Exposed multi-signature keys

Why sort keys?

Multi-signature payments have always used sorted the public keys in each payment. As I explained in the previous article, this gives the property that external viewers of the payments are unable to tell which co-signer participated in a given payment. There is no way to tell which public key in any given payment belongs to any given co-signer, not from the ordering, or from any numerology performed on the public keys.


On a surface level, sorting the keys has the property that the P2SH address is deterministic. This means that for the same set of potential co-signers using the same agreed upon set of keys, the address remains the same.

User friendliness

In my opinion, the single biggest benefit and what I always assumed the reason for sorting the keys, is that you do not need to care about what order the co-signers are added when you create the wallet. There is no inherent meaning to the order of co-signers, because the sorting of public keys decouples the ordering of keys in payments from ordering of co-signers in the multi-signature account.

Sorting keys beyond P2SH

With it’s new bare multi-signature support, ElectrumSV retains the sorting of public keys. And when we add accumulator multi-signature support, we will very likely sort the keys used in those scripts as well, unless there is a very good reason not to.

  • If we do have to search for key usage by looking for the presence of potential payment scripts, we know the deterministic form of those scripts if they do exist. This is comparable to how we searched for “address usage” in the past, but a natural improvement over it.
  • We do not have to care about anyone having to know the order of co-signers in the overall multi-signature account they all share — that if they need to recreate the account they need to do so with participants in the same order.
  • The subjective problem that anyone cares about any given co-signer signing off on any given payment, stays a non-issue.

Final thoughts

Ignore laundry lists

Ignore laundry lists.
Ignore laundry lists.
Ignore laundry lists.
Ignore laundry lists.
Focus on the benefits of a given approach. They should be compelling and obvious enough that you can understand why and when you would use a given approach.

All existing wallet backup solutions are based on guessing

Guessing is the in-bred unreliable cousin of a good wallet backup solution.

Quality backup solutions make things simpler

If a wallet stores metadata, and aids the user in making sure that the backups are maintained and easily restored, then no-one needs to ever care again about many of the pointless things we currently have to as general foundations of the way things work.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store