Demystifying Bitcoin Multisignature Wallets (2nd Edition)
After a long time tinkering, I was able to set up and pay from a multisig wallet. There were a few obstacles that would deter a beginner, and I’ll help you avoid them. For your first wallet, you should just do a test, and move dust only, not significant amounts in case something goes wrong. This article assumes you understand how to set up basic wallets with seed phrases.
Obstacle 1
You should use Electrum desktop wallet (Windows not Mac, and not Android since you can’t use BIP39 on the Android version of Electrum yet)
I’m not ready to play on the command line with Bitcoin qt’s wallet yet (the Bitcoin node software), so I will rely on mainstream software. I’m used to Mycelium Bitcoin wallet for Android which uses BIP39 seeds (12 words) but Mycelium doesn’t have multisig.
Obstacle 2 (3 parts)
Although you can import Mycelium style seeds into Electrum (if you find the tick box hidden in an options button), the seeds won’t work if you try to incorporate them into an Electrum multisig wallet — That’s because Mycelium created standard keys, not multisig capable keys. If you created a standard wallet in Electrum, that also can’t be used to create a multisig wallet.
Basically, you can’t import standard wallet keys to make a multisig wallet, even though Electrum gives the illusion that you can. You have to create multisig type keys.
UPDATE version 2: I later found out this is incorrect. You CAN use your old Mycelium BIP39 seeds that you may have memorised, but not the OLD pubic key associated with the key. In a multisig setup, the old seeds generate new public keys, I presume because the key generation algorithm includes the fact that this is a multisig setup, so a different deterministic result occurs.
Update version 3 — version 2 is also wrong! The public key associated with a seed is always the same, it seems, but, if you change the multisig combination requirement, then the wallet you get is different. Eg a 2 of 5 msig and a 3 of 5 msig, even if using identical 5 seeds, will create 2 sets of bitcoin addresses, or wallets.
Obstacle 3
Create your multisig wallet, eg 2 of 3 type.
You will have access to all 3 private keys, and distribute them as part of your security plan.
When you create the first seed (and store the seed and the public key — crucial), in the next step Electrum asks for you to enter a co-signer’s public key or seed. But you haven't made a second seed yet. Electrum assumes you only will know one of the 3 keys and two other participants will create their own key on a different computer. This assumption caused me confusion.
What you must do, after recording down the seed and public key, is to exit, start again, and create the second key in the same way, exit before finishing, and create the third key, writing all the seeds and public keys down, until you have a set of three.
Obstacle 4
When it comes time to set up the final wallet, you have to enter the seed, private key, or public key, for each co-signer.
When I made my first wallet, I entered the seed for each co-signer which is a mistake. When the wallet was generated, I paid a test amount to the address, and then sent the amount back out again to see what would happen. It just worked like a normal transaction. I later understood that because I entered the 3 co-signer seeds when generating the wallet, the transaction will always go through without needing to enter the other two private keys — the wallet already knew them.
What you must do is, when generating the wallet, is to enter the seed or private key for one of the co-signers ONLY. For the co-signer 2 and 3, you enter the PUBLIC key. Then, a wallet is generated. You pay a test amount to the address created. Then when you send money out, it generates a partially signed transaction. You save that transaction in a number of different ways; I used a text file saved to my desktop.
Then, to continue the test, you can create the wallet again, on the same computer or a different one, but this time enter the private key or seed of a different co-signer, and the public key of the other two.
When the wallet opens, you will see the small amount of bitcoin you transferred to the address. You then import the partially signed transaction that was saved on the desktop, from the menu . It will allow you to sign it. When ready, you can click broadcast, and the transaction will be valid because 2 of the 3 available private keys has signed the transaction.
Warning
If you create, say, a 2 of 3 multisig wallet, and hand out a private key each to two trusted parties, each co-signer MUST keep a copy of the public keys of the other two co-signers. Because to generate the wallet and addresses, you need 3 public keys. To spend, you need two private keys. You can’t spend if you can’t create the wallet.
If you fail to do this, then all three co-signers must collaborate to spend funds, not two. If one person dies, the coins are lost.
Future
In a future article, I will discuss different security plans: combinations of multisig set ups among trusted and non-trusted individuals to protect your bitcoin through generations and protect loss from unexpected deaths
Step by step guide:
“How to Store Your Bitcoin: Detailed Instructions (Part 2 — Advanced)” by Arman The Parman https://link.medium.com/fO76XnmfD6
