The Principles behind Multi-signature
For cryptocurrency, multi-signature can make the difference between optimum security and failure.
Multi-signature is when a digital currency transaction requires more than one key (signature) for authorization. There are multiple types of multi-signature security protocols. Some examples include 2-of-2, 2-of-3, and 3-of-5. While a 2-of-2 multi-sig wallet requires both parties to sign off for transaction approval, a 2-of-3 multi-sig wallet requires at least two of the three key holders to approve a transaction. For example, let’s say a company’s chief security officer (CSO) holds one key, the CEO holds a key, and the wallet custodian holds a key. If the CSO and the CEO both sign off, the transaction goes through. Conversely, if the CSO and custodian discover a security risk, the proposed transaction is negated.
Multi-signature is essential for institutional investors. For years, previous companies in the crypto space have gone under due to a compromised key or serious hacking. There are several reasons why these companies are no longer in existence. However, one common denominator is that they had single-signature wallets. Blockchain Graveyard provides a post mortem of companies in the crypto space that have gone under or have been seriously hacked. In most cases, it’s a single key that lost it, greed, or a single key was compromised. Multi- signature could have avoided all of them. You can view these failed cryptocurrency institutions on the Blockchain Graveyard website.
II. True Multi-signature Wallet
Wallet can be created with a single key or multiple keys. As stated earlier, having multiple keys creates a more secure environment. Nonetheless, some custodians provide a single key and then split the key into shards for people responsible for the single key. In essence, splitting a single key incorporates Shamir’s secret sharing as part of the process. Shamir’s secret sharing algorithm was created by Adi Shamir, in which secret access is divided into parts, giving each participant its own unique part. This is very different than a multi-key wallet from a security level perspective. While single key creates a single point of failure, a multi-key wallet follows blockchain policy demands everyone separately signs.
III. Pitfalls of a Single-key Wallet
It’s a question of symmetric versus asymmetric key charting. Symmetric key charting takes a single key and splits the key into shards, which are given to delegated team members. With key shards, all the pieces must come together at a single point in order for it to work. The disadvantage is that anyone with access to the computer has access to the key, thus creating a single point of failure. It opens the possibility of collusion in which people can walk away with the key. Also, it’s a single location for hackers to access the key. Malware can hide in the firmware on your hard drive or touchpad control.
Asymmetrical key charting uses two or more keys, in which each delegated team member gets a separate key. Asymmetrical key charting takes longer to complete a transaction because separate parties must come together to verify before blockchain policies. This provides highly secure environment because the keys are never at one place at one time. In the end, you never want a single location because the funds can be compromised and taken.
IV. Security Benefits of Multi-signature
Institutional investors have many questions when it comes to storing and safeguarding their cryptocurrency. How do we manage policies? How are these policies enforced? Where are the points of trust that are at most risk?
A qualified custodian that stores multi-signature wallets uses a hardware security module (HSM). An HSM is a plug-in card or external hard drive that safeguards and manages digital keys with highly strict access. What needs to be determined collectively is how much or how little activity happens outside the HSM.
Also, multi-signature offers the same benefits in cryptocurrency as credit cards and banks offer with fraud alert. For example, hackers look for patterns when the highest amount of funds are in an account. It’s important to create policies that keep hackers from noticing these patterns and mitigate the damages done. With multi-signature, you can look at patterns and have policy enforcement that sets a transaction fund limit, velocity limit, or transactions can occur during a particular time of day only. Another party will have to sign off that it’s a legitimate transaction based on these policies.
Basically, multi-signature is like bank protection from hackers and yourself.
V. Importance of Heeding Policies
Multi-signature creates an environment of checks and balances. Once policies and procedures are established for the wallet, it’s critical that all parties follow them consistently. In reference to checks and balances, gives each party a vote as to whether a transaction follows set policies. If one key holder doesn’t like a policy, he or she doesn’t have to sign.
The first policies an investor has to set are who has a key and how will they be stored. Determining who holds keys and how accessible they are depends on how much value is associated with the wallet. Also, it should depend on who is trustworthy and unlikely to leave the organization. Unfortunately, the best policy engine is still vulnerable without multi-signature. Any single system can be hacked. You need multiple systems enforcing the blockchain and your policies. This can be done in person, automatically, or a combination of both.
Whether keys should be stored offline or online depends on the need. Exchanges and liquid accounts may need to have a transaction move quickly. Hot storage would address those needs. However, big exchanges get compromised, and hackers access all the rules of the code on the server. So the hacker just deletes the rules and manipulate what they want to keep. This is a single point of failure. With multi-signature, you have to hack both of the key holders at the same time. If they can’t mutate the rules on the custodian side at the same time, the custodian can stop the damage.
For long-term storage, cold storage or cold vaults would be appropriate. Storing keys in cold vault will slow a transaction. Fortunately, this allows more time for checks and balances to identify potential risk. The faster the transaction, the higher chance of risk. Also, a third-party can hold backup keys in escrow, which gives clients access in case the custodian goes down. The backup key is the most inaccessible key to both parties and is expensive to access. The institutional investor decides who holds a backup key.
Parties may also set up a YubiKey policy. YubiKey is a security token that allows users to add a second authentication factor to online services. This provides another level of security for cryptocurrency.
VI. Evolution of Multi-signature
In ancient times, monks or priests stored precious items in vaults and gave keys to a select few. Modern multi-signature started with HSMs then evolved to storing and accessing cryptocurrency over the internet instead of a computer. Today, it’s dedicated security boxes, mainly used to secure internet traffic. Throughout, only a few have access, and all or majority of parties must be in agreement.
A multi-signature wallet provides a highly secure environment for your cryptocurrency storage and transactions. It is not the same as splitting a single key among shard holders. Single-key wallets still create a single point of failure where a hacker or internal team member can compromise the wallet. A multi-key wallet provides policies, processes, and oversight that helps protect your cryptocurrency from human error and corruption.
VIII. BitGo 100% Multi-signature TechnologyAt BitGo, every wallet we curate is multi-signature. BitGo provides 2-of-3 multi-signature wallets for our institutional investors. Also, BitGo has omnibus and segregated hot and cold wallets for secure storage. Currently, BitGo is working on improving multi-signature technology even further than it is today.