Crypto Best Practice — Always Use a Multisig Wallet
Ever get that sinking “oh-shit!” feeling in your stomach? Getting your private key either stolen or lost will do it. Take this good practical advice. It is simple, will make you sleep better at night, and can save you a lot of abdominal discomfort.
Helicopters crammed with armed, security personnel hover above the building, while the rooftops of adjacent buildings are decked with specially trained sharpshooters. Meanwhile down at the street level, more armed guards and police units encircled the building in concentric rings. Police cars and motorcycle units line the streets from the building.
An entourage of SUV’s are stationed with dark, sunglassed security talking into their techcom headsets. This is a big deal but the commotion is not for the President, or a VIP of any kind. The building’s main tenant is the Trust Company Bank. Are the Royal Jewels making a visit? Maybe it’s the Hope Diamond, the single most valuable gemstone prized at about $350M.
The crucial moment arrives as the super-secured bank vault opens. Three specially designed portable safes are quickly whisked into separate waiting SUV’s, each accompanied by a team of security details. The three SUV’s take-off, breaking off into separate routes along with a carefully choreographed, assemblage of escort vehicles.
The three mini-vaults reconvene at their their new home, considered the 3rd most secured vault in the US, right behind Fort Knox and the Federal Reserve Bank of NY, respectively.¹
The contents are the famed and highly secretive Coca Cola formula. Getting information on making a nuclear bomb is easier although it will get you a visit from the FBI and National Homeland Security. Except for some minor tweaks such as the removal of cocaine, the formula is essentially unchanged since in its 129-year old history.
What is intrinsic value, but the perception of its value by its owner or buyer. And so it is as the invaluable Coca-Cola recipe is taken to its new home, the specially-designed vault at the World of Coca-Cola. Only three people, Coca-Cola executives, have access to the famous formula, but no single person has access to the complete ingredient list. Instead it requires two of the individuals to combine their partial formulary into making the complete formulary. Safety, security, and redundancy ensures the continuity of a $217B company.
Truth be told, it was a well-planned publicity event and even if the recipe was leaked, it’s highly doubtful that it would impinge on Coca Cola’s market or valuation. Nevertheless Coca Cola provides a good practice in keeping something that is very valuable to all crypto asset holders — your private keys.
Play it Safe
The Coke formula tale is a useful analogy in the management of digital assets, specifically the private key to a wallet. Two of the biggest risks in managing your digital assets are 1) theft of the private key, and 2) misplacement, or loss, of the private key. Unfortunately, this occurs quite frequently in crypto management, or shall I say the lack thereof. Also, since there is an increasing interest in DeFi-based platforms, this shifts the responsibility of the private key management more towards the user instead of say a centralized exchange.
The introduction of the multisignature scheme, or multisig for short, allows a group of users to constitute a quorum that is required in order to facilitate a transaction, usually the withdrawal transfer of the digital assets. Deposit transactions do not require signing and are therefore unaffected by multisig. It only applies to withdrawal.
The multisig is perfect for business processes such as escrow and estate planning, or corporate governance. One of the leaders in this developing field is Octowill which is an estate planning and will creation service. Octowill is very innovative in transforming the industry to become more efficient and less susceptible to losses from mishandling, both ineptitude and fraud. As Octowill CEO Selva Ramasamy stated, “ Multisig is a cornerstone, feature that makes our service the value-added innovation that is critical for crypto adoption.”
Multisig wallets are denoted by an M of N signatory. Let’s take an example of a 2 of 3 setup which means that there are three (N) possible signers, of which two (M) signers are required. The wallet has created three signers: Alice, Bob, and Charlene. Then any combination consisting of two distinct signers, Alice-Bob, Bob-Charlene, or Alice-Charlene, can sign the transaction.
Let’s say that Alice’s device was hacked and her signature is compromised. The wallet is not compromised. It is important though, that Alice notifies the other signers, and then safely transfer the assets to a new wallet, and restore the 2 of 3 quorum.
The other use case is the loss of the private key. It’s amazing how much crypto assets are irretrievably lost due to the misplacing of private keys. That’s about $40B give or take!² In the 2 of 3 example, it would take the accidental loss of two keys in order to lose access to the funds, reducing the probability of the loss scenario by a half.
How about a 3 of 3 configuration? While that is technically possible it is strongly ill-advised! In essence you have tripled the probability of losing the asset forever. M should always be less than N to prevent such a potential calamity.
In addition to the safety factor of lost key and greater security, multisig also provides governance if for an example an audit trail is needed to support a business process. Corporate and institutional adoption of cryptos would be much more difficult without multisig.
However, multisig is not the only option. Multi-party computation (MPC) is a more recent cryptographic development which offers a strong viable option to the Shamir’s Secret Sharing upon which multisig is based on.
There are benefits of MPC over multisig as MPC does not provide a single point of failure when compared to multisig. But the lack of auditing capabilities of MPC, meaning there is no way of specifically knowing who the signers were of a given transaction still makes the more mature and stable multisig a better option of securing a wallet at this time.
Multisig is a significant development in the safe and secure management of a digital asset wallet. There are other aspects of wallet types which I have outlined in my previous article, Custody is NOT Sexy, such as hot and cold, hardware security module (HSM), online, and software-based each with their pros and cons to balance convenience, security and risk. But the use of multisig is universally accepted as a best practice for crypto management.
I mentioned earlier M should be less than N when setting up a multisig wallet, or else you have increased the probability of losing access by a factor of N. You definitely don’t want to do that.
Also the minimal, useful multisig configuration is 2 of 3. Why is that? The setup for 1 of 2, would not provide any additional security since it only takes a single signature to sign a transaction and nothing has been achieved other than doubling the chances of getting 1 of the 2 keys stolen. 2 of 2 would also not be recommend as it would violate the first principle, M must be less than N else you risk losing complete access altogether.
Finally, even if there is no need to share access with another person, it is still highly recommend that a single user implement at least a 2 of 3 multisig wallet with the same single user needing to sign transactions with two distinct keys. It is slightly less convenient but well worth it in terms of peace of mind. The important thing to note is that the storage of all three keys must be stored separately, so that no single loss or hack would be catastrophic.
Everyone please be safe and take care.