On-chain or Lightning
This article will focus on the method of creating a multisignature wallet using the Electrum Desktop Wallet. I am not planning to discuss the pros and cons of multisignature wallets here. The principles of multisignature wallet creation in this guide can be applied using other software wallets as well.
If you don’t know what you’re doing and read this only superficially, there is a chance you can lose funds. Be careful and make sure you understand everything. It is important to practice and become very comfortable before committing serious funds to the wallet. Practice with small amounts first.
I will be demonstrating the basics, without consideration for the safety of the seed phrases – we will be discarding the seeds anyway and they shall never hold money you don’t want to lose. This lets us focus on the mechanics of multisignature wallets, rather than being distracted with seed phrase safety. When the time comes that you want to apply this in a safe environment for your real funds, you will need multiple different hardware wallets or an air-gapped computer.
Even without these safer tools, if you understand multisignature wallets like an expert, then creating a wallet on multiple insecure devices is safer than a single signature wallet on one insecure device that you may be using now.
If you are not fairly advanced in understanding Bitcoin wallets, keys, and security, there is little point in embarking on learning multisignature wallets now. I recommend you take a step back and proceed through my ZeroTrust self-custody system, and work through it one level at a time. Doing things in a very wrong order will make your life harder for no reason.
In addition to learning multisignature using Electrum Desktop Wallet, you should be familiar with the software in general. Here is a thorough walkthrough of Electrum. A good alternative Bitcoin Wallet is Sparrow Bitcoin Wallet for which I have guides, and a multisignature edition may be developed in the future.
To understand the benefit of a multisignature wallet compared to a single signature wallet with or without a passphrase, or splitting the seed with Shamir’s Secret Sharing, see this Twitter thread:
If you find that learning this on your own using the guide is too daunting, you may choose to learn with personal guidance from me; Here are details of my mentorship program.
Multisignature Keys
Before ever proceeding with a multisignature wallet for your real funds, I INSIST you understand multisignature public and private keys thoroughly – you should be familiar with this guide – it is essential. If you choose to ignore this advice, I won’t be held responsible for any bitcoin you lose.
The Environment
- Download and install Electrum Desktop Wallet. Verifying the download and connecting to your own node is not necessary for this exercise. When the time is right to thoroughly learn to use this wallet here is my guide.
- Have ready a spreadsheet or document editor on the same computer as Electrum.
- Have a browser open and navigate to Ian Coleman’s BIP39 tool. Keep it open in the background.
Preparation – Make Dummy Mnemonic Seeds
This is for practicing only. I’ll show you how to make BIP39 mnemonic seeds quickly and easily so that you understand it, but note this is not the secure way to do it.
Go to Ian Coleman’s website that you opened earlier. Change the word number from 15 to 12. Click “generate” and copy the 12 words to the computer’s clipboard.
Eg:
Then go to your spreadsheet and paste in the 12 words. Give them a heading, e.g. “Co-signer #1”.
Then scroll down the BIP39 website, and click the BIP141 tab so you can access multisignature extended public keys.
Then manually edit the derivation path from “m/0” to what you see below – it must be exact including the apostrophes:
Also, change the “Script Semantics” to “P2WSH (1-of-1 multisig)” as you see above.
You will then see the BIP32 (Hierarchical Deterministic Wallets) extended private and public keys (just below “Script Semantics”) suitable for multisignature wallets.
Copy the extended PUBLIC key to your text document. (the extended private key is not required)
Review of the Document:
Your text document should contain the details seen below:
Now repeat the process for another four keys until you have 5 Cosigners in total.
Sidenote (on single signature wallets):
For the mnemonic words, I’ve shown you how to make multisignature public and private keys. For the same words, if you choose, you can make a totally different single-signature wallet (unrelated to the multisignature) using extended public and private keys, under the BIP84 tab (for Segwit addresses).
You will need the Account Extended Private Key, or to make a watching wallet, the Account Extended Public Key. It’s a little confusing because you’ll see both an account extended private key, and a BIP32 extended private key – you need the first one, account extened private key for your regular HD single signature wallet.
Constructing the multisignature wallet
Load Electrum. The following window will appear. Create a different name if you wish, and click “Next”:
This will be the next pop-up. Select multi-signature wallet. Then click Next.
You will be given the choice of setting up how many keys you will be using (a total of ‘n’ cosigners) and the minimum number of signatures required to spend (‘m’ signatures). The pie graph makes it clearer.
Note that to regenerate your wallet, you need to know the spending structure of the wallet you design at this step, so it’s a good idea to write this down (eg, in this example, I’m showing you 3 of 5).
2 of 3 is a common choice. I generally recommend 3 of 5, which allows more flexibility with inheritance planning.
Danger! Danger! Read Carefully
It’s very important to understand multisignature keys. I’ve said this before, but I’ll repeat. Use this guide to understand. You can continue for now to learn how to make the wallet, but I advise taking a detour, as this background knowledge is vital, and makes the rest of the guide easier to understand.
TL;DR: In a 3 of 5 wallet, having 3 seeds is not enough to spend. You need 5 public keys as well. Public keys should be saved, but they do not need to be kept as secure as private keys or seeds, as all anyone can do with them is potentially see your balance and addresses, but not spend your coins. Also note, each mnemonic seed phrase creates an extended public AND private key. If you have a seed phrase, you technically have both extended private and public keys FOR THAT SEED. If you have 4 seeds, and lost the 5th, and have no copy of the 5th extended public key somewhere, you have lost your bitcoin. Beware. If you don’t understand this, read again carefully, or study this guide to learn more.
Next, for cosigner #1, choose that you have a seed:
Side note: I never recommend you create a new seed using Electrum, because the software uses it’s own protocol, instead of the interoperable industry standard of BIP 39.
Type or paste in your 12 words. But the seed phrase won’t work unless you click “options” and select “BIP39” as well.
You theoretically could have created a passphrase (“thirteenth word”) as well but I’m leaving this out in this guide so we can focus.
In the next window, you can choose your address type. I recommend you always leave the default Native Segwit. You can also modify the derivation path, but don’t.
After you proceed, the next pop up will be a Master Public Key. Note, that it is identical to the one you’ve written down. If it’s not, you’ve done something wrong.
Be aware that for all cosigners after the first, Electrum (for an unknown reason), does not automatically display the extended public key for you. We will be able to examine what they are (within Electrum) at the end. It’s important to do that to check they are identical to the ones displayed on the Ian Coleman BIP39 site. After the wallet is setup, from the menu at the top, select wallet –> information –> keystore. Then each of the extended public keys can be inspected.
Repeat the steps for cosigners 2 to 5 – be aware you need to select that you are entering a “SEED” not a “KEY”:
After the final cosigner is entered in, you’ll get a popup to set a password. This is only for securing the wallet file that exists on the computer – it is not a passphrase. It does not contribute to the uniqueness of your wallet nor the addresses/keys it contains.
The wallet is now created. I recommend you go to the view menu and select “show addresses” and then “show coins”. I also recommend you go to tools–>preferences and change the base unit from mBTC to BTC.
You can then click the “addresses” tab to see your multisignature addresses. Right-click the first receiving address (green) and copy it. Then paste it to your document. Then do the same for your first change address (near the bottom in yellow):
Next, click on the “wallet” menu and select “information”
Inspect the public key for each cosigner and compare them to what you have already recorded down (extracted from Ian Coleman) in the computer file. You can use these public keys to generate the same wallet later on.
Also, note down the BIP32 root fingerprint for each key (it’s displayed right down the bottom). It may come in useful when restoring your wallet with other software wallets.
Review
Great job if you’ve come this far. Hopefully, you have a better understanding now of how multisignature wallets and keys work.
You also know how to create them and check the public keys independently to a hardware wallet.
You’ve added seed phrases to Electrum and created a multisignature wallet on a single computer (we’ll improve on this).
You have a set of addresses and noted some down (we still have to check that Electrum produced them honestly).
Next, you need to learn how to create multisignature watching wallets, with only one of the seeds included per wallet. This allows you to split the private key information across multiple computers, distributing the spending conditions.
After that, I’ll show you how to check if the addresses of the wallet you created genuinely belong to the seed you created.
To start with, learn to create a watching wallet with only extended public keys…
Multisignature Watching Wallets
In terms of security, there’s not much point in making a multisignature wallet with a full set of private keys on one computer – it’s just as insecure, and more cumbersome, as a single-signature wallet.
Entering ALL extended public keys will create a “watching only” wallet that you cannot spend from.
For learning purposes, do this now, as follows:
Go to file –> new, and select New/Restore:
Go through the same steps as before.
- Name the wallet
- Select Multisignature
- Adjust the m of n spending conditions to 3 of 5
Now, for each co-signer, instead of selecting “I already have a seed”, select “Use a master key” (this allows you to enter an extended public or private key instead of a seed):
Now paste in the extended public key you saved in your document:
Continue with the same procedure for each co-signer.
Once your wallet is created, go to the address tab and confirm the addresses are the same as your original wallet. If they are not, you have done something wrong.
Now that you know how to create a wallet with 5 seed phrases, and the same wallet with 5 extended public keys, now I want you to create one with a combination of both seeds and public keys – this is when we start tapping into the power of multisignature wallets.
Multisignature Watching Wallets with Private keys:
Create a new wallet (file–> New/Restore)
For cosigner #1, enter a SEED. For cosigners 2 to 5, enter the corresponding extended public key (saved in your document).
Check the wallet addresses match the previous wallets you created.
Make a second wallet, but this time, enter the SEED for cosigner 2, and the extended public keys for cosigners 1, 3, 4 & 5.
Keep going until you have 5 wallets, each with a different cosigner SEED.
What’s the point?
Imagine, for example, you have 5 computers in 5 different countries. Each computer created a seed phrase, and collected 4 extended public keys from the other computers. Each will create the same wallet (collection of addresses), but each will have a unique combination of public keys and seed phrases held by the wallet. None of the computers can spend any bitcoin alone, as they can only produce one signature. You need 3 signatures to be able to spend.
In the exercise above, you created the wallets that could potentially be stored in each of those five computers.
An attack would need to access 3 of those 5 computers in order to spend any bitcoin contained within.
How do we spend though? By generating and sharing partially signed Bitcoin transactions (PSBTs). A transaction is first created on one computer and signed (using the private key from the seed within). Only one signature is added at this point. The transaction (containing that signature) is then saved to a file and passed to another computer. That computer opens the transaction and adds its signature, and saves the file. The transaction now has two signatures from two different computers. It then sends the file to a third computer. That one adds its signature and the transaction now has the minimum number of signatures to make it a valid transaction (3 of 5). It can now be broadcasted (spent). There were two redundant computers.
To learn the mechanics of how to use PSBTs with Electrum, you can see this guide.
Checking the addresses are genuine
The seed phrase you created in this guide relied on Ian Coleman, so it can’t actually be trusted completely. Any seed phrase created by a hardware wallet also requires you to trust it is behaving honestly. The best way to make sure you have an honest seed phrase is to make one yourself from scratch. It’s possible to do, and at some point, you may wish to take this detour.
Imagine you have a seed phrase that you know is secure and genuine.
If that’s the case, are the extended public keys you recorded down equally as reliable? The answer is no. We trusted Ian Coleman’s site that the calculations from the seed phrases to the extended public keys were honest. But later, we derived the same extended public keys from the corresponding seed phrases using Electrum. So two different sources gave us the same information, which drastically reduced the trust required.
But what about the addresses? We haven’t actually checked that they are produced honestly. We only have one source of information, Electrum. Ian Coleman’s site only produces 1-of-1 multisignature addresses (you can see them at the bottom of his page), which are not useful to us, as we have a 3-of-5 multisignature wallet.
In order to check that we have genuine addresses, we need to enter the 5 extended public keys into some wallet software other than Electrum and see that the addresses are matching. You don’t need to do this on a super secure air-gapped computer, even for your real funds, because we are only entering public keys, no seeds. I will show you how to do this with Sparrow Bitcoin Wallet. Here is a guide on installing that software, but below, I will assume you have it. Following this, I will show you how to do it with Specter Desktop Wallet.
Sparrow Bitcoin Wallet
Create a new wallet and adjust the parameters as you see below (select Multi Signature, 3 of 5 cosigners, and Native Segwit P2WSH):
Then select xPub/Watch Only Wallet:
In the next screen, type/paste in the derivation path, the extended public key, and enter the Master fingerprint as all zeros:
Notice that you can’t click “Apply” and proceed. That’s because you need to fill in all 5 cosigners first. Click the Keystore 2-5 tabs and repeat the process. When completed, you can click “Apply”.
Lock the wallet with a password if you wish, and disregard the pop-up suggesting you to back up the wallet.
On the left-hand side, click on “addresses”. They should match the ones you created with Electrum, and if they do, great success!
Specter Desktop
You can download Specter Desktop from here (not easy for everyone), or you can get it as part of a node software package like MyNode or RaspiBlitz.
Click on “Add new device” (not wallet!) on the left side of the screen:
Choose “other”:
Enter a name for your”device” and click “paste xpub”:
Repeat the steps for all 5 extended public keys:
Once you have all 5 entered, you can make a multisignature wallet with them by clicking “Add new wallet”:
Select Multisignature wallet, then select all 5 devices (by clicking each) to highlight and include in the wallet. Then click continue:
Name the wallet, select Segwit, and check the spending threshold is 3 of 5. Scroll to the bottom and click “create wallet”:
Click cancel to get rid of the backup prompt. We don’t need that for now.
You’ll see your first receiving address, but if you click addresses, you see a bigger list.
These will be your receiving addresses. Near the top, you’ll see a “Change Addresses” button – click that to check that they match the Electrum-generated change addresses as well.
Hardware Wallets:
Now let’s make the same dummy wallet using a hardware wallet. For this demo, you only need one hardware wallet. This will be a demo for a HWW connected with a USB cable. For an air-gapped device, the procedure is different, the details being dependent on the device you select.
Enter Cosigner 1’s seed into the hardware wallet.
Load up Electrum and generate a new wallet. Select “multisignature”, then adjust the spending threshold to 3 of 5.
In this pop-up, select “Use a hardware device”:
Make sure you connect your device first, and enter your PIN. If you have a passphrase, make sure you apply that too, but for this demo seed, there isn’t one. If you’re using a Ledger device, make sure you open the Bitcoin App within the device. For any HWW, you may need to check the screen of the device during this process as there could be confirmation prompts before you can proceed on the computer.
Your device should be detected, then proceed:
Fill in these details, but they should just be the defaults for our demo wallet:
The master key will be displayed.
For the next 4 cosigners, you can either paste in extended public keys (as you have learned before) or wipe the hardware wallet and enter each seed sequentially on the one device, before proceeding through the Electrum wizard. Or you can own 5 hardware wallets and put a different seed in each, it’s up to you.
Final Words
So there it is, finally, my guide on multisignature wallets. When you get good at it, and are confident with creating, securing, and spending sats, the time will come when you use it for your real funds. The advantages are many, including the additional flexibility of your inheritance strategy.
This guide is completely free, for the benefit of all. If you found it a useful document to secure your wealth, please consider supporting my work by donating.
If you are interested in collaborative custody with multisignature, you can hopefully now understand what’s happening under the hood. Products available are by Unchained Capital, Casa, and I have a service available as well (ParmanVault).
Video
This is a video of me showing most of the steps I’ve gone over in this guide.
Tips:
Static Lightning Address: dandysack84@walletofsatoshi.com
On-chain or Lightning