Co-Signing Engine Guide

BitGo provides enterprise platforms with 2-of-3 multi-signature wallets that come full-featured with customizable co-signing policies and role-based access controls. This combination has led to a powerful, robust platform which powers over 40 Bitcoin exchanges around the world today.

The nature of 2-of-3 multi-signature wallets dictates that at least two out of the three private keys are necessary to sign a transaction in order for it to be valid. BitGo issues the second signature to a partially signed transaction, which is where the wallet policy controls come into play. Transactions are co-signed when a set of user-defined criteria is met. BitGo currently supports daily and per-transaction spending limits, as well as whitelisting a specific list of addresses. Here’s what the signing procedure looks like:

 These policies are especially useful when a wallet has multiple users. The creator of a wallet can invite people to share the wallet in one of the following capacities: viewer, spender, and administrators. In order for the invited users to be able to spend funds from the wallet, they need to be granted access to the wallet’s private key. BitGo manages to facilitate that key sharing in a secure manner by encrypting the wallet’s private key with the invited user’s public sharing key, which is generated automatically when a user first logs in. That way, when the new user wishes to initiate a transaction from the now shared wallet, they can use their private sharing key to decrypt the wallet’s private key, which in turn is used for signing. The procedure looks like this:


There are operations which a wallet administrator can perform that a spender cannot. Those include changing the wallet’s policies, inviting or removing users, and initiating transactions that violate the wallet’s policies. If a wallet has multiple administrators, any administrative action needs to be approved by another administrator.