💜Casa vs. Alternatives
🔑System Design Principles
🚨Threat Overview
🔐Chosen Features
✅Chosen Key Schemes
❌Rejected Key Schemes
❌Rejected Features
🔧Remaining Attack Vectors
👨🚀Future Improvements
Multi-signature
An ordinary single-signature bitcoin key is a single point of failure. If you’re securing a large amount of funds, this represents an unacceptably large risk of theft and loss.
No key storage method is perfect. All users of cryptocurrency must assume that they might lose a key to accident or disaster, or that an attacker will attempt and possibly succeed in stealing a key. You might have a sturdy safe at home guarded by a security system, but what happens if your house burns down, or if a close relative that knows your security system decides to steal it?
You could keep backups to make single signature bitcoin keys more robust to loss. But every backup increases the risk of theft, since any one copy is enough to steal the funds held by those keys.
Multi-signature adds resiliency to the system because losing a single key to accident, disaster, or theft does not compromise your entire security. A disaster must wipe out multiple keys, or an attacker must compromise multiple keys, and all at the same time.
A 3-of-5 multi-signature (multisig) system is much harder to compromise than a 1-of-1 single key system. Multi-signature raises the cost of a successful attack by orders of magnitude, since the attacker must gain access to multiple private keys (in our case three), and not just one.
Copy link