DEV Community

Cover image for Bitcoin Multisig Addresses
Peter Tyonum
Peter Tyonum

Posted on • Updated on

Bitcoin Multisig Addresses

For one to be able to transact on the bitcoin network, they need an address. A bitcoin address can be likened to a bank account in the traditional banking system. However, bitcoin addresses differ from bank accounts in so many aspects. In this article, we will look at bitcoin addresses and how to derive a multi-signature bitcoin address.

Bitcoin Addresses

A bitcoin address could be a bare public key (P2PK), but is more commonly the hash of a public key (P2PKH) or the hash of a locking script (P2SH). The most common type of bitcoin address is derived by cryptographically hashing a public key into a format that is easy to copy and share, can be error-checked, and verified using Base58 encoding. This type of address has a prefix of 1 and represents a pay to public key hash (P2PKH).

Bitcoin addresses can also be derived from scripts instead of public keys. These category of addresses have a prefix of 3 signifying a pay-to-script-hash address (P2SH), commonly referred to as multi-sig addresses. There are also bitcoin addresses that represent Segwit upgrade in Bitcoin, and comprise of public key hash (P2WPKH) and script hash (P2WSH) main types. They have a prefix of bc1 and are longer than the first two types as they use bech32 encoding.

Recently we have addresses that represent Taproot upgrade. Pay-to-taproot (P2TR) addresses start with bc1p and use bech32m encoding. When used with the key-path spending route, P2TR enables multi-key schemes like 3-of-5 to appear the same on the bitcoin network as though a single party pay-to-public key address, giving good privacy benefits. P2TR addresses are bare public keys, like P2PK.

Bitcoin Addresses hold Unspent Transaction Output (UTXOs) which represents the value of bitcoin in satoshis. To spend those UTXOs, one needs to prove ownership by using the private key associated with the address to create digital signatures that unlock the value stored in the UTXOs.

Multisig Bitcoin Addresses

For addresses derived from more than a single public key, depending on the number of minimum signatures set at address creation, they must be provided to unlock such UTXOs. These types of addresses are called multi-sig addresses. This is similar to a corporate/joint bank account that requires more than a single signature to sign a cheque to withdraw funds from the account.

Multi-sig addresses offer interesting use cases such as escrow transactions, collective management of assets, and minimizing the risk of losing a single private key among others. The most common downside of using multi-sig addresses and transactions is that they require technical knowledge to manage them.

Multi-sig transactions are of the form m-of-n where m is the number of signatures required to spend funds and n is the number of maximum public keys. For instance, a 2-of-3 transaction will require at least 2 signatures for that transaction to be valid out of a possible 3. In the following section, we will look at how a multi-sig address can be generated from 3 public keys and how we can set that at least two of the possible 3 private keys must be provided to unlock funds sent to the address.

How to Generate 2-of-3 Multisig Bitcoin Address

We will be using a bitcoin-core daemon to create a P2SH 2-of-3 multi-sig address. Here's a link to how you can set it up. Check that the bitcoin core is running on testnet. You can start the daemon by running bitcoind.

We will be using this library to generate private/public key pairs to use in generating our addresses. Follow the instructions on the readme to generate 3 pairs of private and public keys:
Using the library, we have the following public keys in hex format:

Enter fullscreen mode Exit fullscreen mode

Now we will create our multisig address with the above given public keys.
Using the bitcoin-cli, let's generate a multisig address as follows:

bitcoin-cli -testnet createmultisig 2 '["03150176a55b6d77eec5740c1f87f434cf416d5bbde1704bd816288a4466afb7bb", "02c3b2d3baf90e559346895b43253407fbb345c146910837b61f301f4c9a7edfe5", "02c6e3e94f7ff77457da9e76cf0779ca7c1e8575db064a2ea55400e6a9d8190225"]'

See cover image for result of the above command.
The parameter 2 tells bitcoind to create an address that requires the signature of at least two private keys. The fact that we are using three public keys makes it a 2-of-3 multisig address. You can use any number of keys as long as it is equal to or greater than the "minimum required to sign" parameter.

You can confirm that the generated address is valid by using the command:

bitcoin-cli -testnet validateaddress '2MyxShnGQ5NifGb8CHYrtmzosRySxZ9pZo5'

See cover image for result of command.
It is worthy to note that our generated P2SH address starts with a 2 instead of 3 as stated earlier because we are using testnet (an alternative chain for testing purposes).

You can send testnet coins to the generated address and construct a transaction to spend the transaction UTXOs using the key pairs. That is beyond the scope of this write-up. You can read more about bitcoin addresses and transaction in Chapter 4 of Mastering Bitcoin by Andreas Antonopoulos. Thank you for reading.

Top comments (0)