1. What is multisignature?
Multisignature or multisig is a technology for signing transactions with multiple private keys to increase security and privacy in the process of approving the sending of transactions.
Multisignature is a type of threshold signature implemented as a condition check set in the underlying cryptocurrency scripting language.
2. How and when did multi-signature technology emerge?
Although multisignature technology has become widespread in the cryptocurrency world, its fundamental principles existed long before bitcoin was created.
For centuries, the multi-signature principle has been used to protect the security of monastic crypts or crypts where the remains of saints were kept. The abbot of a monastery would hand out portions of the keys to the tombs to the monks. No monk could gain access to the sacred remains alone and steal them.
Multisignature technology was first implemented in bitcoin addresses in 2012. The first multisignature wallet was created in 2013. There are currently more than a dozen of them.
3. How does multi-signature technology work?
Funds stored in a multisig wallet can only be accessed when two or more signatures are provided simultaneously.
A simple analogy is a safe deposit box or safe deposit box with two locks and two keys. One key is kept by Maria, the other by Juan. They can only open the safe deposit box if they present both keys at the same time. Separately, they cannot open the safe deposit box without the other’s approval.
Thus, multisig wallets provide an additional layer of security. With this technology, users can avoid the problems often encountered with single-private key wallets, which have a single point of failure and are vulnerable to attacks by cybercriminals, who are constantly developing new “phishing” techniques.
Because multi-signature wallets require more than one signature to move funds, they are also suitable for businesses and corporations wishing to store funds in shared wallets.
4. What are the varieties of multi-signatures?
1-of-2: joint account of two business partners – either party’s signature is sufficient to spend funds.
2-of-2: a combined savings account of two business partners – both signatures are required to spend funds, which prevents one of the account holders from spending funds without the other’s approval.
2-of-2: wallet with two-factor authentication: one stored on a computer, the other on a smartphone. Funds cannot be spent without the signature of both devices.
3-of-5: a low-trust donation address – each of the five trusted participants in the project stores a private key. Three people can spend the funds, but anyone can transfer donations to the project address. This arrangement reduces the risk of embezzlement, hacking, viruses, and loss of funds because one participant loses interest in the project. The blockchain displays which private key was used in the final signature, which improves accountability.
2-of-3: Buyer-seller with a non-trusted escrow account (escrow) – The buyer transfers money to the 2-of-3 address, with the seller acting as the third arbitrator.
If the transaction succeeds, the buyer and seller both sign the transaction, returning the funds to the seller. If there is a failure, they can sign the transaction to return the funds to the buyer.
If they can’t agree, they both go to a third party who acts as an arbitrator and provides a second signature to the party they deem deserving. The arbitrator cannot steal the funds because he has only one key.
2-of-3: A board of three trustees holds the funds of the company or organization – these funds cannot be spent without the consent of any two of the three trustees. For larger organizations, larger multi-signature transactions are possible – 3-of-5, 5-of-9, etc.
2-of-3: hot storage wallet for businesses. Bitcoin exchanges store one private key online, the other private key as a paper backup. A separate cybersecurity company stores the third key online and signs transactions only after checking a number of factors (no/presence on blacklists and whitelists, not exceeding withdrawal limits for a certain period, two-factor authentication, compliance with regulatory standards, etc.). If an exchange or company’s hot wallet gets hacked, bitcoins cannot be stolen. If the cybersecurity company goes out of business, the exchange can access the funds through a paper reserve.
2-of-3: A decentralized cold storage box – one of the keys is kept by the user in a safe at home, the second in a safe deposit box, and a copy of the third key is kept by a close friend and relative of the user in their office. The safe deposit box at home is protected from burglars because spending money requires a visit to a friend, the bank, or the office.
2-of-2: smart contracts – TumbleBit, Coinswap, Lightning Network.
1 or 3-of-4: distributed reserve – the primary user can use the wallet at will, but if that owner loses their private keys, they can be restored with three of the other four trusted friends/organizations. One key is stored in a safety deposit box, the other three are kept by the friends. If the owner dies, the safe deposit box with the funds, according to his will, can be transferred to one of the trusted friends or to someone who can benefit from the help of the trusted friends.
5. What are ring signatures?
A ring signature is a type of cryptographic digital signature that can be given by any member of a group of users, each with a key.
One of the security features of a digital signature is that it is not computationally possible to determine which group member’s key was used to make the signature. Circular signatures are similar to group signatures, but differ from them in two respects: an individual signature cannot be de-anonymized, and members of any user group can become signatories, without further configuration.
The name “ring signature” comes from the ring-like structure of the signature generation algorithm.
6. Who invented ring signatures and when?
Ring signatures were invented by cryptographers Ron Rivest, Adi Shamir and Yael Tauman Kalai and presented the technology at the ASIACRYPT international conference in 2001.
The original concept envisioned that circular signatures would function as a way to protect against leaks of classified information – particularly from government offices. Subsequently, the original model was streamlined.
In 2006, Eiichiro Fujisaki and Kotaro Suzuki proposed a solution called Traceable Ring Signatures to fix the vulnerability of ring signature technology (risk of manipulation by malicious or irresponsible signers). An optimized version of this type of ring signature is currently used in CryptoNote coins and provides sender untraceability in P2P transactions, hiding the source of transaction logins.
In 2015, Monero Research Labs introduced the concept of Ring Confidential Transactions, introduced and implemented by Bitcoin Core developer Gregory Maxwell. Extending the anonymization capabilities inherent in the original ring signature, ring confidential transactions hide not only the identity of the sender, but also the transaction amounts between sender and recipient.
7. How do ring signatures work?
Circular signatures take group signature technology to the next level by providing the user with an enhanced level of privacy. In the P2P format of cryptocurrency transactions – such as CryptoNote – ring signatures protect the sender by hiding the receiving party of the transaction so that it is computationally impossible to determine who the signer of the transaction is.
Ring signatures are a more sophisticated scheme than typical digital signatures such as ECDSA or Schnorr signatures.
Ring signatures can require many different public keys for verification. “Ring” signatures are called because they are made up of a number of partial digital signatures from different users. Together, these signatures form a unique signature. A group of signatures is known as a ring and can be randomly selected from outputs from other users on the blockchain.
Conceptually, ring signatures are similar to a scheme in which multiple parties sign a check from a joint bank account, but by cryptography the signer from within the group is hidden.
Structure of a ring signature (using Monero cryptocurrency as an example):
- Alice wants to send Bob 10 Monero tokens, and initiates the transaction via her Monero wallet.
- The digital signature for this transaction is a one-time key that starts with the output spent from her wallet.
- Unsigned ring signers are past transaction outputs that are randomly selected from the blockchain and act as “cheats” in the transaction.
- All members of the chain are possible signers of the transaction – a third party cannot, computationally, identify the actual signer.
- All ring signature outputs together form the transaction’s input.
- The creator of the transaction, Alice, provably has the right to spend the amount of the transaction in such a way that her identity cannot be distinguished from the identities of other ring members.
- Although Alice’s public key is used in her own transaction, it can optionally be used in other transactions in the Monero network as a masking factor.
Automatic creation of unique one-time keys prevents transaction connectivity and is possible due to Diffie-Hellman key exchange optimization.
8. What is a key image?
Confidential currencies such as Monero face the problem of double-spending. The lack of a solution renders these networks useless as digital currency, so a solution has been found in the form of using key images in combination with a ring signature scheme.
A key image is a cryptographic key derived from spent output and is part of every ring signature transaction. There is only one unique key image for each output on the blockchain. A list of all key images used is stored on the blockchain.
Due to the cryptographic nature of key images, it is not possible to correlate between an output on the blockchain and its key image. Any new ring signatures that use a duplicate key image are automatically rejected as an attempt at double-spending.
9. What are confidential ring transactions (Ring CTs)?
Ring CTs are an improved modification of ring signature technology. While the main purpose of ring signatures is to ensure the confidentiality of the sender of a transaction, ring confidential transactions were developed primarily to increase confidentiality for the sender and the recipient by hiding the amount of the transaction.
In the original ring signature format, the outputs were “split” into separate rings because ring signatures could only contain equivalent outputs. Because of this, third parties could see the true transaction amounts. By using Ring CTs, transactions are not stored in a transparent blockchain, such as the bitcoin blockchain, but in a “obfuscated” blockchain.
Transactions that use Ring CTs no longer need to be broken down and included in rings of equal outputs – a wallet in a cryptocurrency that uses Ring CTs can randomly select ring members from the output of any amount.
Ring CTs also use a commitment scheme, implemented through range proof, which confirms that the amount used in a transaction is greater than 0 and less than an een number; and, transaction amounts are not disclosed. Thus, external observers are not able to see the transaction, but thanks to cryptographic verification they can be sure that the transaction is valid.