2014 has been touted by some as the 'Year of Multisig' – including most recently by Gavin Andresen at Bitcoin2014 in Amsterdam – and for one big reason: the number of services which support multi-signature transactions is increasing. In this article, Thomas Kerin charts the story of this emerging technology to date, addressing some key questions using data obtained from the block chain.
If you're not sure about multisig, here's a brief primer. Multi-signature addresses allow multiple parties to partially seed an address with a public key. When someone wants to spend some of the bitcoins, they need some of these people to sign their transaction in addition to themselves. The needed number of signatures is agreed at the start when people create the address.
Since multiple signatures are needed before funds can be spent, the additional signatures could come from, say, a business partner, your significant other, or even from a second device which you own, to add a second factor to spending your coins.
Imagine a safe in a bank that needs two keys to unlock the safe at any time – the bank's key and your personal key. Multi-signature addresses capture the essence of this but without needing to be in the same place. And since the keys can be in separate places, it's unlikely an attacker can compromise both; whereas with regular bitcoin addresses, the attacker knows roughly who to target, and could compromise the server in any number of ways just to steal the wallet file.
Services using multi-signature addresses have a much greater resistance to theft, since instead of just needing access to the servers wallet, funds are protected by the elliptic curve digital signature algorithm (ECDSA), a far greater barrier than the security a website could implement in its code.
Are multisignature addresses new or something?
They aren't really! They were first realised in 2012, once support was added for 'pay-to-script-hash' addresses. When funds are sent to this address, the script used to make the address known only to the owner, instead of including it in the funding transaction. This script enforces who can and can't spend the bitcoins at that address. The addresses also look different, starting with 3 instead of 1.
Pay-to-script-hash is the precursor to multisig, and multisig is just one complicated use-case of P2SH.
Take this transaction for example: 112ae9859731f671ec3593de5790ed026d06d23134ba284aec811bc8f50e96b3 – actually the 6th P2SH transaction ever to occur – reveals a script of '5357', which simply means push the numbers 3 and 7 into memory. This script is hashed, and used to create the actual address: 37paP4uTjmA4Pi85LG6CF9huift3Dw1kFT. Any funds sent to this address can in fact now be stolen, since people know the script doesn't check who is actually spending the funds. So it's a bit like the 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T (correct horse battery staple) of P2SH.
It's a very simple demonstration of P2SH, which lead to the more complicated, but naturally far more secure use case – multi-signature transactions.
Why haven't I heard of them yet?
Multi-signature addresses and transactions are still a bit complicated to carry out. Currently only the Bitcoin Core software can handle them fully, even without storing the block chain, but you still need to use the console. Lately we are seeing more and more services popping up which aim to bridge this gap, and expose multi-signature transactions in a user-friendly way.
The Coinbin site allows you to create bitcoin private and public keys, create multi-signature addresses, and sign transactions from them. It's a very simple site, but currently doesn't support compressed keys, so is incompatible with Bitcoin Core. Everyone needs to be using uncompressed keys, which Coinbin will generate at least.
Onchain is a vault for Electrum & BIP0032 master public keys, and is working on a website and an Android app to sign multi-signature transactions for addresses in its wallet. Using deterministic wallets means users can submit their extended public key to a site just once, and public keys will be generated from this. The app will also accept QR codes of multi-signature transactions for signing, making them incredibly easy to use.
How much are they used?
Using data I obtained from QuantaBytes, a blockchain analysis company based in Ireland, I was able to learn about the different types of multi-signature addresses being used to date and how often. All this data is publically available if you scrape the block chain, but I learned the hard way that this takes forever.
This graph shows the number of P2SH outputs per 2,500 blocks. Since some of these weren't redeemed, we cannot learn what type of address it actually was. But all the same, there has been a huge increase starting around block 278,000 (1st January 2014), where there has been at least one every five blocks, and getting more and more frequent.
In spite of this, they still have a long way to go to match regular transaction usage: We know there are on average a few hundred transactions per block, so we're a long way away from this yet. This graph also shows when the first multi-signature transaction occurred: block 170,052.
In the data used in this report, which spans from block 170,052 up to 297,445 (about 7th March to 24th April this year), 24,591 transaction outputs were identified which paid to a script-hash address. Of these, 14,123 outputs came from eight spam transactions, each paying 1 Satoshi to random addresses. They have been ignored throughout this article. 70% of the remaining valid transactions were redeemed, and hence revealed the script behind the address.
From the transactions which were redeemed, we could learn the script, and hence the type of multi-signature address – i.e., if it was 2 of 2, 3 of 5, etc.
We see that 2 of 3 addresses are the most frequently used type of address, followed by 2 of 2. 2 of 3 allows for escrow between a buyer, seller, and third party, but no one person can ever walk away with the funds without agreement from another. Many services, such as BitGo, Bitalo, GreenWallet, and BitWasp have started using these addresses as one-use addresses for transactions and orders.
2 of 2 addresses have recently been implemented in Mycelium's built in face-to-face exchange feature. It uses multi-signature addresses and a transaction lock time to protect the funds during the exchange.
The rows in blue in the above graphs are by the current networks' rules non-standard, and technically shouldn't be in the blockchain, as unmodified clients won't relay them to other nodes in the network. The Eligius mining pool has removed the standard check, and mine non-standard transactions for a fee, but out of all the transactions analyzed only 0.36% were non standard.
29.7% of all the redeemed outputs were reused addresses. Many of the above services take a unique public key from each party to create the order address, meaning we should expect mostly unique addresses.
The following graphs show the frequency of the most common multi-signature address types: 1 of 2, 2 of 2, 2 of 3, and 3 of 3 over time. The results are split into two halves; the first is from block 170,052 to 227,500, and the second is 230,000 to 297,445.
While the first graph is scattered and inconsistent, the second shows a clear increase in the frequency of 2 of 2 and 2 of 3 addresses, starting around November 2013. I expect this trend to increase, as more and more services adopt this transaction type over others.
It's not without good reason. Multi-signature addresses can secure your cold storage bitcoins with physically remote keys. You can have greater redundancy by using more keys, to protect against loss.
If services which offer multi-signature addresses to transacting parties ever go offline, the funds can still be recovered if the two parties can still communicate. It makes it much more difficult to scam users, or to be dishonest about how much funds are actually on the website.
By simply using multi-signature transactions in the first place, you can have a prenominated third party step in to arbitrate the dispute, and possibly recover your funds from the address.
The above graph shows the number of redeeming transactions from 2 of 3 addresses, which redeemed only one unspent amount at the address, paying to two separate addresses, where the ratio of one to the other was less than 8%. This was to approximate the average percent fee of an escrow mediator, along with sites commission for the transaction – potentially giving numbers to transactions processed by wallet providers, or marketplaces using multi-signature transactions.
2,410 transactions from the dataset matched the above criteria and were used in the graph. While unclear if the transactions originate from a wallet provider, or a marketplace using multi-signature transactions, the most common percent charged seems to be around 0-0.2%, before almost steadily decreasing as the percentage increases.
It's important to have a lead development of such a framework at this time. Without it, startups must weigh if it's worth the time and money to research and implement all the required functionality for themselves, and possibly get it wrong. If everyone has to repeat this effort, it doesn't do much for innovation, so saving a trusted codebase makes it far easier for a service to consider using multisig.
There is no shortage of wallet providers at present. Multi-signature wallet providers have gotten around the lack of client support by using client-side scripts derived from projects like BitCore or BitcoinJS to create the transaction signature, rather than forcing them to use other software. I do anticipate that eventually most sites won't tout multisig as a feature. It'll be expected – and if they do a good enough job, their users don't even have to know they're using it.
I would like to see more platforms which assist with signing multi-signature transactions, enabling people to make full use the protocol, instead of aiming to be a wallet provider. The possibilities that stem from multi-signature transactions are limitless, but the supporting tools and infrastructure just aren't there. I have high hopes for Onchain.io – whose app should make it as simple as scanning two QR codes, bringing something close to the protocol P2SH at this early stage.
Using a website to look after your bitcoins is very much against the bitcoin ethos. While it's an acceptable solution for many, the impetus for this shouldn't be lack of support from software like Electrum, and Armory. Tools which enable two-factor protection for funds across devices, and facilitate signing transactions proposed by marketplaces, exchanges, and wallets are a must.
I think addressing this key issue will really reduce the barrier to using multi-signature transactions in general, allowing more and more people to embrace this amazing technology, and really make it the Year of Multisig.
Image via BitWasp