One of the hot topics in the bitcoin community lately has been multisignature transactions. Put simply, what this does is provide several private keys for a bitcoin address, which serves as an additional security measure (if you’re unfamiliar, read this).
The folks at BitPay, who are hard at work on their Bitcore project, have announce they have a multisignature wallet in the works.
Dubbed Cosign, the wallet will make spending multisig bitcoins just as simple as it is to spend from a single-signature address by having other people or computers “sign” transaction to confirm they are valid.
In the words of the Bitcore team:
The way this works is that when someone from a, say, 3-of-5 multisignature wallet wishes to spend bitcoins, they can spend the bitcoins just like normal. Then the partially signed transaction shows up on their cosigners’ screens, which they can choose to sign or not sign. If three people sign the transaction, then it is broadcast to the bitcoin network.
Assuming one’s private key has been stolen, no longer will this mean that their bitcoins are gone for good. Access to one’s funds would require the thief to have access to all of the private keys — which if you haven’t guessed is no easy feat.
For Cosign to work securely, a user’s private keys must be generated (and kept) client-side. If stored remotely, they must be encrypted with a secure password. Secondly, the Cosign software must be made open-source so it may be audited to confirm its integrity.
Says the team:
Cosign takes advantage of a number of modern browser and bitcoin technologies to make this possible. Web RTC is used to establish p2p connections between cosigners. HTML5 local storage is used to store the wallet. HD extended keys are used to simplify the generation of new addresses.
Here’s a more in-depth explanation, provided by the team:
It works like this. Five people (or thereabouts) wish to participate in multisignature transactions where three of them (or so) are required to sign transactions.
First, one of them opens up Cosign and creates a new wallet, and then shares the ID of the wallet with the four cosigners. All of the cosigners join the wallet and generate a new extended private key, which has a corresponding extended public key. The extended public key is shared with the others. The extended private key is kept private.
Now the cosigners can view their multisignature wallet just like a normal wallet. The appearance and workflow of the wallet are almost exactly the same, with only one catch: When someone wishes to send bitcoins, the bitcoins are not immediately sent. Instead, the partially signed transaction is shared with the other cosigners. If three of them sign it, then the transaction is complete, and can be broadcast to the bitcoin network and stored in the blockchain.
Interestingly, the team has compiled a mock-up of the wallet, but we’re still a ways off from release. There’s a whole bunch of additional information you can get on the Bitcore blog.