Exposed multi-signature keys

In my last article I gave some insight into how real world multi-signature payments actually work, to counter some of the misconceptions and misunderstandings that make it into laundry list style comparisons between approaches. In this article I am going to elaborate further.

Why sort keys?

Multi-signature payments have always used sorted the public keys in each payment. As I explained in the previous article, this gives the property that external viewers of the payments are unable to tell which co-signer participated in a given payment. There is no way to tell which public key in any given payment belongs to any given co-signer, not from the ordering, or from any numerology performed on the public keys.


On a surface level, sorting the keys has the property that the P2SH address is deterministic. This means that for the same set of potential co-signers using the same agreed upon set of keys, the address remains the same.

It meets the imposed limitation that the Bitcoin Core ecosystem impose on themselves that payments are done by addresses. That the technologically arcane approach where people have to copy and paste around, or whatever, these hard to read pieces of text is a thing.

But it is only valuable for addressability if the order of multi-signature participants is not known.

User friendliness

In my opinion, the single biggest benefit and what I always assumed the reason for sorting the keys, is that you do not need to care about what order the co-signers are added when you create the wallet. There is no inherent meaning to the order of co-signers, because the sorting of public keys decouples the ordering of keys in payments from ordering of co-signers in the multi-signature account.

Sorting keys beyond P2SH

With it’s new bare multi-signature support, ElectrumSV retains the sorting of public keys. And when we add accumulator multi-signature support, we will very likely sort the keys used in those scripts as well, unless there is a very good reason not to.

This gives all three benefits:

  • If we do have to search for key usage by looking for the presence of potential payment scripts, we know the deterministic form of those scripts if they do exist. This is comparable to how we searched for “address usage” in the past, but a natural improvement over it.
  • We do not have to care about anyone having to know the order of co-signers in the overall multi-signature account they all share — that if they need to recreate the account they need to do so with participants in the same order.
  • The subjective problem that anyone cares about any given co-signer signing off on any given payment, stays a non-issue.

Final thoughts

Ignore laundry lists

Ignore laundry lists.
Ignore laundry lists.
Ignore laundry lists.
Ignore laundry lists.
Focus on the benefits of a given approach. They should be compelling and obvious enough that you can understand why and when you would use a given approach.

All existing wallet backup solutions are based on guessing

Guessing is the in-bred unreliable cousin of a good wallet backup solution.

Your seed words are an unbounded source of guess work. From them the blockchain needs to be searched for use of any possible keys that may be derived from the seed words. Any notion this works beyond very very simple payments is fantasy.

Your private keys are a somewhat bounded source of guess work. Exporting them as we move past the Genesis upgrade, has less and less meaning. Any notion this works beyond very very simple payments is fantasy.

Whether you put these in a file, or whether you write them down, it makes little difference. If you rely on the value of guess work as we move beyond very very simple payments, then you need to find a wallet that explicitly limits itself to things that are inherently guessable. This will limit how you can interact with the wonders of the wider Bitcoin SV ecosystem, and eventually you will only be able to interact with users of that wallet.

Quality backup solutions make things simpler

If a wallet stores metadata, and aids the user in making sure that the backups are maintained and easily restored, then no-one needs to ever care again about many of the pointless things we currently have to as general foundations of the way things work.

Not the ordering of co-signers. Not searching for key usage.

This leaves sorting as merely removing the externally visible property that who signed what payment is visible. And we will keep it for that even if simply because it is better for us to have one way things work, than several. So all compatible multi-signature approaches share the same key usage and signing logic, and will likely continue to.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store