Featured

Introduction to Multisig Minting

Multisig minting is a coordinated effort of all multisig address key-holders to create a proof-of-stake block.

peerchemist, Nagalim

5 min read
Introduction to Multisig Minting
Spending from a multisignature wallet.

Multi-signature (multisig) refers to requiring multiple keys to authorize a transaction, rather than a single signature from one key.

Multi-signature wallets are cryptocurrency wallets that require two or more private keys to sign and send a transaction. Using a multi-signature wallet over a standard, single key wallet is usually done for the following reasons:

  • Dividing up responsibility; holding coins among multiple people in order to spread the risk.
  • Avoiding a single-point of failure; making it substantially more difficult for the wallet to be compromised.
  • Backup; m-of-n multisig where the loss of a single seed doesn’t lead to loss of the wallet. The most common m-of-n configuration is 2-of-3. Which takes 2 out of 3 keys to unlock.

Multisig addresses can easily be recognized, like the one used by the Peercoin Foundation: “p92W3t7YkKfQEPDb7cG9jQ6iMh7cpKLvwK”. The most common use of P2SH addresses is multi-signature addresses. P2SH addresses can easily be recognized as they are prefixed by lowercase "p". All multi-signature addresses start with “p”.

Multiple Signs of Potential

Taking advantage of multisig's flexibility allows for complex signing schemes with smart properties. Payment channels through the lightning network, for example, use 2-of-2 multisig addresses to couple nodes together.  Similarly, atomic swaps use multisig addresses between participants in the swap. By imposing asymmetric security practices on a 2-of-3 multisig one can define 2 keys for a cold wallet while the third hotkey allows for a dynamic choice of when to complete a presigned transaction.

Organizations are often run by boards that vote when making decisions. Multisig addresses allow for a similar kind of representation on-chain when executing funds or smart triggers. Customarily, each member would hold a key and a majority would be required to complete a transaction, but any threshold desired can be set.

Having multiple servers each with its own key can also increase accessibility, even if run by the same person. If one server goes down, it will not down a service.

Multisig Minting

Signing in Lock-Step

Photo by Josh Calabrese / Unsplash

Minting, i.e. "staking", is a Peercoin-specific process that enables proof-of-stake consensus. Minting is based on metrics of an unspent transaction output (UTXO) and its age - coinage. Each output associated with an address has a chance to find a block each second, so it is natural to seek a multisig implementation of minting that allows multisig addresses to participate in the minting process as well.

The core of the Peercoin minting process is a special transaction called "coinstake".

The coinstake transaction is a minting primitive, a special type of transaction which must be contained in every proof-of-stake block. The coinstake transaction must be the first transaction of the block and coinstake's output is used to pay out the block subsidy to the minters address.

In an input-derived proof-of-stake process like in Peercoin, a stake modifier describes the lottery by which minters search for new blocks. It collects bits of random data from different points along the chain’s history, the most recent of which is more than 20 days in the past. In the process of minting, this stake modifier is taken along with the timestamp when hashing against the PoS difficulty using output with a given coinage. The end result is pre-calculation of the time window at which a coinstake will find a block at a given difficulty.

Findstake is a Peercoin project that performs this calculation to increase the chance that you'll be ready when the time comes. Think of it as the screen in a metro station that tells you when the next train arrives.

Multisig minting is a coordinated effort of signers that is enabled by the ability to presign the coinstake transaction offline and off-chain, and only import the finalized coinstake into the full node. The Peercoin v0.11 update removes the explicit transaction timestamp, which gives enough breathing room for multisig participants to pass around a coinstake for signing. A single representative (selected minter) would then be present at the moment of block creation to forge the coinbase, add third-party transactions, and broadcast the block.

Multisig Minting Process:

  1. Use the findstake tool to find a timestamp (in the future) when UTXO wins the proof-of-stake lottery
  2. Elect minter with a hot key and a full node to be used for step 5
  3. Create a coinstake transaction using the selected UTXO
  4. Have signers of a multisig address sign the coinstake transaction
  5. Selected minter imports the signed coinstake into the core wallet and produces a block at set timestamp

First-ever multisig mint was just recently executed by the Peercoin Foundation. [1]

Further Considerations: Multisig Minting as Cold Minting and Pooled Minting

Minting a block while your keys are kept in cold storage has been discussed extensively by the Peercoin community since 2015. Various proposals have been put forth, but the hesitation with implementation goes down to the very core of what it means to secure a blockchain. Mint and spend keys were the archetypal approach, wherein a key with lesser privilege is used on an internet-connected (hot) wallet to find blocks, while they spend key is kept in a disconnected (cold) wallet. The controversy arose from the apparent devaluing of the mint process that this entails, fearing 'mint pools' that may centralize block validation, as well as a general lack of care for mint keys. While it seemed a way to increase participation in the process, it simultaneously created the question of the 'quality' of a minter that outsources its function.

Multisig minting, via the inherent time-gap and differentiation of keys, allows for a form of cold minting. Specifically, it can be called 'air-gapped' minting because the coinstake can be signed on an entirely offline system and sent via a physical device (such as a USB drive) to a hot wallet that does the block generation process. These signed coinstakes act as individual timed tickets to find a block, and so give practically no powers to the hot wallet aside from veto power. As such, this method can be used fully without the loss of integrity of block validations.

Minting pools are conceivable under the multisig minting umbrella. An operator would provide an always-on service wherein a user provides one part of a multisig pair to the pool operator, keeping the other in cold storage.  The user would then sign coinstakes every week or so and submit them to the pool operator.  While this process is likely not convenient enough to be a widespread practice, it does provide some wiggle room for complex schemes of representation amongst friends.

Minting pools also enable light clients, such as mobile clients to participate in proof-of-stake consensus by joining minting pools.

The balance between security and convenience is a line that will be fought long after we are gone. Multisig minting is a minimum viable cold minting process wherein minters are capable of participating even if they fear for the security of their keys.

By providing the tools necessary to make this process practical, the security of the network and the inherent democracy of the Peercoin chain will be improved. All will be able to participate and have representation in the validation of the chain.