Video - Bitcoin 101 - Multi-Signature Addresses Part 1 - Coding This Major Security Improvement

Just like the Wright brothers, on those first flights at Kitty Hawk, didn't concern themselves that much with landing. And improvements like anti-lock brakes and seat belts help protect passengers in cars. Bitcoin is now in that 'second phase' where security is becoming massively important. Fortunately, because the currency is programmable, anything is really possible. Originally introduced into the bitcoin client a few years ago, multisignature addresses massively more secure than regular ones. Their adoption by all wallet manufacturers is coming. But, for you techies and voyeurs, we'll jump inside the ideas of multi-sig and even program the stuff.


Hello!  This is James D'Angelo.  And welcome to the Bitcoin 101 Blackboard Series.  Today we are going to be looking at multisignature wallets.  And this is going to be a two-part series.  So, in the first part, we're going to generate a multisig address.  And all Bitcoin Multisig Addresses start with the number three.  In the second part, Part Two we're going to span from our multisig.  So, we're going to need a few different Bitcoin addresses and they're private keys to be able to spend the funds from this one particular address.

Okay, so multisig is a very hot topic right now.  In light of all the wallet thefts and all the phishing and hacking and all that going on.  Multisig's are one of the best options available right now to store your bitcoins.  And really what the beauty of it is it allows you to send funds to an address that starts with a 3.  So, maybe three JKL439 all right for characters of gibberish, right?  If it starts with a 3 any of these addresses that start with a 3 can require up to three passwords or three passcodes to release the funds.  So, if you want to send bitcoins from an address that starts with 3 you will likely need at least two of the three.  And this all depends how you set it up.  But the beauty is being able to set up a Multisig Account has myriad advantages when it comes to security.  And this is because you can store one of the private keys in your house.  Another private key perhaps in a safe deposit box and you could even send a private key to an online wallet provider okay.  And the only way that you'd be able to spend funds is you would need two of these three keys.  So, usually how people use this is maybe they leave this in the safe deposit box.  They have this one on their computer.  All right, and they go about regular precautions and guarding it.  And this one's on sort of a wallet provider like a or some service that is now incorporating Multisigs.  So, this is your wallet provider.

Now say you want to go and make a payment from your Multisig Address.  Well you'd start to send the payment, right.  Well you might initiate this payment with your wallet provider.  And they would send the first part of this transaction to  But that doesn't release the bitcoins.  You would then need to send from your private key as well.  And what's great about this is your wallet provider can do some regular sort of banking analysis, okay.  Is this an unusual spend for this person who's using it?  Is this over their daily limits.  They can run all sorts of algorithms to protect your coins from going right out.  So, you could set up a number of preferences in your wallet provider for your own daily limits and preferred merchants, okay.  So, if you know that you're going to be doing most of your business with a handful of people you'd put them in the wallet provider.  And any addresses that you don't include would probably be rejected by the wallet provider.  Until you either contacted them with an sms or a phone call or you can override the system entirely by grabbing your private key out of the safe-deposit box.  And using the one on your computer.  And again, you would have two of three.

So, all you need is two of three.  And what's great about that is even if your wallet provider goes out of business.  Or they decide not to let you run that transaction.  You still maintain entire control because you have two of the three.  And the beauty of this is as long as you have one in the safe deposit box and another on your computer or even one on your phone and other on your computer.  You've developed a very robust system to hacking.  So, there's a lot of coins being stolen right now by hackers.  But hackers have a really hard time coordinating different devices.  And most of the security comes from keeping things on different devices.  Or even on paper and sort of a paper wallet.  Or even in some form where it's in cold storage.  So, remember two of three really just exponentially increases your chances of keeping your Bitcoin secure.  It's likely to be ten to a million times more secure than just storing your private key in one place okay.  And there's really no disadvantage.  In many instances, it'll provide only advantages because now you'll be able to feel more comfortable as you're working with companies online.  You won't be relying a wallet provider or your own computer security.  You'll now have a robust system of security.  And that is why some people are calling 2014, the year of Multisig because we're going to see lots and lots of wallet providers adopting this technology.  And you know a lot of people like, "Oh my God".  This sounds so complex.

Well today, we're actually going to program our own Multisig.  We're going to generate an address.  And you'll see it's just really, really easy.  So, there's no excuse for your wallet provider not to start providing this functionality.  And we know that not many people are using it because all you have to do is go to the Bitcoin rich list and look at the top 100 addresses.  And you're not going to see one Multisig there.  And how do we know.  Because none of these addresses are starting with 3.  Which means they have in some way compromised their level of security.  So, hopefully as mentioned by Tony Gallippi from BitPay we'll start to see more and more of these top 10 or top 100 addresses protected with a 3.  Okay, the one means insecure.  Where 3 means added level of security.  It means those addresses were created using Multisig.  So, yes 3 is the key.  You won't have a multisig address that won't start with a 3.  Just like you won't have a regular address that won't start with a 1, and it's exponentially more secure.

And as we've already mentioned.  It allows you to have a trust list set up with your wallet provider.  The wallet provider will be able to administer your account.  Protect your account but they will not be able to take your funds out.  Because they will only have access to one of the signatures.  And to do any send you will need two.  And this eliminates them from any sort of liability.  They will no longer be able to go out of business and leave you out in the cold.  But you'll be able to gain from the services that they can provide.  The other nice thing about having a wallet provider with daily limits, preferred merchants and all that setup is say for example, someone runs in your house with a gun and says give me your private keys or tries to send your bitcoins out.  Well, it's one thing to have a gun against you and you're able to give them your private keys.  And you don't have Multisig.  And they can take all your Bitcoins.  But if you have Multisig you can just go, "hey, I've got Multisig.  You're going to have to go get my wallet provider or you're going to have to break into my bank and get the stuff out of the safe-deposit box, okay.

Again, and I know I'm hammering this hope Multisig provides another massive, massive layer of security okay.  So, you maintain two of the three needed.  Now, there's other things you can do if you have a Multisig.  You could do things like a 3 party Escrow.  And I'll let you look that up but quickly let's say it's Alice wants to send money to Bob.  But Alice and Bob don't really trust each other.  But they might trust the company in the middle sort of a new decentralized type of eBay.  And what they do is they set it up so that each of them has one key.  Okay so, you have one private key here.  One private key here.  And one private key here.  And after the transaction is done.  If Alice and Bob are arguing then eBay would be able to resolve this dispute.  Because eBay will hold the third key and they'll be able to finish off from the two of three for sending those funds to either back to Alice or forward to Bob.  And with this sort of situation you could even set up things like chargebacks.  All the things that people were looking to avoid initially with Bitcoin but are missing a little bit, okay.  So, having some of those features in certain situations can be very advantageous.  And that particular set up is called a 3-party Escrow.

Okay another people have mentioned that, oh, well there's this other idea called Shamir's Secret.  And Shamir Secret is admittedly it's just a beautiful name.  And it sounds so provocative, right, Shamir's Secret.  And it's basically a system where you can have one private key.  For example, on six pieces of paper.  And any combination say, for example, if four of those pieces of paper will give you back the original private key.  Now that's nice it provides some advantages.  But it really sets up almost all the problems that you previously had with just regular signature.  Because any time you bring those four sheets of paper together.  Well, one of the people who might have helped bring those pieces of paper together can now see the private key.  And they can turn around and quickly send the funds.  Or you might be on a machine with sort of man in middle attack.  Okay so, anytime you bring just one key together you've kind of put yourself at risk.  So, try to avoid the hype and the beauty of this name Samir's Secret.  It is not as cool or as powerful as Multi Signature.  And really should just not be used, okay.  So, if you're really looking to increase security and you should be.  The Multi Signature is the way to go.  And these are the two reasons why, okay.

So, we've spoken about a couple examples where it can be used?  There's a million more great ideas for using Multisigs to protect things, to sort of set up.  Maybe trust in sort of a board type situation where board members will be able to sort of vote with the money and stuff like that.  There's so many ideas that can be incorporated into Multisig.  So, with no further ado, let's jump in and take a look at how we can create our own multisignature addresses, all right.  We're going to try and generate one of these addresses.  So, that starts with the 3 and we'll be able to send some Bitcoins to it.  And then in the next episode.  We'll be able to take the money back it out okay.  So, let's hop into the coding.

So, here I've got some code which I'll post onto GitHub that generates a Multisig Address from 3 brand-new addresses on your Bitcoin D client.  But it really the addresses can be from anywhere.  They can be old addresses, okay.  So, as long as you have the private key to an address you can add that address into a Multisig Account.  So, you can call say perhaps you've got two brothers.  They can each independently set up their own private keys, set up their own little wallet and send you just the public address for those keys.  And with that you can generate a multisignature address.  That a combination of the three of you can sign off on without ever having compromised the private keys with either one of you.  So, one brother will have his private key.  The other will have his and you'll have yours.  But for this example, we're going to generate all three private keys and well, you'll even get to see them on the screen.

So, here's the code.  And we're just going to run it first and kind of talk about what happens.  We hit F5 and our little idle thing.  And it's creating some new address okay.  Brand-new address pair number one. And in Bitcoin you might have noticed there's a few different formats for public keys and private keys.  Well, Bitcoin D or the Bitcoin-QT generates a compressed public address that looks like this.  Then I had it spit out the private keys.  So, you see the private key there.  And then it has a less compressed public key which you can use for creating the multisig addresses.  And here we've got three address pairs.  So, here's a brand-new address.  Here's its private key.  And here's the less compressed public-address, okay.  And here's the third one.  And I got my code to spit this out so you can actually paste this into any Bitcoin-QT or Bitcoin D.  And create a multisig address right there using these three public addresses, okay.  So, here's one public address is the first one.  Here's the second which is right here.  And here's the third which is right here, okay.

And this code if you just stuff it into Bitcoin D or Bitcoin-QT will spit out a brand new multisig address starting with the 3.  Now, let's take a look at this closely because there's one number in here that's very important.  Bitcoin D create multisig 2.  These two is actually very key.  2 stands for the amount of private keys that you need to unlock the funds.  So, if you switch it to one, any one of these private keys could actually spend money from that multisig address.  Which could be handy for certain situations.  If you switch it into 2 then you need 2 of the 3and if you switch it to 3, well, all three brothers for example would have to sign that transaction for money to be able to be spent from that multisig address, okay.  In this case, we're generating a 2 of 3.  So, any two of these private keys would be required.  Okay, here's those private keys.

So, just for fun let's stuff that code into the terminal, okay.  And I've got Bitcoin D already running.  So, you'll need Bitcoin D to be able to do all this stuff on your computer.  Because we're doing calls to your own hard drive.  To your own version of the blockchain.  There's other ways to do these calls and we'll talk about them in our next series of videos where we talk about API's.  But this time we're just going right in and looking at our own blockchain.  So, we'll paste that code we've just copied.  And there you see that 2.  There you see the 3 public addresses.  And once we hit return will immediately get hit with a brand new multisig address that will start with a 3, watch.  Boom, there it is okay.  And there's our 3.  And this is a Bitcoin address that you could send cash to today.  And any time you create a Bitcoin D, create Multisig with these three public keys you will get the same address.  So, I can paste that code in again.  And hit return and you'll see that I get the exact same address.  This address is aware of those three other addresses, okay.  So, it actually inside it holds that information.

Now, just for fun, I'm going to put up a new terminal window.  And I'm going to paste that code in but have instead of a 2 I'm going to have 1 here okay.  And we're going to see what address it generates.  And you'll see that that address is different.  Okay, so it's aware that it say 1 of 3.  So, all you need is one of the three private keys to send funds.  So, these are two different addresses, okay.  And let's go back and copy this code and regenerate our Multisig 2 of 3 address by hitting return.  Okay, and you'll see that you've got two different addresses.  One of these, this one requires only one private key to sign off the fund.  So, anyone of the three.  So, if you're doing something with two other brothers.  You could set up a few different accounts.  One where anyone can spend the funds.  Another where two of three of you are needed to spend from the funds.  And you could even set up one where all three of you have to agree to spend those funds, okay.  So, this provides a lot more functionality than the way regular Bitcoin works.  And this is one of the most beautiful and powerful features of Bitcoin.  So, this here is our 2 of 3 address and if we go down here we'll see that we have the same one here in the code okay.  So, we generated that with the code.

The redeemed script is something that is unique to Multisignatures.  So, when you go to spent from your Multisignature address you're going to see this whole new concept called redeem script.  And this is required for spending from any Multisignature Address.  Doesn't matter if it's 1 of 3.  2 of 3 or 3 of 3.  And so far in Bitcoin it appears that you can only do 3 at the end okay.  So, you can't do 5of 7.  Maybe in the future.  But it has a lot to do with sort of blockchain bloat and the size these transactions grow to.  So, if you're going to actually use these three addresses.  And this multisig address, well, I'm suggesting that you want to copy all this output and save it.  So, you'll be ready for part two, okay.  And that's what we'll do.  So, we'll just copy this and then we'll just paste it into a little Word File so that we have it for later, okay, and then I'll just save that.

So, now what we have to do is go back and really understand what we did in terms of the code.  And so, here's the live code right here that I just ran.  And here's a bunch of comments up there.  And for most things that you're going to do in Bitcoin with Python you're going to need to download and install Bitcoin RPC program by Jeff Garzik.  It's sort of a Python technicality but you'll need to have that running.  And you'll also need to have Bitcoin D running on your machine.  Again, you won't need all of this to do multisig.  But this will help you play around with Multisig's and get to understand the ideas better.  If you can actually get in and look at the code.  And we posted all of our code here at this address.

Now, one problem with Bitcoin RPC is their connection file wasn't written to take advantage of Multisignatures.  So, we actually had to rewrite it a little bit.  So, you might want to copy our file and put that in if you're looking to run the same code.  Okay and then once you've done all that it's all pretty straightforward.  And all the code to generate all that stuff sits right here.  Okay so here we are calling to a local blockchain the one on my laptop's hard drive.  We set up a couple dictionaries for addresses, private keys and public keys.  And this is just a little code for the export that we just copied in a terminal.  And you don't need to understand it to understand Multisig's.  Now so, what we did is we generate three new addresses.  Again, you don't need to generate three with new ones.  You could use old ones.  But we call the Bitcoin D get new address which gives you a brand-new address and stores it in your wallet DAT file.  So, any new address you generate would get new address will be stored in your wallet DAT file on your computer.  And you'll always be able to call it the private key for that as long as you haven't lost your wallet DAT file.

And then I just like to spit out how long these things are.  So, I can get used to their length and realize right away if they're compressed or uncompressed.  So, I'm spitting out right here.  It's 34 characters okay.  And then we spit out the private key.  So, dump private keys a bitcoin D call as well.  And here comes the private key.  This is not the most standard format for private keys.  But bitcoin accepts a number of different formats.  Both for public and for private keys.  And this is the one for some reason that they like to use.  And again, it doesn't matter which format of private key you have as long as you have one of them, all of them will generate your public key.  And all of them won't be able to release your funds.  And then to get the sort of uncompressed public key or public address.  We actually had to call validate address which spits out a JSON Script.  And we're grabbing just the longer public key from the JSON Script which is used for generating Multisigs.  And that is this one right here.  And the one we use to generate the Multisig.  And we loop that three times.  So, we generate three addresses.  That's -- that code.  That's all it is.

And then this is the code that I had to just print out.  So, you could paste something in the Bitcoin D to see how it's working.  So, remember that's the thing we had attached with the terminal.  But here's where the real action happens, all right.  So, we take the three public keys that we generated.  And we just slap them right next to each other, okay.  And we dump that into a variable called three Addy.  And again, you can kind of see that right here.  These are the three public keys in this case that get dumped into that one variable three Addy.  And then we do a call to a Bitcoin D, a Bitcoin QT functions, standard function, add Multisig Address.  And then we say the 2 which is the 2 of 3and then we stuff in the three public addresses.  And get something called a Multisig addy for Multisig Address.

And there's a couple ways you can do this, right.  You can use add multisig address or you can use create multisig address.  But only one of them spits out an adjacent the redeem script that you're going to need for part two of this video series.  So, we actually did it again.  Did multi addy redeem and got a redeemed script over here through adjacent call.  Okay so, all this code is right here.  And it generates the multisig address right here.  So, before we go so we'll be ready for part two.  This were going to stuff a little bit of Bitcoin into this multisig address right here.  So, we'll go to my Coinbase account.  Okay I've got 7.59 Bitcoins and I'll say send money.  And then we paste the copied address.  The multisig address, right.  Starts with the 3 we love 3s.  This is the year of the three-address.  And then we'll put in a dollar, okay, and message send in to my multisig, send money.  Beep, it's done.

So, that'll take you know the standard six confirmations before I can really access it.  But it will be perfectly in time for our next video when we do part two.  And we'll have this redeem script to actually figure that out in our next video as well.  And there you have it.  You generated your first multisig address.  And in part two, we'll go through all the steps it's a hair more complex to spend from a multisig address.  Very cool stuff.  This stuff hopefully will be incorporated into every wallet soon.  And you won't need to program it or think about it.  But you'll be able to use this enormous -- enormous advantage that only Bitcoin can offer.  Maximum security with very little risk being able to store your money in between three places.  And any compromised in any one of those three places gives the fee for the hacker zero.  Great stuff.  Multisig addresses.  Stay tuned for part two.  Please remember to comment, like, subscribe, do whatever it is you do.  And we'll see you at the next video.


Written by James DeAngelo on March 14, 2014.