Multisig: a personal Roundup

[gabridome]

It is evident that multisig is the most important thing in bitcoin in these days.
I have personally taken a look of what is possible to test today and here's what I have found.
There are at least three very interesting groups of smart people who are offering solutions based on multisig P2sh technology:

• Bitgo.com
• Cryptocorp.com
• Greenaddress.it

What I have understood:

Bitgo.com
It's ready to be explored by the end user. I have personally spoken to Will. He has been very nice to me in explaining the "pending" state of the transaction (which is due simply to confirmation phase). It is still hard to use it on a mobile but I have understood that it's going to improve.
At Inside Bitcoins conference they have announced the "corporate wallet" in which the spending authority can be shared among various members of an organization.
I think this is today the most straightforward solution to start to use multisig technology.
The controls they do before signing the transaction are still in an initial phase and you cannot set any of them (at least in the normal individual wallet). The corporate wallet is much more advanced. In this environment you can set daily expenses and other "brakes". I have been told they are thinking about extending some of the features also to the individual wallet in the future.
The three keys are generated and stored in your browser and they resides in the local storage. Two of them are printable and storable (together with the script).
[from:Bitgo]BitGo only ever sees 1 of the 3 keys in a multi-sig wallet. That key is generated on their servers and stored securely [please see their post below for further details].
In this way you are substantially in control of your money because you keep two keys sufficient to move your money (it is better to keep one of them offline in a safe place).

Cryptocorp.co
It is not yet usable for a semi-geek like me. I am extremely fascinated by the concept:
You create the keys in the way you like and you give one of the private keys to cryptocorp. When you make a transaction automatically the service should perform a complex reasoning on the risk of the transaction based on you habit, your actual balance and I don't know what else and give your transaction a risk rate.
Based on the rate the service can sign along the transaction, ask you for a second factor authentication or also refuse to sign it.
I think their approach is very peculiar and for this reason they add a very special thing to the landscape of the offering in this field.

Greenaddress.it
With greenaddress.it you are a shareholder of 50% of the share of your bitcoins for limited periods of time and this is maybe for a good reason (I was skeptic at first).
For what I understand they want to "secure your bitcoin" but also to be a reference point for all your counterparts who are warranted by the service that you are not trying to double spend.
You hopefully receive in return, when the service will be understood and trusted, an immediate trust to the transaction by your merchant and you won't have to wait to leave the shop.
For the merchant the fact that the transaction come from a service that controls double spending attempts should be of some warranty per se.
You can set a time at the end of which you can withdraw all your funds through a website  they have set up for this purpose (https://greenaddress.github.io/gentle/#/view1). In this way you can have the total of control of your money back.
I personally find this idea very good for day by day expenses if the merchants start to rely on their reputation as a double spender preventer.
The problem in my opinion is that the nLockTime transaction and the solution in general is hard to explain and to trust for the normal user.
The service come with the most rich parametrization of the expenses to date (not available yet) and with an android app, four different type of second factor authentication and hd wallets.
This last characteristic is very interesting because you can and actually give always a new address to be payed to but they share the same seed with the usual benefit of being able to backup only the mnemonic.

As a side note I have not obviously had the chance to test Cosign (by bitpay) but the mock up is fantastic.

I find all this services a fantastic new possibility and I have written this to outline especially the differences among them I have noticed.
Tell me your opinion and point out my errors or misunderstandings.
I think it is crucial to develop different services that cover different needs for the end user and the multisig technology give this possibility.
EDIT: 1. corrected the part regarding the key generation with Bitgo
        2. The parametrization of the expenses on greenaddress.it is not yet available (corrected).
        3. Corretto il sito di cryptocorp (non é .com)

[doug_armory]

Armory will soon have multisig (OP_CHECKMULTISIG and P2SH) support. It was demoed at the Inside Bitcoins conference earlier this week. People can play around with the code on Github but it's not ready for primetime just yet.

[gabridome]

I saw Armory's stand at the conference. It was really interesting to see the new features live.

The distribution for the online wallet they have made is also very important. I know that it is a delicate issue but it would be great if they released it.

[BitGo]

Thanks Gabriele for the endorsement! There is an inaccuracy about BitGo.

The three keys are generated and stored in your browser and they resides in the local storage. Two of them are printable and storable (together with the script). In this way you are substantially in control of your money.

BitGo only ever sees 1 of the 3 keys in a multi-sig wallet. That key is generated on our servers and stored securely.

The user key and backup key, and the passcode, are never seen by BitGo. The user key is generated in the user’s browser and encrypted with a passcode. We recommend users create their own backup key as a “cold key” that is not seen in the user’s browser or on our servers.

Because of this design, BitGo can never access the bitcoins of its customers. BitGo is a security service and co-signer only.

We have been live since August 2013 and have performed extensive independent security audits.

To learn more, here are some resources:
1- Our whitepaper about multi-sig P2SH addresses at https://www.bitgo.com/p2sh_safe_address.
2- You may examine our client-side code at https://github.com/bitgo.
3- An endorsement by BitPay on their blog http://blog.bitpay.com/2014/04/07/bitcoin-wallets-and-decentralization.html.

[gabridome]

Thanks Gabriele for the endorsement! There is an inaccuracy about BitGo.

The three keys are generated and stored in your browser and they resides in the local storage. Two of them are printable and storable (together with the script). In this way you are substantially in control of your money.

BitGo only ever sees 1 of the 3 keys in a multi-sig wallet. That key is generated on our servers and stored securely.

The user key and backup key, and the passcode, are never seen by BitGo. The user key is generated in the user’s browser and encrypted with a passcode. We recommend users create their own backup key as a “cold key” that is not seen in the user’s browser or on our servers.

Because of this design, BitGo can never access the bitcoins of its customers. BitGo is a security service and co-signer only.

We have been live since August 2013 and have performed extensive independent security audits.

To learn more, here are some resources:
1- Our whitepaper about multi-sig P2SH addresses at https://www.bitgo.com/p2sh_safe_address.
2- You may examine our client-side code at https://github.com/bitgo.
3- An endorsement by BitPay on their blog http://blog.bitpay.com/2014/04/07/bitcoin-wallets-and-decentralization.html.

Thank you. I edit the post immediately.

[tryexcept]

Ciao Gabriele, thank you for the endorsement from us too

I wanted to provide a link to our design/’white paper’ document, I hope people find it interesting http://ghgreenaddress.files.wordpress.com/2014/04/greenaddressp2sh2of2hd-61.pdf

In the document we describe our current design and also some improvements we are working on including making sure that we provide time locked transaction even before putting your bitcoins in your GreenAddress wallet, making it effectively zero-trust.

That’s of course assuming that you are not using the web site for full login operations as the service could be compromised but either the chrome plugin or the android application (which verify tx before signing against the electrum network) which are open source and can be inspected.

We also have some very alpha API documentation (used by all our wallet apps) which we’re working on polishing : this should allow integration with any third party software & hardware wallet, vending machine or ATM, etc. See http://api.greenaddress.it

Please note we are also working on risk management and fraud detection and will be providing updates as our solutions are ready as well as the market ready for adoption.


Last, but not least, GreenAddress uses HD keys both on the client and the server to avoid any type of correlations so, differently from BitGo, the privacy for the user is always ensured.

Another difference between GreenAddress and BitGo is that it’s impossible for a malware to get both the private keys since they never are on the same device at the same time, even at creation time.

oh, we recently added dutch, greek and qr code support to all html5 platforms including iOS, even for login

Cheers!

[gabridome]

Another difference between GreenAddress and BitGo is that it’s impossible for a malware to get both the private keys since they never are on the same device at the same time, even at creation time.

In reality it seems that in Bitgo you can create your backup key as a "cold key" in which case you actually could have your three keys separated at creation time and on different devices:

• One is created by bitgo on their services
• One is created on the user's online device
• One is created as a cold key on a offline device.

I have to point out though that you have to choose "advanced" at creation time to find this option but actually it exists.

Se below for explanation.

BitGo only ever sees 1 of the 3 keys in a multi-sig wallet. That key is generated on our servers and stored securely.

The user key and backup key, and the passcode, are never seen by BitGo. The user key is generated in the user’s browser and encrypted with a passcode. We recommend users create their own backup key as a “cold key” that is not seen in the user’s browser or on our servers.

[testconpastas2]

bitgo should allow this pattern to be really secure.

1 key ------> server
2 cold keys ----> client.

Bitgo its more secure than blockchain.info. but it's a 2of3 multisign , and if you assume bitgo is compromissed, to avoid the control of a 2nd key you must have the other 2 cold.

Said that, for small amounts of btc bitgo seems a nice alternative to blockchain.info

I think this approaching is better.
https://api.trustedcoin.com/#/example-2-of-3

[gabridome]

I think this approaching is better.
https://api.trustedcoin.com/#/example-2-of-3

I agree. I have just written a couple of python scripts to use Trustedcoin's API with pybitcointools.
Check it out!
https://github.com/gabridome/trustedcoin

I have to say that they are not exactly cheap though (50000 satoshis each transaction).