Exposed multi-signature keys

In my last article I gave some insight into how real world multi-signature payments actually work, to counter some of the misconceptions and misunderstandings that make it into laundry list style comparisons between approaches. In this article I am going to elaborate further.

Why sort keys?

Multi-signature payments have always used sorted the public keys in each payment. As I explained in the previous article, this gives the property that external viewers of the payments are unable to tell which co-signer participated in a given payment. There is no way to tell which public key in any given payment belongs to any given co-signer, not from the ordering, or from any numerology performed on the public keys.


On a surface level, sorting the keys has the property that the P2SH address is deterministic. This means that for the same set of potential co-signers using the same agreed upon set of keys, the address remains the same.

User friendliness

In my opinion, the single biggest benefit and what I always assumed the reason for sorting the keys, is that you do not need to care about what order the co-signers are added when you create the wallet. There is no inherent meaning to the order of co-signers, because the sorting of public keys decouples the ordering of keys in payments from ordering of co-signers in the multi-signature account.

Sorting keys beyond P2SH

With it’s new bare multi-signature support, ElectrumSV retains the sorting of public keys. And when we add accumulator multi-signature support, we will very likely sort the keys used in those scripts as well, unless there is a very good reason not to.

  • We do not have to care about anyone having to know the order of co-signers in the overall multi-signature account they all share — that if they need to recreate the account they need to do so with participants in the same order.
  • The subjective problem that anyone cares about any given co-signer signing off on any given payment, stays a non-issue.

Final thoughts

Ignore laundry lists

Ignore laundry lists.
Ignore laundry lists.
Ignore laundry lists.
Ignore laundry lists.
Focus on the benefits of a given approach. They should be compelling and obvious enough that you can understand why and when you would use a given approach.

All existing wallet backup solutions are based on guessing

Guessing is the in-bred unreliable cousin of a good wallet backup solution.

Quality backup solutions make things simpler

If a wallet stores metadata, and aids the user in making sure that the backups are maintained and easily restored, then no-one needs to ever care again about many of the pointless things we currently have to as general foundations of the way things work.

ElectrumSV developer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store