Whilst multisig wallets are typically more secure than a standard hot wallet, I wouldn’t recommend using one to secure your Bitcoin private keys. The fact is both hot wallets and multisig wallets are relatively easy to exploit, and there’s a way better option available to you, which is MPC-based (multi-party computation) wallets.
If you’re not already familiar with multisig and MPC wallets here are a few resources to get you started:
2. What is MPC
Otherwise, let’s talk about why you shouldn’t be using a Multisig and should instead be using MPC-based wallets.
The nature of multi-signature transactions entails each party signing on-chain, exposing every transaction signed by your wallets to the public. With each transaction record transparently displayed on the blockchain, anyone can potentially identify the wallet holders. This is possible because unscrupulous individuals could sift through the metadata to follow the transaction history and trace the signers.
As every party needs to sign the transaction on-chain, the overall transaction processing speed suffers. Each party possesses an individual key, typically linked to their personal wallet, and needs to sign the transaction independently, thus slowing down the process.
The process of key recovery is intricate due to the fact that every key is linked to a third-party wallet. It's crucial to have recovery options for each individual wallet. Although this spreads the risk, it also relies on the same tools that are susceptible to security breaches.
The fundamental design of a multisig wallet’s access structure is rigidly attached to the address, making it impossible to adapt the access policy for user changes in the group. If you need to modify access due to a user leaving or joining the group, you are forced to move the funds to a new multi-signature wallet to reflect the changes in the policy configuration.
Expanding your team necessitates adjustments in your digital asset access and transfer process. This can involve:
These circumstances make multisigs challenging, as its design is bound to the wallet address.
In an MPC model, the complete private key never exists on a single device throughout its lifetime, not even during usage. Threshold cryptography provides security even in the event of some parties being compromised. The absence of a single point of failure is ensured by cryptographic quorum policy enforcement.
The key shares, even if corrupted by a hacker up to a limit of m parties, do not compromise the key's integrity, allowing for continuous operations.
MPC facilitates a secure backup for private keys and disaster recovery. The keys can be regenerated without any changes to the public address.
A significant edge of MPC over multisig is its inherent adaptability. Unlike multisig wallets, MPC supports continuous modification and upkeep of the signature scheme.
For instance:
Should your organization comprise of four parties, and you establish a policy that two out of three must approve each transaction.
Transitioning from a '2 of 3' to a '3 of 4' setup only necessitates existing parties to agree on the new policy and the addition of a new user.
Changes to policies don't impact the wallet. The blockchain wallet address remains the same. And unlike multi-signature, there's no need to create a new wallet, transfer funds, or provide counterparties with a new address.
MPC signatures can be implemented externally, implying that the key management and approval policy are entirely off-chain. Hence, MPC can be used without the blockchain being aware of its utilization, a significant aspect as some blockchains lack native multi-signature capabilities. Though perhaps less relevant for Bitcoin custody as there are multisigs that support this.
MPC provides transaction and key management privacy by eliminating the requirement for multiple on-chain signatures.
This is a key differentiator when comparing MPC and multi-signature. If a multi-signature user reveals their address (even online), it's feasible to trace any transactions associated with that address back to the user.
In contrast, multiparty computation uses secrets in transaction signing. These secrets are visible to the participants, yet do not reveal the secret owner's identity.
The quorum structure being used might itself be confidential in some cases. For example, hackers or your business may want to keep the process secret or hide how many shards need to be compromised. Since MPC produces a standard single signature, the structure is kept confidential. In contrast, multi-signature openly reveals the structure.
The best multisig bitcoin wallet isn’t actually a multisig, it’s an MPC-based wallet. Here’s the thing: with MPC wallets you can still enable multi-party approvals so that ‘n of m’ signers are required to approve a transaction, but each signer isn’t required to hold a private key. Instead each signer must have control of a key share. This is a critical difference between multisig wallets and MPC wallets, because if a private key is stolen on a multisig wallet, it’s impossible to recover. Whereas with MPC-based wallets, a stolen key shard is worthless to a would-be hacker - all of the key shares can be rotated. On top of this, multisig wallets involve each individual signing on-chain, whereas MPC wallets send a final signature to the network to authorise a transaction. This feature makes it impossible for hackers to track and trace signers using an MPC-based wallet, nor to know the number of signers required to approve a transaction.
If you’re looking for secure custody for your Bitcoin then you can use Krayon’s Bitcoin Custody solution. With Krayon you can create secure MPC-based wallets to safeguard your Bitcoin. Here are a few reasons to choose Krayon:
