Multisig is a capability built-in to bitcoin that enables you to store bitcoin in a wallet controlled by multiple keys (as opposed to a single key). You can use multisig to increase your security by ensuring multiple keys, held in different locations, are required to sign a transaction before someone can spend your bitcoin.
Multisig is very flexible, enabling bitcoin app developers to choose the total number of keys (n) and how many of those keys are required to make a successful transaction (m). The multisig configuration is known as m-of-n or the quorum. Some wallets allow the user to customize both the m and n.
The most common multisig configurations
The most common m-of-n models that have emerged for bitcoin cold storage wallets are:
- 2-of-3: Three keys total, with any two keys required to spend.
- 3-of-5: Five keys total, with any three needed to spend.
2-of-3 and 3-of-5 have emerged as the standard because they offer strong security by distributing control while balancing redundancy and simplicity. If you use too few keys, for example, 1-of-2 or 2-of-2, it’s risky if something goes wrong with one key, and anything more than five keys can get unwieldy for the average user.
|Bitcoin app||Multisig m-of-n|
|Blockstream Green||2-of-2 and 2-of-3|
|Casa||2-of-3, 3-of-5, and 3-of-6|
|Caravan||User-customizable, up to m-of-7|
|Electrum||User-customizable, up to m-of-15|
|Sparrow||User-customizable, up to m-of-15|
|Specter||User-customizable, up to m-of-15|
2-of-3 vs. 3-of-5: Which is better?
Before we dive into comparing 2-of-3 vs. 3-of-5, it’s important to clarify that the form of multisig you should use for your bitcoin cold storage will largely depend on your situation. Multisig is highly customizable, currently offering up to 15-of-15 wallets (don’t do this…unless you have a really good reason to!), and everyone’s financial and security needs are different.
Since there is no way to declare one particular m-of-n scheme as the best solution for all situations, we’ve written this article to apply to most individuals and small businesses considering bitcoin cold storage.
We should also disclose that at Unchained, we only offer 2-of-3 for our bitcoin vaults. But there are strong reasons why we landed on this model and continue to promote it!
To help you better understand the trade-offs involved in selecting the m-of-n multisig scheme you use to secure your bitcoin, it’s a good idea to look at some fundamental principles of multisig.
1. Number of keys required to spend (m)
Increasing the number of keys required to spend (m) is ultimately the variable that defines how hard it is for someone to spend your bitcoin—including an attacker (hacker or thief) as well as yourself!
The higher the m, the more keys someone needs to control to make an outgoing transaction. This may sound like a higher m is automatically more secure, and while that can be true, it’s not always the case, as we’ll explain below.
2. Total number of keys (n)
Increasing the total number of keys (n) does not directly improve your bitcoin’s security aside from providing you with more capacity to increase m. As explained in the next section, it also offers more capacity to lower the m-to-n ratio and improve redundancy.
The downside is that with a higher n, there are more sensitive items for you to secure—for every additional key, there are two more things to secure, a key and its seed phrase backup.
3. M-of-n ratio (“quorum quotient”)
Increasing the m-of-n ratio (higher m, lower n) reduces the redundancy provided by your multisig storage (backup keys when you lose access to one or more of your other keys). E.g., if you use a 5-of-5 multisig wallet, losing access to one key and its backup would permanently lock you out of your bitcoin.
Decreasing the m-of-n ratio increases redundancy, so losing one or more keys becomes less catastrophic. Still, it conversely increases the importance of protecting each key from access by third parties. E.g., if you used a 1-of-5 multisig wallet, you would need to protect all five of your keys as if each were a singlesig wallet (although in this case, even with access to one key, an attacker would still also need your multisig config file to be able to successfully spend).
Advantages of multisig cold storage
When you hold bitcoin for the long term, typically, the motivation for using multisig over singlesig is to improve security. “Improving security” is a broad term, so let’s break it down a little:
- Resisting attacks: Resistance against remote attacks (malware, hacking, and phishing) and physical attacks (burglaries and muggings).
- Fault tolerance: Protection from yourself—that is, making mistakes. For example, losing a key or seed phrase, or entering an incorrect address for a transaction. Also resistance to house fires, floods, volcanic eruptions, or acts of God.
- Distributing key control: Distributing control of a bitcoin treasury amongst stakeholders for an organization, such as a company, fund, charity, or family office.
- Collaborative custody: Partially share key control of your assets with a collaborative custody partner (like Unchained) to help with securing your bitcoin.
Trade-offs of bitcoin multisig vs. singlesig
This article assumes that self-custody (including collaborative custody) is always better than third-party custody when securing a significant portion of your wealth—not your keys, not your coins. Multisig offers many benefits over singlesig for self-custody. But it does come with a set of trade-offs, and these can vary depending on the multisig setup:
- Convenience: While the process is getting easier, setting up and spending from a multisig wallet is inherently a little more complicated than a singlesig wallet.
- Ease of backup: With a singlesig wallet, you only have to secure one key (by key we mean a device that holds your key, e.g., a hardware wallet or smartphone) and one seed phrase backup. With multisig, you need to secure one device and one seed phrase per device, which increases the number of items you need to take responsibility for protecting.
- Availability of access: If your multisig requires multiple keys to send a transaction, and you have geographically distributed your keys, then the availability of your funds decreases. The more keys required, the more places you need to travel to complete a payment.
- Cost of transactions: Sending a payment on the bitcoin network requires a transaction fee. Fees vary depending on the data size of the transaction and the demand for bitcoin block space at the time. Multisig payments, in general, require more block space than singlesig payments. The more keys involved in your multisig wallet, the more data necessary for the transaction.
Comparing 2-of-3 vs. 3-of-5: Factors to consider
Assuming an attacker knows that you’re securing funds with multisig, with properly distributed and secured keys, 3-of-5 provides more protection from hacks and thefts than 2-of-3 simply by forcing an attacker to acquire more keys to spend your bitcoin (see principle 1 above).
Caveat: Gaining control over two offline keys held at separate locations is already tricky for most attackers. An opportunistic attacker that discovers one of your keys will not necessarily assume that it is used to secure a multisig wallet, nor will they know how many additional keys they need to gain access to. Also, with more keys to secure (five), there are more places to attack—see ease of backup below.
As above, on paper, 3-of-5 also has a higher fault tolerance than 2-of-3. As per principle 3 above, 3-of-5 has a lower m-to-n ratio, so more keys can get lost or destroyed before you lose access to the wallet.
Caveat: Bear in mind that with more total keys and backups to secure, there are more ways for something to go wrong. For example, if you’re having to secure five or more locations, you’re more likely to lose one key. If you ever discover that even one key is lost, stolen, or damaged, you need to replace the key through a lengthy “rekey” process.
Distributing key control
When it comes to distributing key control at your organization, your choice of 2-of-3 or 3-of-5 will largely depend on how many trusted stakeholders you would like to involve in the security of the organization’s bitcoin. Note that the more people you involve in key management, the more likely you will need to rekey in the event of an employee departure.
If you share one key with a collaborative custody partner like Unchained, 2-of-3 enables the partner to play a more significant role in wallet recovery and cosigning. You also can be sure they cannot access your bitcoin themselves. You only need to ensure you always have access to one key to access your cold storage bitcoin, and the partner can provide the other.
In a 3-of-5 collaborative custody arrangement, you still need access to two keys, ideally geographically separated, in addition to the collaborative custody partner’s key, to be able to access your funds.
Setup and maintenance of three offline keys is a more straightforward task than five, as is signing two keys rather than three. 2-of-3 still offers robust security with no single point of failure.
Complexity is also the enemy of good security. A common pitfall for bitcoin holders is to overweight malicious attack vectors and introduce excessive complexity to their security setup to combat those threats, such that the complexity itself becomes the primary risk factor to their bitcoin holdings. In this way, bitcoin holders can become their own worst enemy.
By using fewer keys, you can focus on maximizing your key storage and operational security while still retaining the security benefits of a respectable level of decentralization.
Ease of backup
When setting up a singlesig wallet, you must secure your key (e.g., on a hardware wallet) and a seed phrase backup. That’s two items to take care of. With multisig, you need to secure a key and a backup for each key. If you’re using 2-of-3, that means there are six items to secure (three keys, three seed phrases), and if you’re using 3-of-5, that means there are ten items to secure (five keys, five seed phrases).
To properly secure your bitcoin, you should secure each of these keys and seed phrase backups separately (we recommend distributing across home safes and safe deposit boxes). Otherwise, putting them together defeats the object of using multisig. It’s not easy to find and maintain six secure locations, never mind ten!
As the number of required places to secure your keys and backups increases, this can lead you to make compromises on the security of some locations. A smaller number of items to secure allows you to better focus on maximizing the security of each location.
A collaborative custody provider can help reduce your backup burden. For example, using an Unchained vault lets you enjoy the security benefits of 2-of-3 while only needing to secure five items (two keys, two seed phrases, and a wallet config file) instead of seven. Casa suggests taking a “seedless backup” approach for its 3-of-5 plans, which also results in four things for you to secure instead of ten, but as we’ll explain, going seedless exposes you to new risks. More on this in the collaborative custody section below.
Note: With any multisig wallet—collaborative custody or not—you need to store a multisig config file in addition to your keys and seed phrases. However, a multisig config file does not require the same level of physical security as a key or seed phrase and so is not included in this comparison.
Availability of access
While multisig certainly makes it harder for an attacker to spend your funds, it also makes it harder to spend your funds yourself. We assume that you should geographically separate each key in your multisig arrangement. And the more keys you require to spend (m), the more places you need to travel to before you can access your bitcoin.
The point of savings, whether bitcoin or fiat, is for them to be there when you need it. If you’re unable to travel to one or more keys due to unforeseen events, then you could find yourself unable to access your bitcoin on a “rainy day.”
Although some multisig providers host one of your keys on a mobile device, we don’t recommend holding any bitcoin keys on a connected, “hot” device for any significant sum of funds (see the collaborative custody section below). Assuming all keys are stored securely on offline devices, 2-of-3 is simply a lot more straightforward for personal access than 3-of-5.
Cost of transactions
During periods of low block space demand, this is a non-issue because bitcoin transactions during these periods are very cheap. However, as soon as congestion emerges on the blockchain, for example, during a bull market, the type of transaction you’re making can result in non-trivial differences in miner fees.
The more keys involved in your multisig transaction, the larger the data size of your transaction, the higher the miner fee you will need to pay. As an extreme example, for a 2-of-3 multisig transaction that spends a lot of deposits during periods of high block space demand (>100 sats/vbyte), it’s been known for a transaction to cost upward of $1,000 for confirmation within an hour. And—all other things being equal—3-of-5 multisig transactions are significantly larger (data) and therefore more expensive than 2-of-3 transactions.
|Resisting attacks||Fault tolerance||Distributing key control||Collaborative custody||Convenience||Ease of backup||Availability of access||Cost of transactions|
Of course, in reality, each of these categories has a lot more nuance than can be captured in a simple binary result.
Your choice of a multisig arrangement will ultimately depend on your situation and preferences, and we hope our examination above helps you make a more informed choice of the two! Both 2-of-3 and 3-of-5 offer excellent security for your bitcoin as long as you have the means to backup and secure your keys properly.
And if you introduce collaborative custody to your multisig security, this can change the dynamics of 2-of-3 vs. 3-of-5 as we’ll explain in the next section.
By using a collaborative custody partner for your bitcoin’s multisig security, you can enhance the benefits of a multisig wallet and mitigate the disadvantages. Both 2-of-3 and 3-of-5 can benefit from improved usability through collaborative custody, but as with any trade-off, you can be exposed to new risks.
Fewer things to secure
One of the main challenges of multisig is the number of sensitive items you need to secure. At Unchained, we provide 2-of-3 collaborative custody, with one of your keys and its associated backup secured by our team. Collaborative custody reduces the number of sensitive items for you to secure from six to four (two keys, two backups)—much more manageable!
You could take the same approach with 3-of-5, but this would only reduce ten items to eight—still a lot to secure for the average person or small business. Hence 3-of-5 providers like Casa offer “seedless backups” as an option…
Seedless vs. seed phrase backups
In a seedless backup setup, the seed phrase for each key is dispensed with entirely—destroyed—and you rely on the keys themselves as backups. In a 3-of-5 collaborative custody multisig, with one key secured by the provider, going seedless results in four things for you to secure instead of the standard ten. Even if two keys are lost or destroyed, you can still regain access to your funds with the remaining three.
While on the face of it, that may sound like a big win, seedless multisig exposes you to several less-obvious threats. We recommend you always keep seed phrase backups for your keys. Offline, physical backups are how you guarantee you are not reliant on your hardware wallet or multisig software providers. Hardware wallets are a fantastic, battle-tested technology for securing your bitcoin keys, but they can and do suffer technical failures like any hardware.
In a 2-of-3 multisig, with one key held in collaborative custody, you can lose two keys and a seed phrase and only have one seed phrase remaining and still regain access to your bitcoin through your collaborative custody partner.
Speaking personally, I’ve worked in the bitcoin industry for a long time now, and the second-most common reason I’ve observed for lost bitcoin is not a hack but a lost seed phrase and key (the first reason being trading altcoins). You need to make sure you have backups and secure them well.
|Quorum||Custody||Keys to secure||Seed phrases to secure||Total items to secure||Maximum items lost while still retaining access to your bitcoin*|
|3-of-5||Seedless collaborative custody||4||0||4||2|
* Remaining items must belong to different key-backup pairs. You must also still retain your multisig config file backup. Losing any multisig keys or seed phrases is dangerous; it should never be considered acceptable, and you should arrange replacement keys as soon as you discover a loss/fault.
As touched upon in the previous section, collaborative custody can also improve the availability of access to your bitcoin.
In 2-of-3 collaborative custody, if you can’t access one of your two keys and its backup due to unforeseen circumstances, you will still be able to contact your collaborative custody to cosign the transaction. At Unchained, we have a rigorous identity and intent verification process to ensure the security of the cosign facility.
The same goes for if you’re ever on the road, you only need to access one location before you travel and take one key with you.
However, with 3-of-5 collaborative custody, you always need access to at least two of your keys and your partner to cosign. Casa stores one of your five keys on your smartphone to mitigate this, but that introduces new vulnerabilities (see next section).
Mobile apps vs. offline hardware wallets
By holding one of your five multisig keys on your smartphone, Casa ensures that it’s always with you. You technically only need to access another of your hardware wallets plus Casa’s cosign service to complete a transaction.
Again, while this may sound pretty neat, we take the position that storing a key to a material portion of your wealth on an online device that you regularly carry on your person is an unacceptable compromise for improved usability.
Bitcoin keys should be kept safely offline, ideally on dedicated devices, where you do not expose them to known and unknown remote attacks.
Phones are also lost all the time. Anything you carry on you in your day-to-day is not only less secure by definition, but it is at greater risk of loss in non-malicious scenarios. If you lose your phone, you can consider its key compromised, and you will need to replace the key then transfer funds to the new multisig wallet. Replacing the key will require accessing up to three other key locations, which is not only burdensome but also could compromise the security of your key locations.
Security is about balance
Multisig security is not simply a sum of how many keys an attacker is required to control before they can spend your bitcoin. Security also involves how each key and its backup is stored, how accessible your bitcoin is when you need it, and how protected you are from your own errors. And complexity can be a greater threat to yourself than any hacker!
2-of-3 strikes the optimal balance for most people securing a material percentage of their wealth.
2-of-3 keeps the number of keys and backups you need to secure low, enabling you to focus on maximizing the security of each key location and its backup. It also retains the security benefits of decentralization as well as redundancy from losses, hardware failures, and other unforeseen events. Going the collaborative custody route can reduce the number of keys you have to manage further.
But ultimately, everyone’s financial situation and security needs are different, and there are many ways of deploying multisig that will significantly improve your bitcoin security compared to a singlesig wallet. And multisig is almost always superior to a custodial wallet. Just make sure you do your research, use a wallet with a good track record on security, and remember to reassess your setup regularly.
Get started with multisig
If you think multisig security might be suitable for you or your business’ bitcoin holdings, we’d be happy to help. You can book a consultation with our Client Solutions team, or if you’re already ready to take the plunge, sign up for a personalized 1-to-1 onboarding session with a multisig specialist or get started yourself with our DIY guide.