Free Multi-Signature API Could Help Boost Bitcoin App Security

padlock-shutterstock_127894739
3 July 2014

It’s just become much easier for developers and startups to boost the security of their bitcoin products and services.

A new multi-signature API has been released by BlockCypher, a Boost VC-backed startup, allowing anybody to easily add the security-enhancing feature to their own applications.

Multi-signature transactions involve multiple parties who are required to provide consensus in order to authenticate a transaction – an escrow-like situation operating on the block chain.

BlockCypher‘s founder and CEO Catheryne Nicholson told CoinDesk that the API is a way to provide a secure infrastructure for startups in the bitcoin ecosystem, freeing them to focus on user experience:

“If bitcoin is going to hit the mainstream, all of the applications built on the protocol need to be simpler and more user friendly. It’s never going to reach mass adoption if my grandmother or my kids can’t figure out how to use a wallet or how to buy and sell bitcoins.”

Time saver

Nicholson suggested that if bitcoin startups didn’t have to devote as much time and resources to building a secure infrastructure, companies could instead focus on improving user experience, whether they’re building a wallet, exchange or any other type of application using the block chain.

With her background in enterprise software platforms, it was clear to Nicholson that part of the reason we haven’t seen more user-friendly applications built on the bitcoin protocol is because developers are spending most of their time focusing on security.

Nicholson isn’t alone in thinking that multisig functionality could help free up developers to build better user interfaces.

While delivering the ‘Annual State of Bitcoin’ address at the Bitcoin 2014 conference in Amsterdam back in May, the Bitcoin Foundation’s chief scientist Gavin Andresen predicted the emergence of “better looking” products:

“I think wallets will be nicer, I think user interfaces will be polished, I think it will be, you know, much more secure. I think multisignature will go a long way for that.”

Until now, implementing multisig functionality has proven to be a timesuck for developers. Nicholson attributes this to the difficulty of executing the transactions with the pay-to-script-hash (P2SH) function.

Much-needed security

The multisig approach to transactions on the block chain has been lauded by many in the community as a way to enhance consumer protection and prevent fraudulent spending.

This type of functionality is essential in bringing bitcoin to mass adoption, Nicholson argued:

“There’s all types of stories about people selling their houses and cars for bitcoin, but nobody in their right mind is actually going to transfer $1m in bitcoin without arbiters or a third party involved. Multisig provides security for these types of transactions, which is essential in the digital world.”

Nicholson reaffirmed that the multisig API is written so that neither her nor BlockCypher ever hold the private keys of its users, to ensure funds cannot be stolen.

Free for now

Startups like web wallet Pheeva and Amazon-focused bitcoin marketplace Purse.io are already using BlockCypher’s cloud services, and Nicholson said both teams were excited over the news of the multisig API.

Indeed, Purse.io users may see multisig functionality added to the service sooner rather than later, with Nicholson explaining that she’s already heard from the company about its plans to use the new API.

Developers hoping to implement multisig into their products or services can expect the traditionally arduous process to take just an hour using the multisig API, which Nicholson said also works for the litecoin protocol.

The multisig API is available free of charge for anyone to use, as Nicholson stressed that immediate profit isn’t her primary focus:

“Like any API company, we’ll start thinking about profit once there’s a significant amount of people using our software that are making money off of it.”

To find out more about multisig authentication, see CoinDesk’s primer.

Padlock on keyboard image via Shutterstock