s look at the stats. Today, only 0.5776% of all bitcoins are stored in P2SH addresses, the underlying technology that is used in multi-sig. (source: p2sh.info).
We all know security is a fundamental threat to bitcoin, and yet many of the largest players in the ecosystem are still not using multi-sig. That needs to change.
Who is using multi-sig besides BitGo who pioneered the technology in 2013? Circle has stated they use multi-sig internally and Coinbase has announced they plan to introduce multi-sig in their vault product. Bitcoin payment processor BitPay launched a multi-sig open-source project called CoPay, and there are other early stage multi-sig wallets like GreenAddress. Desktop wallet Armory has also been working on integrating multi-sig. We applaud all of these companies for their contributions to securing the bitcoin ecosystem.
But what about the other major wallets and vaults that are holding customer funds? What about the major global exchanges? What about the early bitcoiners who are holding mass sums of bitcoin? Some have embraced multi-sig directly or through a service provider, but too many are holding their balances locked up in single-key cold storage, or worse, sitting in insecure hot wallets.
We can’t disrupt the ecosystem of global payments and capital markets if the majority of our coins are cold and not using security best practices. A well-functioning currency needs both security and mobility to thrive.
BitGo recently celebrated the one-year anniversary of our multi-signature wallet launched in August 2013, a date which marked the first commercial implementation of multi-sig.
Now, a year later, we believe it’s time we come together as an industry to end the cold storage ice age and adopt multi-sig.
“We believe it’s time we come together as an industry to end the cold storage ice age and adopt multi-sig.”
In this essay, I describe why multi-sig should be rapidly embraced as an industry standard and identify the current and future innovations in bitcoin security since the advent of multi-sig.
A Brief History of Multi-Sig
The technology that is used for multi-sig today is called P2SH, and was introduced in BIP 16. First proposed by Gavin Andresen, P2SH was adopted into the bitcoin core in early 2012, and it took about 18 months for the P2SH address format to become widely supported by wallets and exchanges.
P2SH (or “pay-to-script-hash”) is a way to sign a transaction with a script instead of using a single private key. A wallet can use this native bitcoin core technology to create advanced transaction types and addresses, such as requiring 2 out of 3 keys to sign a transaction, or 5-of-7, or M-of-N. The resulting address starts with a “3” instead of a “1”, which is an easy way to tell whether you are using a multi-sig address or not.
At BitGo, we kicked off our multi-sig R&D in the beginning of 2013. During our initial development and even after our commercial launch, we hit roadblocks that were preventing the widespread use of multi-sig. As an example, some wallets had hard-coded their address verification to look for a “1” as the first character. We had to reach out to those wallet providers and ask them to change their code, and we also patched some core libraries to create proper scripts for P2SH.
In February of this year, I published an essay on Medium — following the collapse of MtGox and numerous mainstream stories about bitcoin theft and loss—in which I made the case for multi-sig as the only viable solution for securing bitcoins.
In this essay, I am reaffirming this call to action. The time is now for multi-sig to become a standard for all bitcoin storage. The industry goal needs to be to secure the Bitcoin ecosystem with the best solutions available, and multi-sig is clearly superior to single-key cold storage.
“Companies which fail to adopt multi-sig will unnecessarily put customers and the entire ecosystem at risk.”
Large pools of bitcoin, in either hot or cold single-key storage, are natural targets for attack, either through hacking, social engineering or insider theft. As an industry, we should strive to eliminate all single points of failure, and this includes single-key storage. Companies which fail to adopt multi-sig will unnecessarily put customers and the entire ecosystem at risk.
Why Multi-Sig is the Right Standard for Security and Transparency
Multi-sig is not just a better technology. It is a security model that paves the way for a secure, transparent, and vibrant bitcoin economy.
In its most basic form, multi-sig is the digital equivalent of a safe deposit box. Two keys are required to open the box and those keys are held by different organizations, ensuring no single point of failure or attack.
But the extensions on top of this basic structure enable advanced operational capabilities.
With multi-sig, an exchange can deposit customer funds into segregated accounts, a requirement we see in other financial sectors, so that balances and transactions can be independently audited and verified.
With multi-sig, a service provider can hold one of the keys and act as a co-signer on all transactions, preventing fraud and administering corporate treasury protections like spending limits.
With multi-sig, bitcoins can be designated into an address for an escrow transaction where the buyer, seller and escrow agent each hold a key, and neither buyer nor seller need trust the escrow agent.
With multi-sig, properly implemented, there will never be another MtGox.
Let’s look back at an example from the development of the Internet. Today, nearly every major website URL starts with “https”. When you add in the “s”, your Internet communication is being secured with TSL/SSL. But in the early days of the Internet, we did not have these standards. In fact, SSL was originally developed by Netscape and was not released publicly until version 3.0 in 1996. Once SSL became a standard, and companies like Verisign introduced additional security procedures and technologies, the Internet became safe for e-commerce and experienced incredible growth.
Similarly, today, bitcoin has unbounded promise but desperately needs the adoption of security standards in order to experience growth.
BitGo was the first company to build a multi-sig wallet, but we do not have a monopoly on multi-sig. We do not have a patent on multi-sig. Multi-sig is a core building block of the protocol that should be included in every bitcoin wallet and transaction model. If you cannot build it, there are service providers (like BitGo) who offer platforms on which you can build your bitcoin business.
Ultimately, we believe that multi-sig will become as important to the bitcoin ecosystem as TSL/SSL is to the Internet. The faster we move there, the better.
The Future of Bitcoin Security
Multi-sig is not the future of Bitcoin security; it is the security standard the market needs today.
“Multi-sig is not the future of Bitcoin security; it is the security standard the market needs today.”
Once multi-sig is ubiquitous, market creativity will kick in, driving innovation and ultimately benefiting all bitcoin users.
Here are some examples of security developments we are seeing in the market on top of a baseline of multi-sig security:
HD (hierarchical deterministic) Wallets
BIP 32 introduced the concept of HD wallets. With traditional wallets, you need to generate and backup a private key (or 3 keys for a multi-sig wallet) every time you generate an address. This creates a significant administrative and security challenge. With HD wallets, private keys can be generated in a deterministic keychain so that you can backup the seed for the keychain and then generate any number of keys, and subsequently any number of addresses.
HD wallets also enable customers to maintain privacy while transacting on the public blockchain because new receiving addresses can be created easily, and every transaction can send “change” back to a new address.
At BitGo, we integrated HD keychains into our core platform earlier this year and all BitGo wallets are HD-enabled.
Spending Limits and Corporate Treasury Policies
Your bank enforces limits and requires secondary approvals on large wire transfers, and your credit card issuer protects you from fraudulent use and overspending. How can those protections be incorporated into a bitcoin wallet?
In April, BitGo launched BitGo Enterprise, the world’s first multi-user, multi-sig institutional bitcoin. In BitGo’s implementation of multi-sig, the company holds one of the three keys and acts as a co-signer on every transaction.
Above: BitGo Corporate Treasury Policies in action
Our customers can set corporate treasury policies, such as spending limits, whitelisted addresses, and user roles. BitGo will only co-sign a transaction which passes all policy checks. This is a service layer on top of our core multi-sig implementation which adds value to our customers.
Industry Standards and Procedures for Managing Bitcoin Holdings
Multi-sig is a building block, but it is not sufficient. If you have a multi-sig desktop wallet and are using it on a computer infected with malware (about 30% of computers have malware or viruses), then your bitcoins can still be stolen. If you are using a hosted wallet or exchange who has a multi-sig implementation, but they don’t properly generate and distribute their keys, your bitcoins can still be stolen.
This year BitGo began defining industry standards for managing bitcoin holdings. These standards include requirements and best practices for generating private keys, storing private keys, establishing corporate treasury policies, enabling wallets for multiple users, and more. As an example, we introduced BitGo Cold Key™, which is a process whereby the backup key in a multi-sig wallet is generated offline and only the public version is provided to the BitGo platform. This means that there are never two private keys on the same machine or held by a single person, ever. You could extend this model by making any number of keys “cold”—effectively multi-sig cold storage—as long as each key is generated and stored on a separate device.
We plan to continue creating and ultimately publishing the industry standards for security, and we welcome collaboration from parties both inside and outside the bitcoin ecosystem.
As the value and adoption of bitcoin grows, expect to see the evolution of security akin to that of financial services and private data storage. The industry will likely move from software-based key storage to tamper-proof hardware devices that can sign transactions without exposing the private keys. Key fobs and hardware security modules are two flavors of this type of security.
BitGo will actively work to integrate its service with the best-in-class hardware devices that come to market, in order to further enhance security.
Bitcoin is a trustless currency and has a secure network because of the distribution of mining power. By analogy, the best way to protect bitcoin holdings is multi-institutional security. Multi-institutional security is a term we use at BitGo to mean that no single organization holds more than one key and multiple organizations have audit rights on a bitcoin wallet.
Consider an exchange that holds 500,000 BTC in customer funds. Before multi-sig, the common practice would be to hold 90% or more in cold storage and the balance in a “hot wallet” that was used by the internal staff at the exchange. This model has led repeatedly to loss and theft.
With multi-sig, three keys can be distributed among three different organizations: the exchange, a security platform operator, and a custodian. Any settlement of funds would require the participation of two of those organizations, and both the exchange and the custodian would have the ability to independently audit the funds on the blockchain. This model parallels the best practices we see in the traditional finance industry.
Breaking Those Coins Out of Ice
We believe the main reason there are still so many bitcoins in cold storage is simple inertia. It is scary to move millions of dollars from a storage system that has worked fine, so far, to a new storage system, even if you are confident the new system is better.
But enough time has passed and enough diligence has been performed to conclude that multi-sig is fundamentally a better solution than single-key cold storage.
BitGo is calling on all of the major players in the industry to make multi-sig a top priority. Whether you build your own multi-sig, or use a security platform service provider, we need to commit to multi-sig in order to make a safer bitcoin ecosystem and ensure the future growth we all hope to see.