Coinbase Introduces Multisig Vault

Posted On 30 Oct 2014

Tag: Coinbase, Multisig Bitcoin wallets, Multisig vault

Despite all of their protests to the contrast, Coinbase remains, unambiguously, a bank. You give them money, and they put it in a safe place for you until you want to send it somewhere or cash it out, at which point (fingers crossed) they let you do that. During the intervening time, your money is not under your control.

Bitcoin in a wallet whose private key you control is analogous to cash in hand: you can spend it easily, at almost any time – but you might lose it or get robbed, because protecting large sums of money isn’t one of your core competencies. Bitcoin stored by Coinbase is more analogous to the money you left with your buddy Fred for safe keeping. Fred has a safe and is good at keeping track of and protecting money, so he probably isn’t going to lose it or get robbed, but giving him money does require quite a bit of faith that Fred isn’t going to steal it himself.

Yesterday, for the first time, Coinbase made a major stride away from that responsibility, by implementing its first feature which puts control of your wallet outside its control (while still enabling it to protect you from some forms of theft). The feature is called the “multisig vault,” and it works like this:

Multisig Bitcoin wallets are wallets, built on the scriptable transaction feature, which can only be accessed if the transaction is signed by some subset of several unrelated keys. There are a few applications of this:

For a simple examine, imagine setting up a wallet such that a number of people have their own keys, with the wallet allowing any of them to make transactions, letting everyone use the money, but making it easy to prove who spent what in case of a dispute. You can also create wallets in which you and another user both have keys, both of which are required to make a transaction, in order to ensure that both of you consent to the transaction (imagine a joint savings account for a married couple).

Alternately, if you’re sending money to another user for services that haven’t been rendered yet, you could set up a wallet such that you, she, and an escrow agent all have your own keys to the wallet, two of which are needed to make a transaction. This gives both parties a recourse in the case of fraud while also making it impossible for the escrow agent to vanish with the money (and the two of you can collaborate to get the money out yourselves if the agent tries to hold his signature for random).

In the case of the Coinbase feature, the way it works is similar to the last example: the wallet requires two of three keys to make a transaction. You keep one key, Coinbase keeps one key, and the last key is complicated. Technically, you and Coinbase both keep a copy of it, but those copies are encrypted according to a password that only you know. Normally, when using this account, you make transactions by logging into Coinbase and having them co-sign it with you. That way, if your computer is hacked or taken over by malware, they can’t make transactions without your consent. In an emergency (if Coinbase unexpectedly shuts down) you can make a transaction by decrypting your second key – however, Coinbase can never make transactions without your approval.

In this situation, you have to trust Coinbase a lot less, and can still benefit from the added security of having one of the unencrypted keys stored off-site by someone who can afford really good computer security. On the downside, if you lose your password AND your private key, there’s nothing that Coinbase can do to help you: revoking your trust brings more responsibility onto you.

In the long term, this sort of thing is very exciting. The woeful state of computer security is a gaping chest wound for Bitcoin, and most users simply are not prepared, qualified, or willing to set up and maintain the kind of security infrastructure needed to protect themselves from even random malware, much less a persistent attacker. Outsourcing that job to a third party makes a lot of sense – however, given Bitcoin’s self-sufficient, trustless nature, immediately turning around and handing your money over to a bank seems a little like throwing out the baby with the bathwater. Compromises that allow you to outsource that responsibility without trusting the person you’re outsourcing it too is important.

There are a few approaches to this problem: hybrid web wallets like this one are one option, hardware wallets are another. It remains to be seen which option will win in the long run, but Coinbase adding the functionality is a big, important step, and one that’ll go a long way towards making hybrid web wallets an option for most users.

Image courtesy of Coinbase

About the Author

Raised by a pack of feral journalists, Andre is a lean, mean, insight machine, who sleeps with a copy of "The Wealth of Nations" under his pillow and has strong feelings about fractional reserve lending. He also makes videogames.