This article will focus on the method of creating a multisignature wallet using the Sparrow Bitcoin Wallet. It is almost the same as a previous guide in which I demonstrated multisignature wallets using Electrum Desktop Wallet. There will be much overlap here.
I am not planning to discuss the pros and cons of multisignature wallets. The principles of multisignature wallet creation in this guide can be applied using other software wallets as well.
If you don’t know what you’re doing and read this only superficially, there is a chance you can lose funds. Be careful and make sure you understand everything. It is important to practice and become very comfortable before committing serious funds to the wallet. Practice with small amounts first.
I will be showing you the basics, without consideration for the safety of the seed phrases – we will be discarding the seeds anyway and they shall never hold money you don’t want to lose. This lets us focus on the mechanics of multisignature wallets, rather than being distracted with seed phrase safety. When the time comes that you want to apply this in a safe environment for your real funds, you will need multiple different hardware wallets or an air-gapped computer.
Even without these safer tools, if you understand multisignature wallets like an expert, then creating a wallet on multiple insecure devices is safer than a single signature wallet on one insecure device that you may be using now.
If you are not fairly advanced in understanding Bitcoin wallets, keys, and security, there is little point in embarking on learning multisignature wallets now. I recommend you take a step back and proceed through my ZeroTrust self-custody system, and work through it one level at a time. Doing things in a very wrong order will make your life harder for no reason.
To understand the benefit of a multisignature wallet compared to a single signature wallet with or without a passphrase, or splitting the seed with Shamir’s Secret Sharing, see this Twitter thread:
If you find that learning this on your own using the guide is too daunting, you may choose to learn with personal guidance from me; Here are details of my mentorship program.
Multisignature Keys
Before ever proceeding with a multisignature wallet for your real funds, I INSIST you understand multisignature public and private keys thoroughly – you should be familiar with this guide – it is essential. If you choose to ignore this advice, I won’t be held responsible for any bitcoin you lose.
The Environment
- Download and install Sparrow Bitcoin Wallet. Verifying the download and connecting to your own node is not necessary for this exercise, but feel free to do so.
- Have ready a spreadsheet or document editor on the same computer as Sparrow.
- Have a browser open and navigate to Ian Coleman’s BIP39 tool. Keep it open in the background.
Preparation – Make Dummy Mnemonic Seeds
This is for practicing only. I’ll show you how to make BIP39 mnemonic seeds quickly and easily so that you understand it, but note this is not the secure way to do it.
Go to Ian Coleman’s website that you opened earlier. Change the word number from 15 to 12. Click “generate” and copy the 12 words to the computer’s clipboard.
Eg:
Then go to your spreadsheet and paste in the 12 words. Give them a heading, e.g. “Co-signer #1”.
Then scroll down the BIP39 website, and click the BIP141 tab so you can access multisignature extended public keys.
Then manually edit the derivation path from “m/0” to what you see below – it must be exact including the apostrophes:
Also, change the “Script Semantics” to “P2WSH (1-of-1 multisig)” as you see above.
You will then see the BIP32 (Hierarchical Deterministic Wallets) extended private and public keys (just below “Script Semantics”) suitable for multisignature wallets.
Copy the extended PUBLIC key to your text document. (the extended private key is not required)
Review of the Document:
Your text document should contain the details seen below:
Now repeat the process for another four keys until you have 5 Cosigners in total.
Sidenote (on single signature wallets):
For the mnemonic words, I’ve shown you how to make multisignature public and private keys. For the same words, if you choose, you can make a totally different single-signature wallet (unrelated to the multisignature) using extended public and private keys, under the BIP84 tab (for Segwit addresses).
You will need the Account Extended Private Key, or to make a watching wallet, the Account Extended Public Key. It’s a little confusing because you’ll see both an account extended private key, and a BIP32 extended private key – you need the first one, account extended private key for your regular HD single signature wallet.
Constructing the multisignature wallet
Load Sparrow. You will see a mini intro when you load it for the first time. Pay attention because there are images of buttons in the intro, they are not actual clickable buttons. Just read the text and click “Next” – repeat two more times, and you’ll see an option to work offline. You can do that, or configure a node connection if you want. Working offline is easiest and fine for our purposes here.
Then go to the menu bar at the top and create a new wallet:
The following window will appear. Create a different name if you wish, and click “Next”. Name the wallet whatever you want in the next pop-up window, and then you’ll see this:
At the top, change “Single Signature” to “Multi Signature”, then on the right, there is a slider – use that to adjust the “m of n” (signing key threshold and number of keys in total). Leave the Script type as Native Segwit (bc1q addresses), and leave the Script Policy field alone as well.
Note that to regenerate your wallet, you need to know the spending structure of the wallet you design at this step, so it’s a good idea to write this down (eg, in this example, I’m showing you 3 of 5).
2 of 3 is a common choice. I generally recommend 3 of 5, which allows more flexibility with inheritance planning.
You see there are 5 tabs called “Keystore” 1 to 5, which we can change if we move the slider around. Notice they are covered in a red haze. This indicates that you need to fill all of them out before you can proceed with the “Apply” button.
Intuitively, I was expecting to complete Keystore 1, and then click “Apply” to go to the next Keystore (probably because I’m used to Electrum which does it this way), which caused me to get stuck for a while.
For each co-signer, you have 4 options:
- Connect a hardware wallet (I won’t be demonstrating that here)
- Use an extended public key from a hardware wallet via a text file transported air-gapped from the device (I won’t be demonstrating that here)
- New or imported software wallet – I’m going to show you this, not because this is the correct/safe way, but to aid understanding.
- Watch Only wallet – I’ll show you this later in the guide.
Danger! Danger! Read Carefully
It’s very important to understand multisignature keys. I’ve said this before, but I’ll repeat. Use this guide to understand. You can continue for now to learn how to make the wallet, but I advise taking a detour, as this background knowledge is vital, and makes the rest of the guide easier to understand.
TL;DR: In a 3 of 5 wallet, having 3 seeds is not enough to spend. You need 5 public keys as well. Public keys should be saved, but they do not need to be kept as secure as private keys or seeds, as all anyone can do with them is potentially see your balance and addresses, but not spend your coins. Also note, each mnemonic seed phrase creates an extended public AND private key. If you have a seed phrase, you technically have both extended private and public keys FOR THAT SEED. If you have 4 seeds, and lost the 5th, and have no copy of the 5th extended public key somewhere, you have lost your bitcoin. Beware. If you don’t understand this, read again carefully, or study this guide to learn more.
Next, for cosigner #1 (Keystore 1), choose “New or Imported software wallet”:
Then click the down arrow next to “Use 24 Words” and change it to 12 words:
Then type in your 12 words, and leave the passphrase blank. You theoretically can create a passphrase (“thirteenth word”) as well but I’m leaving this out in this guide so we can focus. If you typed all the words accurately, the checksum should be valid, and the “Create Keystore” button comes alive. Click it.
Sparrow knows you want a multisignature wallet so it has auto-populated the derivation path correctly as shown below:
Click “Import Keystore”
You will be taken back to the 5 Keystore tabs.
You can see the extended public key data is filled in (in xpub format), and so is the master fingerprint and the derivation path. We want to check this against the extended public key saved from the Ian Coleman page. That key is in Zpub format. To convert to the correct format from Sparrow (to Zpub), click the horizontal arrows beside the xpub:
Now you should compare to the Zpub you have written down – it needs to be identical.
Note the “Apply” button is greyed out. You need to click the tabs of each of the other Keystores (2 to 5), and repeat what I just showed you, using a unique seed phrase for each Keystore.
Once you have done that, the Apply button will come alive and you can click it to generate the wallet.
You’ll get a prompt to enter a PASSWORD. This is not a passphrase, it simply locks the wallet file on your computer.
You are then given a popup of the public keys. You can save this file, but there is more than one way to keep a copy of your public keys. Dismiss this window if you wish.
The wallet is now created.
You can now click the “addresses” tab on the left to see your multisignature addresses, both the list of receiving and change addresses.
Right-click the first receiving address and copy it. Then paste it into your document. Then do the same for your first change address.
Make sure to inspect the public key for each cosigner (settings tab) and compare them to what you have already recorded (extracted from Ian Coleman) in the computer file. You can use these public keys to generate the same wallet later on.
Also, note down the master fingerprint for each key. It may come in useful when restoring your wallet with other software wallets.
Review
Great job if you’ve come this far. Hopefully, you have a better understanding now of how multisignature wallets and keys work.
You also know how to create them and check the public keys independently to a hardware wallet.
You’ve added seed phrases to Sparrow and created a multisignature wallet on a single computer (we’ll improve on this).
You have a set of addresses and noted some down (we still have to check that Sparrow produced them honestly).
Next, you need to learn how to create multisignature watching wallets, with only one of the seeds included per wallet. This allows you to split the private key information across multiple computers, distributing the spending conditions.
After that, I’ll show you how to check if the addresses of the wallet you created genuinely belong to the seed you created.
To start with, learn to create a watching wallet with only extended public keys…
Multisignature Watching Wallets
In terms of security, there’s not much point in making a multisignature wallet with a full set of private keys on one computer – it’s just as insecure, and more cumbersome, as a single-signature wallet.
Entering ALL extended public keys will create a “watching only” wallet that you cannot spend from.
For learning purposes, do this now, as follows:
Go to the file menu and select New Wallet:
Go through the same steps as before.
- Name the wallet
- Select Multisignature
- Adjust the “m of n” spending conditions to 3 of 5
Now, for each co-signer, instead of selecting “New or Imported Software Wallet”, select “xPub / Watch Only Wallet” (this allows you to enter an extended public key instead of a seed):
In the next screen, type/paste in the derivation path, the extended public key, and enter the Master fingerprint as all zeros:
Master fingerprint – although entering all zeros will generate the correct wallet, you may not be able to connect a hardware wallet and have it function properly – the HWW expects the correct master fingerprint. You can come back and add it anytime, or add it now (you wrote it down earlier when entering the seed, and Sparrow provided it).
Click the Keystore 2-5 tabs and repeat the process. When completed, you can click “Apply”.
On the left-hand side, click on “addresses”. They should match the ones you created earlier with seed phrases.
Now that you know how to create a wallet with 5 seed phrases, and the same wallet with 5 extended public keys, now I want you to create one with a combination of both seeds and public keys – this is when we start tapping into the power of multisignature wallets.
Multisignature Watching Wallets with Private keys:
Create a new wallet
For cosigner #1, enter a SEED. For cosigners 2 to 5, enter the corresponding extended public key (saved in your document).
Check the wallet addresses match the previous wallets you created.
Make a second wallet, but this time, enter the SEED for cosigner 2, and the extended public keys for cosigners 1, 3, 4 & 5.
Keep going until you have 5 wallets, each with a different cosigner SEED.
What’s the point?
Imagine, for example, you have 5 computers in 5 different countries. Each computer created a seed phrase and collected 4 extended public keys from the other computers. Each will create the same wallet (collection of addresses), but each will have a unique combination of public keys and seed phrases held by the wallet. None of the computers can spend any bitcoin alone, as they can only produce one signature. You need 3 signatures to be able to spend.
In the exercise above, you created the wallets that could potentially be stored in each of those five computers.
An attack would need to access 3 of those 5 computers in order to spend any bitcoin contained within.
How do we spend though? By generating and sharing partially signed Bitcoin transactions (PSBTs). A transaction is first created on one computer and signed (using the private key from the seed within). Only one signature is added at this point. The transaction (containing that signature) is then saved to a file and passed to another computer. That computer opens the transaction and adds its signature, and saves the file. The transaction now has two signatures from two different computers. It then sends the file to a third computer. That one adds its signature and the transaction now has the minimum number of signatures to make it a valid transaction (3 of 5). It can now be broadcasted (spent). There were two redundant computers.
To learn the mechanics of how to use PSBTs, you can see this guide (but note the wallet used is Electrum, not Sparrow)
The seed phrase you created in this guide relied on Ian Coleman, so it can’t actually be trusted completely. Any seed phrase created by a hardware wallet also requires you to trust it is behaving honestly. The best way to make sure you have an honest seed phrase is to make one yourself from scratch. It’s possible to do, and at some point, you may wish to take this detour.
Imagine you have a seed phrase that you know is secure and genuine.
If that’s the case, are the extended public keys you recorded down equally as reliable? The answer is no. We trusted Ian Coleman’s site that the calculations from the seed phrases to the extended public keys were honest. But later, we derived the same extended public keys from the corresponding seed phrases using Sparrow. So two different sources gave us the same information, which drastically reduced the trust required.
But what about the addresses? We haven’t actually checked that they are produced honestly. We only have one source of information, Sparrow. Ian Coleman’s site only produces 1-of-1 multisignature addresses (you can see them at the bottom of his page), which are not useful to us, as we have a 3-of-5 multisignature wallet.
In order to check that we have genuine addresses, we need to enter the 5 extended public keys into some wallet software other than Sparrow and see that the addresses are matching. You don’t need to do this on a super secure air-gapped computer, even for your real funds, because we are only entering public keys, no seeds. I will show you how to do this with Specter Desktop Wallet.
Specter Desktop
You can download Specter Desktop from here (not easy for everyone), or you can get it as part of a node software package like MyNode or RaspiBlitz.
Click on “Add new device” (not wallet!) on the left side of the screen:
Choose “other”:
Enter a name for your”device” and click “paste xpub”:
Repeat the steps for all 5 extended public keys:
Once you have all 5 entered, you can make a multisignature wallet with them by clicking “Add new wallet”:
Select Multisignature wallet, then select all 5 devices (by clicking each) to highlight and include in the wallet. Then click continue:
Name the wallet, select Segwit, and check the spending threshold is 3 of 5. Scroll to the bottom and click “create wallet”:
Click cancel to get rid of the backup prompt. We don’t need that for now.
You’ll see your first receiving address, but if you click addresses, you see a bigger list.
These will be your receiving addresses. Near the top, you’ll see a “Change Addresses” button – click that to check that they match the Sparrow-generated change addresses as well.
Hardware Wallets:
Now let’s make the same dummy wallet using a hardware wallet. For this demo, you only need one hardware wallet. This will be a demo for a HWW connected with a USB cable. For an air-gapped device, the procedure is different, the details being dependent on the device you select.
Enter Cosigner 1’s seed into the hardware wallet.
Load up Sparrow and generate a new wallet. Select “multisignature”, then adjust the spending threshold to 3 of 5. Leave the address type as Segwit.
Make sure you connect your device and enter your PIN. If you have a passphrase, make sure you apply that too, but for this demo seed, there isn’t one. If you’re using a Ledger device, make sure you open the Bitcoin App within the device. For any HWW, you may need to check the screen of the device during this process as there could be confirmation prompts before you can proceed on the computer.
Then click “Connected Hardware Wallet”
Click Scan…
Click Import Keystore
Now you can see the first tab is filled out. You can see the Zpub or xpub if you click the toggle button on the right (horizontal arrows).
For the next 4 cosigners, you can either paste in extended public keys (as you have learned before) or wipe the hardware wallet and enter each seed sequentially on the same device, before proceeding through the Sparrow Keystore tabs. Or you can own 5 hardware wallets and put a different seed in each, it’s up to you.
It’s also possible (you’ll be making a different wallet), to have one seed in the HWW, and change the passphrase for each cosigner.
Once you fill out all the tabs, click “Apply” and you’ll have your wallet. This will be a “Watching Wallet”, even if you used a HWW for each cosigner, as the computer does not have access to the seeds- they remain safely offline (on paper or in the HWW).
Final Words
So there it is, finally, my guide on multisignature wallets. When you get good at it, and are confident with creating, securing, and spending sats, the time will come when you use it for your real funds. The advantages are many, including the additional flexibility of your inheritance strategy.
This guide is completely free, for the benefit of all. If you found it a useful document to secure your wealth, please consider supporting my work by donating.
If you are interested in collaborative custody with multisignature, you can hopefully now understand what’s happening under the hood. Products available are by Unchained Capital, Casa, and I have a service available as well (ParmanVault).
Tips:
Static Lightning Address: dandysack84@walletofsatoshi.com
On-chain or Lightning