‘Cosign’ Wallet Streamlines Multisignature Transactions, Enhances Security

Screen-Shot-2014-03-27-at-4.02.59-PM
27 March 2014

BitPay’s BitCore development team is working on a new project that it claims will be “the most secure wallet in the world”.

Dubbed Cosign, the wallet is being developed to allow streamlined multisignature transactions that will add much needed security to bitcoin storage technology.

The idea behind multisignature wallets is a simple one – transactions must be authenticated by more than one person to confirm that they are valid, hence boosting security. However, this does add another level of complexity to the process.

Now, though, the Bitcore team thinks it has cracked that problem with a user-friendly system that coordinates the cosigning process.

Streamlined transactions

The developers explained that Cosign will allow users to spend multisignature coins much like standard, single-signature bitcoins.

If someone wants to spend coins from a multisignature wallet, they can do so just as they would with a normal wallet, but that would not complete the transaction. The partially signed transaction would then show up on cosigners’ screens, requiring them to approve it.

Once three cosignatories have signed the transaction (in a 3-of-5 scenario), it would then be broadcast to the bitcoin network.

This obviously adds yet another layer of protection. Even if your private keys are compromised, that won’t be enough to steal your coins, as an attacker would also have to steal keys belonging to your cosigners.

The keys must be generated by the client and they must be encrypted. The software also has to be executed on the client side, so it could not be audited or changed by a third party.

The developers explained:

“Cosign takes advantage of a number of modern browser and bitcoin technologies to make this possible. Web RTC is used to establish P2P connections between cosigners. HTML5 local storage is used to store the wallet. HD extended keys are used to simplify the generation of new addresses.”

Cosign: Step by step

While the process may sound cumbersome, the whole point of Cosign is to simply and streamline every step.

The team outlined a basic scenario, which includes five people who want to open a joint wallet and act as cosigners.

First, a new Cosign wallet must be created and its ID shared between the members of the group.

All cosigners then join the wallet and generate a new extended private key, which has a corresponding public key. The public key is shared with the others, while the private key is held in secret, as the name suggests.

cosign-2-home

The team explained:

“Now the cosigners can view their multisignature wallet just like a normal wallet. The appearance and workflow of the wallet are almost exactly the same, with only one catch: when someone wishes to send bitcoins, the bitcoins are not immediately sent. Instead, the partially signed transaction is shared with the other cosigners.

If three of them sign it, then the transaction is complete, and can be broadcast to the bitcoin network and stored in the blockchain.”

When a cosigner sends bitcoins, the transaction is regarded as ‘partially signed’, and shows up on the screens of the other cosigners. The other cosigners can either choose to sign or to ignore the transaction.

If enough cosigners sign the transaction (say, three, in the case of a 3-of-5 multisig wallet), the transaction is fully signed and automatically broadcast to the bitcoin network.

cosign-3-txs

Other than the fact that the transaction is not broadcast to the network until it is signed by the required number of cosigners, the wallet looks and acts much like a regular bitcoin wallet.

There is just one small catch: in order to back up the wallet, at least three cosigners have to have their keys available in order to recover the bitcoins.

Cosign is still not ready for prime time, so CoinDesk could not try it out. However the developers have created a few mock-ups to show off the concept.

Disclaimer: CoinDesk founder Shakil Khan is an investor in BitPay.