Creating an n-of-n multisig using CHECKMULTISIG traditionally involves publishing a proportional number of signatures and public keys on the blockchain to signers in the transaction. This approach reveals the total number of participants in the transaction and incurs progressively higher transaction fees as the number of signers grow. On the other hand, MuSig allows a group of users to collectively generate a single signature and public key, enhancing privacy and lowering transaction costs for all involved signers.
When MuSig was introduced in 2018, its main shortcoming compared to CHECKMULTISIG was user experience, specifically the requirement for three rounds of interactive communication between signers. With the introduction of MuSig2 (BIP 327) in 2020, significant progress was made in non-interactive signing, providing a much more desired experience.
How it Works
MuSig2 reduces the required communication rounds from three to two and involves the wallet setup for MuSig2 by collecting all of the participants’ extended public keys (xpubs) and the construction of descriptors by each of the wallets, consistent with existing multisig practices.
The MuSig2 signing phase includes:
- First-Round Message: During the wallet setup, nonces are generated, added to the Partially Signed Bitcoin Transactions (PSBTs), and shared amongst the other signers.
- Second-Round Message: The nonces received are used to create a partial signature and sent back to each of the other signers.
An alternative to having each signer directly communicate their nonce and partial signature to every other signer is to introduce a third-party coordinator to streamline the communication process.
Last month, Andy Chow put forward two BIP drafts, MuSig2 PSBTs and MuSig2 Descriptors, which are a necessary step in MuSig2 adoption and wallet integration. The first BIP adds fields for the nonces, public keys, and partial signatures in the PSBTs, and the second BIP provides a method for describing transaction outputs that are controlled by a MuSig2 wallet. Together, these BIPs and specifications are all we need for integration of MuSig2 wallets!
Many wallet developers and collaborative custody solutions have long requested this standardization of the MuSig2 protocol. Now, with the formalized BIPs in place, it’s in the community’s hands to review, give feedback, and help raise awareness. At Blockstream, we look forward to participating in the public discussions and letting the formal BIP review process take place.
This is a guest post by Kiara Bickers. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.