
Multisig Vault - blazamos
https://www.coinbase.com/multisig
======
vijayboyapati
The most powerful part of multi-sig is not that you can have arbitrarily many
M of N, but that you can outsource complex policy in a trusted way. E.g.,
create policy that lower level employees can control a small percentage of a
company's holdings, while higher level employees can control a higher percent.
It allows you to implement flexibility that exists in the credit system,
without giving up the trust/control that comes from the blockchain system.
This is a very valuable upgrade to Coinbase's feature set. Great work guys!

~~~
IkmoIkmo
Yeah it's pretty cool. At some point we'll see more enterprise software to
take on some of the responsibilities to manage bitcoin funds like that. I
think one or two such companies have already been VC funded.

The idea is that you can say create a fund with say 3 keys. One is given to
the middle-manager, one is given to a senior manager, and one is given to a
computer. The middle manager can go on and use up to 80% of the budget. He
simply creates a transaction, signs it with his key, then sends it off. The
computer sees it, and then does various fraud-type checks. It checks if the
receiving address is a whitelisted partner address (e.g. a supplier) and if
the amount falls within reason given payment history for example, and if the
transaction doesn't use up more than 80% of the budget. It then co-signs it
and the bitcoin is released.

For anything more, the computer simply won't sign it according to its
programming. So the middle manager must go to the senior one to request
permission to release earmarked funds.

It's just a simple example but you could move lots of the finance to a
completely digital system, do immediate software-based accounting and program
governance rules into the software, and spit out periodic transparency
reports. Will be interesting to see when something like this gets integrated
into existing ERP packages someday.

~~~
andrewljohnson
I don't get why you need BitCoin/multisig for this. As long as you are "giving
a key" to a computer, this is no different than programming a computer to
oversee the middle-manager's spending from a bank account.

I get that multi-sig and bitcoin can be good, but as long as you already have
the decision-making and power setup of a corporation, this is a marginal
benefit. I would see this technology being more useful for trust-type
situations where you might want to give a lawyer, a beneficiary, and a
guardian a key. Or any sort of situation where power is actually split between
multiple entities - seems like the boss still has all the power in the
situation described.

------
sillysaurus3
_Keys are created and encrypted in the browser_

Key hijack in 5... 4... 3...

Browser crypto isn't secure. One way to offset the risk is to use a browser
plugin to perform the crypto operations, and even that isn't really a security
guarantee.

When you combine an incentive to break crypto (money) with a straightforward
route to breaking it (browser crypto), you get a pretty dangerous situation.

~~~
drcode
Though I agree with you this leads to risky security issues, the mere fact
that a major Bitcoin exchange is allowing users to hold their own private keys
really puts a smile on my face today.

It is completely unheard of in the financial industry (and usually technically
impossible before cryptocurrencies) to have a bank give away their "middle
man" access of people's money and empowering their customers with complete
control over their finances.

~~~
jerguismi
Which makes me wonder... The keys are generated in-browser. What if the users
computer is compromised, and a malware succeeds in capturing the keys + bip38
passphrase? I don't know if this product will be pain in the ass for coinbase,
if the user funds start disappearing from these multisig addresses.

All the best luck for this product, though.

~~~
adrianmacneil
If the computer is infected, then yes it would be possible to steal both the
private keys, and the passphrase. To avoid this attack scenario, we're
investing pretty heavily in technologies such as CSP.

However, this can be mitigated with our group multisig vault, where separate
users create their own keys. For malware to steal these, it would require
infecting multiple computers.

~~~
icebraining
Seems like the next step would be to allow the users to store their copies on
a smart card instead of a PC.

~~~
wcoenen
Like the Trezor[1] hardware wallet.

[1] [http://www.bitcointrezor.com](http://www.bitcointrezor.com)

~~~
icebraining
Yes, but maintaining the encrypted copy on Coinbase's servers, to ensure that
losing the card doesn't mean losing the wallet.

------
peter_l_downs

        > COINBASE KEY: The only key that Coinbase stores.
        > SHARED KEY: Encrypted with your password and stored
        >             both by you and Coinbase.
    

Are these the same key, or is there an inconsistency with the language here?
How many keys does Coinbase store?

~~~
coinbase-craig
Coinbase stores one private key that we can access, and one private key that
is encrypted with the user's vault password on the front-end and sent to us
encrypted for storage. The third key is the user's and we never see that.

We have no ability to access multisig vault funds without the user passphrase,
which never touches our server.

~~~
STRML
Is there a way to sign a transaction offline but still run it through
Coinbase? When it comes to decrypting private keys in the browser, unless the
user inspects the javascript each and every time they use the site, there is
no guarantee that it hasn't been silently replaced by code that steals keys.

~~~
coinbase-craig
Yes, you can sign a transaction offline using our multisig vault recovery
tool, which is open source:

[https://github.com/coinbase/multisig-
tool](https://github.com/coinbase/multisig-tool)

You can use it to generate a transaction payload which can be broadcast from a
client of your choice, including Toshi, our open source bitcoin node:

[https://toshi.io/docs/#relay-transaction](https://toshi.io/docs/#relay-
transaction)

~~~
STRML
Excellent! Thank you for putting forth the extra effort and thinking this
through. Many comparable online solutions in the Bitcoin space do not offer
similar offline tools, making them a non-starter for business use.

------
adrianmacneil
TL;DR: Store your bitcoin on Coinbase, without giving up control of your
private keys.

------
wslh
_coinbase-graig_ : is it possible with your current API to connect a third
party service outside Coinbase to sign the transaction? say I want to do a
retinal scan before the transaction is approved.

~~~
barmstrong
Yes, see
[https://www.coinbase.com/docs/api/multisig](https://www.coinbase.com/docs/api/multisig)

Good question!

------
yason
I wouldn't trust any third party to keep my bitcoins except for the money in
transit. I have my local client and local wallet, and that's where I do my
transactions from.

~~~
exo762
The whole point in multi-signature scheme is to remove need to trust Coinbase.

Your local client and local wallet are fine, until your keys are stolen by
malware. Multisig scheme also attempts to fix that flaw.

EDIT: multisig scheme with user's key on Trezor. This way you are also
protected fully from viruses stealing your local key.

------
ukd1
Does this mean we'll be able to see balance on the blockchain in one place?

~~~
jerguismi
At the same time they use deterministic hierarchical keys. Means that you get
series of different keys. I guess you can use only a single key, or number of
different ones if you want to.

------
jastanton
Sorry if this is off topic. But I wonder how many websites like these the US
government creates in an attempt to control their environment. Maybe I'm
paranoid but what if (as an example) companies like Popcorn Time were shutdown
and replaced with a government version? All the more reason open source is
important.

