BitPay is pleased to announce Copay, an open source, multi-signature wallet. Copay was born out of our own need to securely store Bitcoins and we felt it needed to be shared. We believe that multi-signature technology will play an important role in helping people secure their bitcoins against loss or theft. We also believe it is essential for wallet technology to be open source and peer reviewed.
Multi-Signature is a hot topic these days in the bitcoin world. There are several wallet services (Xapo, BitGo, Cryptocorp and others) that are beginning to employ true, on block chain, multi-signature technology. The community is also beginning to stress the importance of having true possession of bitcoins rather than trusting the storage of your bitcoins to a third party (need we remind people of mtgox?). The challenge is making it both easy and safe to maintain possession of your bitcoins in a true wallet and we believe multi-signature provides an important leap in that direction.
Accounts vs Wallets
The bitcoin community chose to use the term "wallet" for an important reason...just like in a real world wallet, you are in possession of your money and it's your responsibility to protect that wallet against theft. By contrast, an "account" based service stores bitcoins for you. You do not own bitcoins with such a service, you are simply engaged in a contract with such a service for the on demand delivery of bitcoins. Some people call these services "Bitcoin Banks", but those services loathe the word "bank" out of the fear that it might invite more intense regulatory scrutiny. While it's understandable they might fear being labeled a "bank", they should not call themselves "wallets" either ...because they aren't. It confuses new users and impairs consumer education. The good news is (or so we think) that you can have your cake and eat it too. There is no need for a "bitcoin bank" per-se.
Correct implementations of Bitcoin multi-signature technology require multiple signatures on a bitcoin transaction. Bitcoin miners will reject a multi-signature transaction if it does not have the required number of signatures. Each party can independently sign a transaction on a different physical device without the private keys ever needing to be co-resident on any single device. Those private keys don't even need to be under the control of a single person. This is very important from a security perspective because a thief would need to compromise not just one machine, but 2 or more. This dramatically mitigates the risk of theft. This concept is so powerful that we believe it will virtually eliminate the problem of bitcoin theft. It is important to educate yourself and use services that offer true bitcoin multi-signature wallets.
Multi-Signature Technology gets really interesting when you consider the legal implications. If a transaction requires 3 or 4 peoples' signatures, then who possesses those bitcoins? Furthermore, each individual may reside in different countries and be subject to completely different regulatory and legal frameworks. This is a great demonstration of why Bitcoin is such a unique and important invention (and this only barely scratches the surface of what's possible). It's also a good illustration of why it may be premature to try and craft new regulations around bitcoin at this early stage. It would be like trying to regulate the use of automobiles when the internal combustion engine was first invented.
At BitPay, we've been working on a multi-signature wallet to help us manage our company funds and we decided that we should make it available to everyone to use and (we hope) build upon. Copay is built on top of bitcore (a highly successful open source bitcoin stack). It also uses Insight, an open source block chain explorer and API. Copay requires the use of a trusted Insight node for querying the block chain. In the interests of promoting decentralization, we've tried to make it as easy as possible to run your own Insight server and encourage people to do so.
With Copay, a small company can for example manage their bitcoin holdings by requiring 3 of 5 officers to sign transactions that spend funds. A household can use a 2 of 3 wallet to manage family funds (with one signer on a device tucked away in a secure, offline location in case someone accidentally loses their online wallet). A parent can use a 2 of 3 wallet with their child to moderate the child's spending habits and ensure they don't accidentally lose bitcoins to a virus. There are many more possibilities.
Copay works by establishing peer to peer connections (using WebRTC) with each participant. Each particpant generates their own master key on their own device (using BIP 32 HD wallets) and shares the public portion of that key with the other wallet participants. Using a key derivation protocol, each participant can independently derive new receiving addresses. When it comes time to spend, a transaction proposal is created and distributed to the other participants over a peer to peer connection for signing. When enough signatures are added to the transaction, it is broadcast and confirmed by the bitcoin network.
The following 3 minute animation shows copay in action:
It needs to be stressed that Copay is beta quality code at this point. It is also a bit of a power users' tool (though we have plans to simplify the user interface and make it easily used by novices). With that said, follow the link below to get started.
With bitcore, insight and Copay, we're building an easy to use open source technology stack that promotes decentralization. There are a number of bitcoin companies already building on these platforms and we will continue innovating on them ourselves. If you're interested in using these tools, join the GitHub projects and let us know about it. We're eager to assist in any way we can.