Multisignature (multisig) refers to requiring more than one key to authorize a Bitcoin transaction.

Consider the following scenario:

Suppose I am working with a company that wants to accept Bitcoin for international trades.

The company, for security reasons, would not want a single one of its employees to have access to the company BTC wallet's password. Any transaction would have to meet the approval of more than one employee.

Is this possible already? If not, how could it be implemented with public-key cryptography? (1.1)

Multisig is the the solution to this.

Implementations

Shamir's Secret Sharing Scheme (ssss) (2.1) is a general software implementation of multisig.

Specific to Bitcoin, ?GreenAddress.it, for example, has 2-of-2 and 2-of-3 accounts (requiring at least two keys to authorize a transaction). ?Coinbase also offers 2-of-3 and 3-of-5 multisig, which they call Vault.

Multisignature Transactionshttps://bitcoinarmory.com/faq/#q14

Standard transactions on the Bitcoin network could be called “single-signature transactions,” because transfers require only one signature — from the owner of the private key associated with the Bitcoin address. However, the Bitcoin network supports much more complicated transactions that require the signatures of multiple people before the funds can be transferred. These are often referred to as M-of-N transactions. The idea is that Bitcoins become “encumbered” by providing addresses of multiple parties, thus requiring cooperation of those parties in order to do anything with them. Here are some examples: 1-of-2: Husband and wife petty cash account — the signature of either spouse is sufficient to spend the funds. 2-of-2: Husband and wife savings account — both signatures are required to spend the funds, preventing one spouse from spending the money without the approval of the other 2-of-2: One wallet is on your primary computer, the other on your smartphone — the funds cannot be spent without a signature from both devices. Thus, an attacker must gain access to both devices in order to steal your funds (much more difficult than one device) 2-of-3: Parents’ savings account for child — the kid can spend the money with the approval of either parent, and money cannot be taken away from the child unless both parents agree 2-of-3: A board of three directors maintaining funds for their organization — those funds cannot be spent unless any two of those directors agrees. Bigger multi-signature transactions are possible for bigger organizations, such as 3-of-5, 5-of-9, etc. 2-of-3: Buyer-seller escrow: buyer commits money into a 2-of-3 transaction with the seller and a third-party arbitrator. If transaction goes smoothly, then both buyer and seller sign the transaction to forward the money to the seller. If something goes wrong, they can sign a transaction to refund the buyer. If they cannot agree, they both appeal to the third-party who will arbitrate and provide a second signature to the party that it deems deserves it.

Multisignature Addresses

A multi-signature address is an address that is associated with more than one ECDSA private key. The simplest type is an m-of-n address - it is associated with n private keys, and sending bitcoins from this address requires signatures from at least m keys. A multi-signature transaction is one that sends funds from a multi-signature address. (4.1)

Creating a Multisignature Address

A 2of3 multisig address can be created by following these steps: (5.1)

  1. Gather (or generate) 3 bitcoin addresses, on whichever machines will be participating, using getnewaddress or getaccountaddress RPC commands (or copy and paste from the GUI).
  2. Get their public keys using the validateaddress ?RPC command 3 times.
  3. Then create a 2-of-3 multisig address using addmultisigaddress; e.g.
    bitcoind addmultisigaddress 2 '["044322868cb17d64dcc22185ae2d4493111d73244c3668f8ac79ecc79c0ba8d30a6756d0fa20157 709af3281cc721c7f53321a8cabda29b77900b7e4fe0174b114","..second pubkey..","..third pubkey.."]'
addmultisigaddress returns the multisignature address. Be a little careful, the public keys are raw hexadecimal and don't contain checksums like bitcoin addresses do. You can then send funds into that 2-of-3 transaction using the normal sendtoaddress/sendmany RPC commands, or the GUI (or anything that's been updated to recognize multisig addresses). (5.2)

History of Multisignature

Multisignature has been used for thousands of years to protect the security of crypts holding the most precious relics of saints. The superior of a monastery would give monks only partial keys for gaining access to the precious relics. Thus, no single monk could gain access to and possibly steal the relics. (6.1)

Multisignature Wallets

A number of companies have developed multisig wallets: (7.1)

References

1.1: https://bitcointalk.org/index.php?topic=507297.msg5594085
2.1: https://point-at-infinity.org/ssss/
4.1: https://bitcoin.stackexchange.com/a/3729/4334
5.1: https://bitcoin.stackexchange.com/a/10593/4334
5.2: https://bitcointalk.org/index.php?topic=82213.msg906833#msg906833
6.1: Monks at Mt. Athos continue to use "hard" "multisignature" security today.
7.1: https://www.reddit.com/r/Bitcoin/comments/4eabpi/multisig_wallets_review_coinkite_alternatives_and/