Multisig Transactions

One of the most practical and widely used features of Bitcoin Script is multisignature (multisig) transactions. Multisig allows you to require multiple private keys to authorize a Bitcoin transaction, dramatically improving security for individuals, businesses, and organizations.

How Multisig Works

A standard Bitcoin transaction requires one signature from one private key. A multisig transaction requires M signatures out of N possible keys (written as M-of-N). For example:

• 2-of-3 multisig: Three keys exist, but any two are needed to spend. The most popular setup.
• 3-of-5 multisig: Five keys exist, three are needed. Used by organizations and high-value storage.
• 1-of-2 multisig: Two keys exist, either one can spend. Useful for shared accounts between trusted parties.

Under the hood, the locking script uses the OP_CHECKMULTISIG opcode. This opcode takes M, N, the N public keys, and verifies that at least M valid signatures are provided in the unlocking script.

Why Multisig Matters

Multisig solves several critical problems:

• No single point of failure: If one key is lost or stolen, your Bitcoin is still safe. In a 2-of-3 setup, you can lose one key and still spend with the remaining two.
• Protection against theft: An attacker who compromises one key cannot steal your funds — they need a second key stored in a different location.
• Corporate governance: A company can require multiple executives to sign off on large transactions, preventing embezzlement or unauthorized spending.
• Inheritance planning: Keys can be distributed among family members and a lawyer, ensuring Bitcoin can be recovered if the primary holder passes away.

Multisig in Practice: The 2-of-3 Setup

The most recommended personal setup is 2-of-3 multisig:

1. Key 1: Stored on a hardware wallet you keep at home.
2. Key 2: Stored on a second hardware wallet kept in a bank safe deposit box or trusted family member's home.
3. Key 3: Stored with a collaborative custody service (like Unchained or Casa) that co-signs when you request.

This means: if your house burns down (losing Key 1), you use Keys 2 and 3. If the custody service disappears, you use Keys 1 and 2. If a thief steals Key 1, they still cannot spend without a second key.

Multisig for Sri Lankan Businesses

For Sri Lankan businesses beginning to hold Bitcoin on their balance sheets, multisig is essential. Consider a small export business in Colombo that receives Bitcoin payments from international clients. Instead of trusting a single employee with the company's Bitcoin wallet, a 2-of-3 multisig setup can require sign-off from two of three company directors. This mirrors the dual-signatory requirements that Sri Lankan banks already use for business accounts — but enforced by mathematics rather than institutional trust.

P2SH: Pay-to-Script-Hash

Multisig transactions use a script format called P2SH (Pay-to-Script-Hash). Instead of putting the full multisig script in the locking script (which would be long and expensive), P2SH stores only the hash of the script. The full script is revealed only when the Bitcoin is spent. This makes multisig addresses shorter and more efficient.