At Trezor, we believe in a future built through open source collaboration. Bitcoin is one of the greatest successes of open source and, staying faithful to that vision, we are pleased to support the launch of the latest project from Unchained Capital, where Trezor hardware wallets help secure their Multisignature Vault in a way that has never been done before. By using Trezor’s on-device confirmation feature, multisig addresses can be checked without relying on what you see in your browser.

This collaboration was made possible because Trezor uses an open-source architecture that anyone can build upon. Following from a discussion on our GitHub page last December, Unchained Capital were quick to start development on their latest feature, which enables multiple Trezor devices to be used to secure their multisignature vault, and to confirm the addresses involved in the transaction. The vault itself was released in March 2019 with Trezor support, but multisignature address confirmations previously relied more on trusting a web browser.

Like anything precious, Bitcoin is a target of theft and fraud. While assets like gold and art can be secured by physical barriers, digital assets are within reach of anyone in the world. To keep them safe, we have to approach security as a puzzle made up of different protections from lots of potential attacks. Bitcoin has already proven itself to be fundamentally secure, but the ways we use it can introduce new weak points to exploit.

A multisignature vault is a collection of protective measures that counter an array of potential attacks and introduce loss-prevention safeguards, all in one product. For smaller satoshi amounts, you may be comfortable keeping your money on a web wallet, but for larger sums you should use a hardware wallet and a backup of your recovery seed. Multisignature adds another layer of protection, making accessing your funds require confirmation on more than one hardware wallet. In doing so, you mitigate the chances of being targeted by social engineering or malware, or of losing your device and backup.

Unchained Capital’s latest feature uses Trezor’s on-device confirmation to ensure full control and certainty when signing a multisignature transaction and before depositing into a multisignature address that you control. While they have offered multisignature accounts for several years, confirming ownership of an address in the browser relied on trusting that multiple tools were providing you with good information. Using any type of web-based confirmation is less effective than confirming on a cold storage device like a Trezor when dealing with digital assets, as malware can falsify the address you think your funds are being sent to, while actually sending them elsewhere.

This same vulnerability exists no matter the type of wallet, as long as it is connected to a network. That is why Trezor was created, to isolate critical security components from ever being exposed to the internet, giving you absolute certainty about the address you are communicating with. Now, all the addresses involved in a multisignature transaction made through Unchained Capital can be checked directly on your device, meaning you can see if someone is trying to interfere with the transaction.

As secure as your wallet may be, there is always the chance that someone targets you directly instead. In a cryptographically-secured system, you are the weakest link. If you give away information about yourself and your cryptocurrency holdings, you are inviting people to attempt to guess your passphrases or PIN, or even to convince you to hand over your seed phrase.

Malware and phishing are another problem. They take many forms but, in Bitcoin, there are two types of attack which are exceedingly common. The first kind targets your seed phrase, using a program to trick you into typing it out and then using it to access your funds. This is why you should only use a physical backup and never digitise your seed nor share it with anyone. The second will wait until you try and send a transaction, then swap the address behind the scenes for one owned by an attacker. These attacks require different approaches to mitigate, but Trezor has been designed to combat both.

By using a distributed access method like multisig or Shamir backup, any successful social attack would only result in the loss of one key or Shamir share, which would be useless to an attacker and yet still allow you to combine other keys or shares to access your funds and move them to a fresh address. The same logic keeps you safe if you accidentally give up your seed phrase to a malware script or keylogger, while Trezor’s on-device confirmation is what prevents anyone from switching out the receiving address.

Multisignature makes for an effective security measure but it has other use cases, too. Bitcoin still hasn’t gained much traction among traditional financial institutions, in part due to the problem of key ownership. Should a bank wish to manage its customers’ cryptocurrency holdings, they would have to think about who has access to the keys. Should the bank’s CEO be the only one with access to all the bank’s customer’s funds? Or should each client be assigned a particular clerk who will facilitate access to their funds? Obviously, neither are satisfying proposals.

By using a combination of keys, the problem becomes solvable through collaborative custody. The branch manager could hold one, a customer another and their spouse a third, for example. This way, the bank would not be able to move your funds without consent, while your spouse could share access to the account. Of course, you could make it more complicated, requiring many more keys at once, depending on your needs. What’s more, in the case of the account owner’s death, the Bitcoin can still be accessed and inherited by whomever they named in their will.

By releasing this code into the world, we guarantee a greater level of security, because our encryption methods are audited by security experts from around the world, completely transparently. It also lets us take pride in the fact that other innovative companies can use what we’ve created and apply it to new solutions, allowing the whole space to advance as one.

Any company can take our software and integrate it into their projects, free of charge. The same can also be done with our hardware — you can even build your very own Trezor from scratch, if you’re up to the challenge. Of course, this comes with some risks, giving rise to counterfeit Trezors and copycat companies, but the benefits outweigh these negatives. As demonstrated here and in our previous project with Unchained Capital, the hard work has paid off, exemplifying the great things we can do when we collaborate openly.