3.1 Overview of Multi-signature Wallets
Multi-signature (multisig) wallets are cryptocurrency wallets that require the approval of multiple private keys to execute transactions. By distributing the control of assets among multiple parties, multisig wallets reduce the risk of unauthorized access or a single point of failure.
Multisig wallets function by creating a unique wallet address that requires signatures from multiple private keys to authorize transactions. A multisig wallet address is generated with a defined number of private keys (e.g., 5) and a required number of signatures (e.g., 3), creating a "3-of-5" multisig wallet. In this example, one of the 5 keys is able to initiate a transaction and the transaction will be processed once 3 out of the 5 private keys sign the transaction.
Multisig wallets reduce the risk of unauthorized access and single points of failure by requiring multiple approvals for transactions.
Though, these types of wallets are not without their limitations and suffer from a number of notable deficiencies. Since multisig wallets record signatures from each participating key there is an increase in processing costs for transactions and thus the gas-related costs of transacting with a multisig is substantially higher than traditional EOA wallets. Similarly, there are considerable transaction costs associated with creating a multisig wallet (often hundreds of dollars).
Outside of the high cost to transact, multisig wallets are protocol-specific meaning that each protocol requires a unique implementation of the multi-sig code. This effectively limits multisigs to operating on a single blockchain and can lead to a number of security issues such as the Parity Wallet vulnerabilities discovered in 2017 where more than $30m was stolen on account of a poor multisig implementation and more than $300m of Ethereum was frozen. Other multisig implementations have suffered from vulnerabilities across a number of blockchains from Solana to Bitcoin to Algorand.
Additionally, multisig wallets are incompatible with many dApps thus limiting the scope of applications that organizations using a multisig can natively interact with.