In this presentation, we look at P2SH and Multi-sig, and cover the many uses and models that are emerging for these technologies.

1. P2SH and Multi-Sig
Ending the Cold Storage Ice Age
Benedict Chan, BitGo
@bencxr benchan@bitgo.com

2. Agenda
● Pay to Script Hash
● Emerging multi-sig concepts and scenarios
● Implement a multi-sig wallet in 5 minutes

3. Pay to Script Hash (P2SH)
● Bitcoin address can require successful
execution of a script corresponding to a
hash
○ Past: “Claim if signed by xyz private key”
○ Now: “Claim only if xyz conditions were satisfied”
● 7.88% of BTC held in P2SH addresses

4. P2SH - Hash-Locked Contract
● Example: A and B want to trade BTC for DOGE
● A thinks of any x and hashes it to H(x)
● On Bitcoin chain:
○ A creates transaction TX0 to a P2SH script to
■ Pay BTC to B if x of H(x) is known and signed by B or
■ Pay BTC to A if signed by A and B
○ A creates refund transaction TX1 (with TX0 as input) valid at a
future date (3 days later) for B to sign
● On Dogecoin chain:
○ B does similar (refund not shown), sends to P2SH script “Pay
2,000,000 doge to A if x of H(x) is known and signed by A”
● When A claims DOGE by revealing x, B can claim BTC

5. P2SH - Multi-Signature Address
● Spend an input if only M of N signatures were
provided
○ Commonly 2 of 3 (up to 15)
○ M of N must be defined at address creation
time
● Signers cannot change outputs

6. Cold Storage on Multiple Machines
● Create and use keys on separate
online/offline devices
● Hacker must compromise multiple machines
● Redundancy
● Examples: Bitcoind (createmultisigaddress,
createrawtransaction), Armory Lock Boxes

7. Multi-Sig Hardware Wallets
● Additional signer
● Private key never leaves device
● Low malware risk

8. Joint Wallet with Multiple Parties
● Family expense wallet
● Group savings (birthday gift, holiday funds)
● All signers have equal importance

9. Multi-Sig Escrow
● 2-of-3: Buyer, Seller and Escrow
● Buyer sends purchase funds, seller (may) send collateral
● If buyer receives item in good order, create payment
transaction with seller.
● Otherwise escrow agent can mediate
● Escrow agent can never steal funds with only 1 key

10. Micro Payment Channel
● Customer creates TX0 for 1 BTC to shared 2-of-2 address
● Provider sends Nlocktime refund transaction for full amount
● Publish TX0
● Replace off-chain transactions
○ 0.99 to customer, 0.01 to provider
○ 0.98 to customer, 0.02 to provider
○ …
○ 0.55 to customer, 0.45 to provider
● Broadcast only last transaction to close channel

11. Instant Confirmations
● “Clearing house” creates a 2-of-2 address for the customer
to pre-fund
● Payments out of address guaranteed “instant
confirmations”
● Clearing house would never double-sign the same input
BitPay Impulse

12. Smart Co-Signer Service
● 2 keys held by customer, 1 key by
service
● User creates and half-signs transaction,
then sends to co-signer
● Co-signer executes security and logic

13. ● Per-day limits / Per-transaction limits
● Destination bitcoin address whitelists
● Time of day restrictions
● Human approvals - User/password/2FA
● Red button (kill switch)
● Blacklisting, IP lockdown, ...
● External webhooks
BitGo Co-Signer Logic

14. Enterprise Treasury
● Multiple users on a wallet
○ Require 2FA and User Auth
● Accountant creates transactions up to a limited amount per
day
● CEO, CFO able to approve large withdrawals
● Can add/remove privileges of users at any time
● Example customers: SecondMarket, ChangeTip, BitFury..

15. ATM Provider
● Shared wallet with multiple machines
● One access token per machine
● IP lockdown for each token
● Tokens may be individually revoked
● Example customers: Lamassu ATMs

16. Exchange Hot Wallet Pool
● Exchange maintains single hot wallet for all deposits and
withdrawals
● Outgoing withdrawal amount limited per day
● Callback on each transaction to accounts database
● Examples: Bitstamp, BitSpark, BitQuick, MimeticMarkets, ...

17. Exchange-owned Segregated Wallet
● One wallet per exchange user
● Per-user-wallet policy granularity
● Withdrawals require user 2FA
● Transactions to house wallet whitelisted

18. ● Every user owns their own private key
● Backup key held by arms-length custodian
● Buy orders can go directly to user wallet
● Sell orders can be confirmed by exchange instantly
● Great for places that allow you to just “buy
bitcoin”
User-owned Wallet Linked With Exchange

19. Exchange+User Joint Wallet
● User and exchange each own a private key
● Instant confirmation
● Withdrawals depend on
○ Webhook call to exchange to ensure user has
sufficient margin

20. Co-Signer Oracle Contracts
● HTTP callback enables external logic to be implemented
Shared
Multi-Sig
Wallet
UserA BTC Collateral (1BTC)
UserB BTC Collateral (1BTC)
Winner creates/signs tx
for 2BTC out
BitGo Co-
signer
Webhook oracle
gets BTC price at
contract date to
determine winner
cosign/transmit
Bitcoin
P2P Net

21. Open Source SDK
1. Create a wallet
2. Get new addresses
3. Fund the wallet
4. Get transactions and balances
5. Send coins
Implementing multi-sig in 5 minutes

22. Exchange integration demo
● First open-source multi-sig bitcoin exchange
● Uses bitgod (bitcoind adapter for Bitgo)

23. Thank you
visit: https://www.bitgo.com/platform
twitter: @bencxr
email: benchan@bitgo.com