How Multi-Signature Authorization Works on Nerves Blockchain

Nerves Foundation
Dec 2, 2018 · 5 min read

Nerves introduced a multi-signature authorization roadblock on its platform as an important security feature. Today’s world is replete with tales of hacked accounts and intrusion into companies, nations, and organizational databases. Some of the areas of weakness lies in the use of single-line authorizations for access. Whether wallets or data are the target of intrusion or not, the need for safety cannot be overemphasized. It is a good start point to look at cryptocurrencies.

Cryptocurrencies continue to break new ground in the world of digital finance. The first ever cryptocoin, Bitcoin, ushered in unprecedented transparency, security and stability with its introduction of blockchain technology. A trustless way of recording and validating data, it allowed financial transactions to be carried out on the Internet, without the use of an impartial middleman that, sometimes, aren’t too impartial. It is also revolutionary in the fact that, while the system itself is completely transparent in that every transaction is publicly available, it also achieves privacy in that the users in the transaction are completely anonymous.

This anonymity and lack of a middleman, while advantageous in the bigger picture, does have its drawbacks. The most common one is when users misplace or forget their private keys. Losing your private keys means losing access to your coins. No middleman means there is no one to help you recover your funds should a problem arise.

And while the entire concept of blockchain makes the transactions themselves un-hackable, a cyber thief can still target and potentially steal your private keys and access your funds. With a single security key, while this gives the owner full control and access to his or her funds, it becomes risky as there is only a single point of failure to compromise all your digital assets.

What is Multi-Signature Authorization?

Multi-signature authorization (or Multisig) seeks to address the loopholes in existing methodologies by making use of more than one private key. In this scheme, a transaction cannot proceed unless all the required private keys are provided. This makes any individual key useless to any thief, as they need to steal all your private keys to make it work. This is no different from what banks have been doing for decades, in that some require multiple signatures on a check to be processed.

Multisig transactions come in a variety of forms with an M-of-N definition, with “M” being the required number of signature or keys for the transaction to proceed, and N being the total number of signatures involved. As an example, let’s take the example of two persons, A and B, sharing a cryptocurrency wallet that uses multisig

In a 1-of-2-transaction scheme, only 1 of the 2 registered signatures is required for the transaction to be successful. Person A and Person B is said to have joint access, and one can independently issue transactions without the other’s permission. This can be commonly used by a husband and wife having a joint account, for example

In a 2-of-2 transaction scheme, both the signatures of Person A and Person B are required for the transaction to push through. This is more secure, as any would-be hacker needs to steal two private keys for him to be able to steal the funds. The more keys involved, the more secure it gets. It is also common for one individual to possess these two signatures, usually on two separate devices. This is called a two-factor authentication process.

Multisig technology can also be utilized in an escrow like scheme, typically in a 2-of-3 transaction involving the buyer, seller, and a third-party intermediary. In our example, let’s say Person A buys something from Person B. Normally, if all goes well, Person A and B will both sign on to the transaction, so the funds get released appropriately upon confirmation of the receipt of goods.

If something goes wrong and both parties can’t agree on who should get the funds, then the third-party intermediary, Person C, enters the picture. Person C helps decide who the fund rightly belongs to, and affixes their own signature to the transaction, fulfilling the 2-signature requirement and green lighting the transaction. It should also be noted that, since either signature of Person A or Person B is needed, Person C cannot steal the funds for itself.

Multisig technology provides more security than the traditional one signature approach by removing a single point of failure in the system. Losing or having one key hacked, does not enable unauthorized access to your account, so long as you still have the remaining keys.

There are currently several third-party digital wallets which support multisig authentication, and Nerves will unveil hits apps in this direction in the days ahead.

To throw in some light on how an operational multi-sig system works, it might be worthwhile to look at the Coinbase structure. It is an example of a hosted wallet, meaning the private keys are held by the company on your behalf. This lessens the risk associated with losing one’s private keys. Coinbase uses a 3-of-3 authorization scheme that involves 3 sets of private keys: A user key, shared key, and the Coinbase key. Being web based, it offers quick access from any device

Nerves platform will enhance and make it user-friendly for Multi signature authorization to thrive. This will address some of the security issues faced by cryptocurrencies and other blockchain-based projects. The highlights are:

  • It removes a single failure point by requiring additional credentials to give full access to the associated funds
  • It makes running a startup safer by not concentrating all the funds into the hands of one person
  • It makes any person’s digital wallet safer through a multi-layered security approach, and not to mention making their wallets accessible even if they lose a key if they have other remaining keys in their possession.

In summary, multi-sig makes cryptocurrencies and blockchain more adoption-friendly, safer and more robust to use. By taking a page from the playbook of the financial sector, it has made the case of the widespread use of blockchain and cryptocurrencies a much stronger one.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade