What is multisig wallet?

Is it possible?

Secure
Bitcoin services
using multisig wallets

Maciej Trbacz Bitalo.com

niedziela, 29 wrzenia 13

DEMO!
niedziela, 29 wrzenia 13

f
I

A little
Who I am and why I am able to talk about this stuff.

background

niedziela, 29 wrzenia 13

about me
The basics

I come from Poland. Where the girls are beautiful and the alcohol will kill you. Programmer with passion, not out of necessity. Started with QBasic in late 90s. Saw the web when it
was just forming.

Worked with PHP and

javascript since 2001.

niedziela, 29 wrzenia 13

about me
Bitcoin era

Learned about Bitcoin in early 2011. The price was around $0.9. Thought it was genius. Immediately started working
on some ideas.

This didnt get much traction.

http://bc.x14.eu

niedziela, 29 wrzenia 13

about me
Take two
A Brilliant idea

!
!

If Bitcoin itself is decentralized, why do you need to trust one entity to handle both your fiat and Bitcoins. Also, this helped escape potential regulations. Peer to peer market People should handle money transfers between themselves. We should only hold they Bitcoins in escrow for dispute resolution.

niedziela, 29 wrzenia 13

about me
Bitmarket.eu is born

Launched in April 2011. 30,000 users registered. 2,000 - 3,000 BTC weekly. Ended up badly.

niedziela, 29 wrzenia 13

about me
Thirds time the charm
Another Brilliant idea

If Bitcoin itself is basically trustless, why you should trust operators of your exchange to hold your Bitcoins for you?

n
niedziela, 29 wrzenia 13

Theres gotta be a way... ... to store Bitcoins securely, with not lowering its utility at the same time.

Bitcoin security
Is... non-trivial.

III

niedziela, 29 wrzenia 13

securing Bitcoin
Is it needed?

That is a big pile of coins. To put in context, its 2.5% of

the whole Bitcoin economy.

* To date, around 300,000 BTC were stolen or otherwise lost.

Why there are so many events like this?

* Source: https://bitcointalk.org/index.php?topic=83794.0

niedziela, 29 wrzenia 13

securing bitcoins
Challenges

#
Home storage
Thefts from personal computers by hackers using malicious software

"
hot wallets
Online services storing too much funds in hot wallets

L
site admins
Service administrators steal or lose coins.

niedziela, 29 wrzenia 13

securing bitcoins
Only two solutions?
on your computer or offline

Your computer can be hacked. Offline copies can become unreadable over time.

w
niedziela, 29 wrzenia 13

In online wallet service You have to trust website operator that he secured the coins and will not steal them himself.

III

Multisignature transactions
Used in practice, not only in theory

niedziela, 29 wrzenia 13

Normal Transaction
How does it work?
previous outputs used as inputs

gather unspent outputs

create transaction draft

sign transaction inputs

broadcast transaction

If it gets stolen or lost, your funds are gone.

This is the critical part. One private key to unlock your funds is a single point failure.

niedziela, 29 wrzenia 13

Multisig addresses
Part 1: Create multisig address

Get two or more Bitcoin addressees. Combine them using addmultisigaddress JSON-RPC command As a result, you will get a special Bitcoin address starting with 3. The resulting Bitcoin address is fully functional and can receive coins. You can create different combinations of M-of-N addresses. It means that you can
specify how many private keys are needed to spend the coins.

This enables some interesting applications...

niedziela, 29 wrzenia 13

Multisig addresses
Possible applications

"
secure storage
Several private keys guarding one Bitcoin address, that can be stored independentally.

!
safe escrow
Buyer, seller and anescrow service create a multisig address used for eventual disputes.

#
Hybrid wallets
Online service operator holds one private key, you hold the other. Advantages of both.

niedziela, 29 wrzenia 13

Multisig addresses
If theyre so great, why doesnt anyone use them?

The client support is still lacking. While you can in most cases send coins to
of time.

amultisignature address, you cant create them, or watch them from the GUI.

To learn how they work and how to use them, you need to invest substantial amounts In order to create certain online services utilizing multisig addresses, aside from server
backend you also have to create a secure javascript utilizing encryption, Bitcoin address generation, transaction handling, and more. This is... non-trivial.

Even the command line usage isnt very straightforward...

niedziela, 29 wrzenia 13

Multisig addresses
Part 2: Spending coins from multisig wallet

Create a transaction draft using createrawtransaction JSON-RPC command Sign the resulting transaction data with one of private keys, utilizing
signrawtransaction command

You need to provide it with correct details, which may include: public key and
redeem script (say what?)

Pass partially signed transaction data to other party, which repeats this process. Finally, you broadcast the transaction to the network (using sendrawtransaction
or another means)

niedziela, 29 wrzenia 13

DEMO!
niedziela, 29 wrzenia 13

Multisig addresses
The future of Bitcoin, available now
Developers

$ !

Make apps and services you create support multisignature transactions. You could be the first one!

Users Ask your service provider about the multisig support to encourage them to implement that!

niedziela, 29 wrzenia 13

Multisig addresses
Its already working

After the BitMarket.eu fiasco earlier this year I knew the only way to make a Enter Bitalo Online exchange and

profitable service is to make something really unique in terms of technology.

wallet service utilizing multisig addresses.

Malware-proof 2-factor
authentication.

* Launching next week.

* invite-only beta first

niedziela, 29 wrzenia 13

R Any

QUESTIONS?
No, I dont know wheres Waldo.

Give me your best shot

niedziela, 29 wrzenia 13

THANK
YOU
&

for listening

Check us out at: www.bitalo.com

niedziela, 29 wrzenia 13