Proving Ownership of Bitcoin Multisig Addresses

ByEric Ma Posted on Updated on

Proving ownership of a multisig address differs fundamentally from proving ownership of a standard single-key wallet. With multisig, there’s no single private key to demonstrate. Instead, you need to prove control over enough keys to satisfy the wallet’s m-of-n threshold (for example, 2-of-3 or 3-of-5).

The Core Challenge

In a 2-of-3 multisig setup, you might control keys A and B while a third party controls key C. You can’t simply sign a message with one key and claim ownership. Instead, you must demonstrate that you can coordinate signatures across the keys you control to create a valid transaction or message signature that meets the threshold requirement.

The difficulty compounds when keys are distributed across multiple signers, devices, or geographic locations. You need a method that’s both cryptographically sound and practical to execute without exposing private keys or requiring all parties to be present simultaneously.

Practical Methods for Proving Multisig Ownership

Partially Signed Bitcoin Transactions (PSBTs)

A PSBT is the most straightforward way to prove multisig ownership. Create a PSBT, sign it with each key you control, and share the partially signed result. Each signature proves that:

  1. You had access to the private key
  2. You authorized that specific transaction
  3. When combined with other required signatures, the threshold is met
# Create a PSBT
bitcoin-cli createpsbt "[{\"txid\":\"...\",\"vout\":0}]" "[{\"address\":\"amount\"}]"

# Sign with your key
bitcoin-cli walletprocesspsbt "base64_psbt"

# Share the hex output with other signers

Each signer adds their signature to the same PSBT. The final combined PSBT demonstrates that threshold participants approved the transaction.

Extended Public Keys (xPubs)

For custody verification and audits, share your extended public key (xPub) rather than any private key material. An auditor can:

  1. Derive all public keys your key generates
  2. Verify which addresses belong to your key
  3. Monitor blockchain activity on those addresses
  4. Confirm that expected funds are present

This approach reveals nothing about your private keys. Tools like Specter or Casa use xPub-based verification as part of their audit workflows.

# Export your xpub from hardware wallet or node
bitcoin-cli getaddressinfo <address>
# Look for 'pubkey' and trace to parent xpub if needed

BIP-322 Message Signing

BIP-322 is the modern standard for proving message signatures across various address types, including multisig. It replaces the older BIP-191 (“signmessage”) standard, which doesn’t work cleanly with multisig.

With BIP-322, you can sign a message with multiple keys, and verifiers can confirm that the required threshold was met without needing a full transaction:

# Create a BIP-322 message proof (implementation varies by wallet/node)
# This allows proof like: "I control at least 2 of 3 keys in this address"
# without revealing which specific keys or broadcasting a transaction

This is especially useful for time-bound proofs, legal declarations, or audit documentation where creating an actual transaction is unnecessary.

Signature Aggregation with MuSig2

For multisig schemes using Taproot addresses, MuSig2 allows multiple signers to create a single aggregated signature that cryptographically proves all participants signed. This appears as a single signature on-chain but requires coordination from all m signers.

The advantage: smaller on-chain footprint and cleaner proof structure. The drawback: requires all required signers to participate in the same signing round.

Real-World Verification Scenarios

Regulatory Audits

Exchange custody and corporate treasuries must regularly prove to regulators that private keys remain under their control. Share a signed PSBT demonstrating a small test transaction, or provide xPubs with blockchain evidence of unspent UTXOs in the multisig address.

Proof of Reserve

Bitcoin ETF operators must verify they hold the exact amount of Bitcoin they claim. They typically:

  1. Share xPubs for each key they control
  2. Provide a PSBT signature proving they initiated a transaction (without broadcasting it)
  3. Include blockchain confirmations that UTXOs exist at the expected multisig address

Inheritance and Legal Transfer

Courts and legal frameworks increasingly accept cryptographic proofs instead of traditional key escrow. A multisig owner can demonstrate ownership via:

  • A dated, signed BIP-322 message
  • A PSBT showing control over the threshold
  • xPub data proving continuous custody

This avoids the security nightmare of handing keys to lawyers or escrow agents.

Key Considerations

Never Combine All Keys for Proof

Avoid any method that requires gathering all private keys in one place, even temporarily. Use PSBTs and distributed signing workflows instead.

Timestamp Your Proofs

Include timestamps and nonce values in message signatures. This prevents replay attacks and proves the proof is current.

Verify Merkle Paths

When sharing blockchain evidence (like xPub derivation paths), confirm the exact UTXOs, amounts, and transaction IDs against multiple block explorers or your own node.

Plan for Key Rotation

Multisig setups often involve key rotation or replacement. Document which keys were used for each proof, especially for legal purposes.

Multisig ownership proof is now standard practice in institutional custody, insurance claims, and estate planning. Use PSBTs for transaction-specific proof, xPubs for ongoing audit capability, and BIP-322 for message-based declarations.

Leave a Reply

Your email address will not be published. Required fields are marked *