From a security perspective, it is vital that coins and tokens are stored in a way that eliminates the risk associated with a single vulnerable point that can compromise the entire wallet. If only one private key is necessary to sign a transaction, this presents a major risk to your assets in case of theft or loss.
To mitigate this problem, it is best to use a wallet that needs more than one private key for the authorization of transactions. Two, three or even more private keys from different sources are sometimes required to create a signature of a transaction. Many blockchains enable the creation of multisignature addresses, and wallet providers and exchanges employ some version of a MultiSig wallet to safeguard their clients’ funds.
MULTISIG WALLET ESSENTIALS
- A MultiSig wallet uses more than one private key to authorize crypto transactions.
- They can also be configured to allow each in the set of private keys to generate a signature.
- Holding private keys in different locations enhances security, while allowing multiple keys to sign a transaction improves usability.
- Commonly used types of MultiSig wallets:
- n-of-n: Transactions require more than one key to be authorized. All keys need to be used to create the signature. (2-of-2, 3-of-3 etc.).
- n-of-m: Transactions require some of the keys, but not necessarily all of them, to be authorized (1-of-2, 2-of-3, 3-of-5 etc.).
Basic concept of MultiSig wallets
Typically, only one private key is required to sign a transaction on a blockchain. However, many blockchains (such as the one on which Bitcoin is based) allow for the creation of addresses which demand more than one private key for a transaction to be successfully signed. Only the keys that are specified by the address can be used (for instance: yours, your spouses and your security company’s key in a 3-of-3 wallet).
Many different combinations with various uses exist: 2-of-2, 3-of-3, 2-of-3, even 1-of-2, to name a few. Only if the required number of private keys is used can a signature be created and the transaction authorized. This means that, in most cases, if one of the keys is compromised, your assets are still secure.
Types of multisignature wallets
Multisignature crypto wallets can be distinguished by the number of existing private keys and the number of signatures required to authorize a transaction. Here are some options that are commonly used in personal wallets and even on crypto exchanges.
2-of-2 MultiSig wallet
Wallets protected with the two-factor authentication feature use the 2-of-2 multisignature algorithm. The idea is to keep private keys on two separate devices. For example, one private key is stored on a computer, the other on a mobile device. Transactions cannot be authorized without a signature from both devices. The 2-of-2 MultiSig wallet increases security, but at the risk of losing access to your funds if one of the devices is compromised.
2-of-3 MultiSig wallet
This type of MultiSig wallet requires 2 out of 3 existing private keys to authorize transactions. They are often used by exchanges to enhance the security of their hot wallets. An exchange that supports 2-of-3 MultiSig addresses holds one private key online and keeps the second one offline on an isolated device (sometimes called a “paper” backup). The third private key is stored by a separate security company. Since two separate entities are in charge of private keys, if one of them gets hacked, the wallet remains safe. The offline backup additionally secures the hot wallet in case the security partner goes out of business.
1-of-2 Multisig wallet
MultiSig wallets can also be used to share funds among multiple users. If you want to share the use of funds in a single wallet with a trusted person, you can set up a wallet that allows any of your two keys to create the signature. But both keys are not necessary, meaning that both of you can operate with the funds independently.
Hot wallet security
Unlike hardware and paper wallets, hot wallets are connected to the internet and store private keys online, which exposes them to greater risk. If a company or an individual holds significant amounts of cryptocurrency in a hot wallet, they should consider using MultiSig addresses. Wallet security is enhanced when private keys are stored in different locations and are not controlled by a single entity.
You can sort out your own security, but many find it easier and more reliable to trade crypto through a professional, reputable exchange, like Bitstamp. Bitstamp is among the first crypto exchanges to implement the combination of cold storage and a MultiSig hot wallet, requiring a separate security company to co-sign crypto transactions with an additional key.