Multi-signature (multisig) wallets require more than one approval to move funds. On Bitcoin, classic multisig uses scripts like m-of-n with P2SH or P2WSH; newer Taproot-era schemes such as MuSig2 and FROST can aggregate multiple approvals into a single Schnorr signature for better privacy and lower fees. On Ethereum and EVM chains, multisig is implemented in smart contracts such as Safe, where owners confirm a transaction until a threshold is met. Multisig differs from MPC wallets: multisig enforces policy on-chain or in-contract, while MPC creates one joint signature off-chain.
Multisig in one minute
A basic multisig policy is written as m-of-n: out of n public keys, at least m must sign for a spend to be valid. Bitcoin’s developer guide describes how this appears in scripts and notes that P2SH and P2WSH are the common ways to deploy it on-chain. This design lets teams, families, DAOs, or custodians distribute risk across multiple keys and devices.
How Bitcoin multisig works under the hood
When you create a Bitcoin multisig address, wallet software combines the set of public keys and an m-of-n threshold to produce a redeem script (for P2SH) or a witness script (for P2WSH). The createmultisig RPC illustrates this flow and returns both the address and the script you’ll later reveal when spending. Each cosigner then contributes a signature to unlock the UTXO.
Coordinating signatures across hardware and software is made easier by PSBT, a standard format introduced by BIP-174 that lets wallets exchange all the data needed to sign without exposing keys. Bitcoin Optech’s topic page and the BIP itself document PSBT’s role in complex, multi-signer workflows.
Taproot-era multisig: MuSig2 and FROST
Taproot and Schnorr signatures enabled more efficient threshold schemes. MuSig2 lets multiple parties jointly produce a single Schnorr signature that looks like any ordinary signature on-chain, improving privacy and reducing transaction size compared to traditional m-of-n scripts.
FROST is a two-round threshold Schnorr protocol standardized by the IETF in 2024 that further optimizes network overhead and security properties for distributed signing. Wallets are beginning to adopt Taproot-based multisig patterns using MuSig2/FROST to cut fees and reveal less policy data on-chain.
Ethereum-style multisig: smart contracts rather than scripts
On Ethereum, multisig is implemented with a smart contract wallet. Safe (formerly Gnosis Safe) is the most widely used: you specify owners and a confirmation threshold; a transaction is proposed and only executes after the required number of owners approve. Because the policy runs in a contract, you can add modules for spend limits, role controls, or automation.
Multisig vs. MPC: what’s the difference?
Both multisig and MPC aim to remove single points of failure, but they do it differently.
Multisig anchors policy on-chain: multiple independent signatures are validated by Bitcoin scripts, Taproot-aggregate proofs, or an Ethereum smart contract. MPC splits one private key into shares and uses cryptography to produce a single signature off-chain, so the chain sees only one signer. Industry primers from custodians explain that multisig supports asynchronous signing and transparent on-chain enforcement, whereas MPC requires synchronous ceremonies but keeps the policy off-chain. Many institutions use both, depending on assets and workflows.
Common setups and when to use them
2-of-3 for personal resilience
Three keys split across devices or locations; any two can spend. This guards against loss or theft of one key without creating a single recovery choke point. Bitcoin scripts and PSBT make these flows practical with multiple hardware wallets. Taproot-based aggregation can cut the on-chain footprint.
3-of-5 for teams and treasuries
Larger groups often choose 3-of-5 or higher to balance availability and security. On Ethereum, a Safe with five owners and a threshold of three is a standard “no single admin” pattern that also supports granular modules and spending policies.
2-of-2 with time locks or recovery paths
For escrow or added friction, some workflows use 2-of-2 with a separate time-locked path for emergencies. Miniscript and Taproot policy languages are expanding the toolbox for these advanced conditions.
Benefits you actually feel
Security against single-key compromise
An attacker must compromise multiple independent keys and devices to steal funds, not just one. This is particularly meaningful for high-value treasuries and long-term savings.
Operational clarity and auditability
On Bitcoin, classic multisig explicitly lists the policy in the redeem/witness data; on Ethereum, the Safe contract logs show who confirmed a transaction. Taproot aggregation preserves privacy while maintaining policy off-chain in the signer set.
Lower fees and better privacy with Taproot
MuSig2-style aggregation reduces script size and makes multisig spends look like single-sig spends on-chain, improving both fees and fungibility.
Risks and pitfalls to avoid
Key-derivation mismatches
All cosigners must agree on address type, derivation paths, and descriptors. Using PSBT plus modern wallet descriptors minimizes compatibility issues.
Key loss and poor backups
If too many keys are lost to meet the threshold, funds are stuck. Document where each key and backup lives and test recoveries before moving significant funds. PSBT-based dry runs help validate the setup.
Smart-contract risk on Ethereum
Contract wallets add programmability but inherit contract risk. Use well-audited implementations like Safe and follow upgrade guidance carefully.
Confusing MPC with multisig
If your compliance or auditors require on-chain enforcement of authorization policy, classic multisig or Safe may be preferable. If you need a single public address footprint with distributed signing, MPC or Taproot aggregation can fit. Understand the trade-offs.
Step-by-step: setting up a Bitcoin multisig safely
- Choose policy and address type
Decide on m-of-n and whether you want legacy P2SH, native SegWit P2WSH, or Taproot-based aggregated signing. The Bitcoin developer docs cover standard script forms. - Generate keys on independent devices
Create each xpub or Taproot public key on separate hardware wallets. Never reuse seeds or store all backups together. - Build the wallet with descriptors and test
Use wallet software that supports descriptors and PSBT. Share only public information (xpubs or taproot keys), not seeds. Run a PSBT test spend with tiny amounts to confirm each cosigner can sign and the coordinator can finalize. - Document storage and recovery
Record which device holds which key and where backups are stored. Practice a recovery drill so you can meet the threshold even if one device is lost. - Consider Taproot aggregation
If your tools support MuSig2 or FROST, evaluate the fee and privacy benefits for recurring operations.
Step-by-step: creating an Ethereum Safe
- Deploy a Safe
Through the official interface or SDK, set owners’ addresses and a threshold. The Safe docs explain owner management and threshold rules. - Fund and propose a transaction
Any owner can propose a transaction; others confirm until the threshold is met. - Execute with a relayer or owner
Once approvals meet the threshold, anyone with permission can execute the transaction, and the contract enforces the policy on-chain.
Multisig vs. other controls: where each fits
Use multisig for durable authorization policy that’s visible to the chain or contract and that works across multiple independent devices and people. Use MPC when you want a single-address footprint with distributed control and are comfortable with off-chain policy. Combine either approach with passkeys or hardware security keys for your exchange logins, address allowlisting for withdrawals, and least-privilege token approvals for dApps.
FAQ
Is multisig expensive to use on Bitcoin
Classic P2SH/P2WSH multisig reveals more data on-chain than single-sig, increasing fees; Taproot aggregation with MuSig2 or FROST reduces the footprint to near single-sig.
Can I mix hardware wallets from different brands in one multisig
Yes. PSBT was designed to make cross-wallet, multi-signer coordination practical across vendors and software stacks.
Is Ethereum multisig compatible with account abstraction
Safe is a contract wallet and integrates with modules and guards; it coexists with AA features. Review Safe’s docs for supported modules and upgrade paths.
