2025 was a big year for bitcoin. Watch the year in review w/ Preston Pysh, James Lavish, and Bitcoin Policy Institute!
Unchained has led the industry of collaborative multisig bitcoin services for nearly a decade. We’ve built products based specifically on 2-of-3 multisig quorums, which represent the least complicated multisig structure for holding bitcoin without single points of failure. We believe that 2-of-3 is the best choice for most people in most situations, while larger quorums introduce unnecessary complexity.
In our introductory multisig article, we created a multisig pyramid diagram to illustrate this concept. We pointed out that 2-of-3 is typically ideal, 1-of-N and N-of-N quorums fail to eliminate single points of failure, and hinted that some quorums beyond 2-of-3 could be useful for individuals or businesses with specific or elaborate needs:
Now that Unchained offers support for a larger range of multisig quorum options, it’s worthwhile to conduct a deeper analysis into the strengths and weaknesses of the various choices. This article will take a deep dive into the tradeoffs, so that you can make an informed decision about your bitcoin custody security model. We will begin by introducing a few concepts, such as quorum categories, key categories, sovereign access, and agent failsafes.
Within our analysis of multisig quorums beyond 2-of-3, we’ve found it makes sense to separate quorums into three categories that relate to the multisig pyramid: center, left-of-center, and right-of-center. Quorums within each category share a lot in common.
Center quorums are found within the center of the multisig pyramid. They include 2-of-3, 3-of-5, 4-of-7, and so forth. The formula to tell whether a K-of-N quorum is a center quorum is if: 2K-1=N.
Center quorums are among the most popular, presumably because they are equidistant from the two main threats to your bitcoin: loss and theft. If a quorum is “too far to the left,” such as a 1-of-N quorum, then it offers less protection against thieves, who may only need to find one item to access your funds. If a quorum is “too far to the right,” such as an N-of-N quorum, then it offers less protection against loss, because it could mean that if one item is destroyed or misplaced, you become unable to access the funds yourself. Therefore, center quorums provide balanced protection against these concerns.
Left-of-center quorums are predictably found on the left side of the pyramid. They include 2-of-4, 2-of-5, 2-of-6, 3-of-6, and so forth. The formula to identify a left-of-center quorum is if: 2K-1<N. Note that we will discard 1-of-N quorums from this analysis, because they fail to eliminate single points of failure.
Compared to center quorums, left-of-center quorums offer a tradeoff—more protection against the risk of losing access to your bitcoin, but slightly less protection against the risk of unauthorized access. This makes sense, because if a smaller portion of the total keys are needed to withdraw bitcoin, naturally the bitcoin is more easily accessible.
Right-of-center quorums are naturally on the right side of the pyramid. They include 3-of-4, 4-of-5, 4-of-6, 5-of-6, and so forth. The formula to identify a left-of-center quorum is if: 2K-1>N. Note that we will discard N-of-N quorums from this analysis, because they fail to eliminate single points of failure.
Right-of-center quorums offer the opposite tradeoff compared to left-of-center quorums. They provide more protection against the risk of unauthorized access, but slightly less protection against the risk of losing access yourself. A greater portion of the total keys are required to withdraw bitcoin, therefore access is more challenging.
Another critical element of this analysis is that there are two primary categories of keys which can be utilized within a multisig setup. A self-managed key is a key held by you, or by a member of your collective organization in the case of a bitcoin treasury. An agent-managed key is a key held by a key agent—someone who is not an owner of the bitcoin, but is employed to secure and operate one of the keys in the quorum. This distinction matters because it means fundamentally different custody structures are available for any given multisig quorum.
To illustrate, consider that in a 2-of-3 quorum, there are four unique arrangements of key types possible. Each arrangement creates a unique set of key combinations which can approve the withdrawal of bitcoin, which we will call access patterns:
As you can see from the chart above, some arrangements offer more access patterns than others, which may be more attractive for people who seek optionality in how directly involved they must be when withdrawing their bitcoin from cold storage.
In this article, we will introduce a shorthand system to show arrangements and access patterns in a more concise manner. Arrangements such as “2 self-managed keys and 1 agent-managed key” will be shown as “2S/1A” and include a slash. Access patterns such as “1 self-managed key and 1 agent-managed key” will be shown as “1S+1A” and include a plus sign.
Furthermore, sometimes there are several combinations of different keys within the multisig arrangement that can produce a particular access pattern, which can be relevant for comparing different arrangements. The number of combinations for an access pattern can be shown as “(1S+1A)2”, meaning two possible key combinations can create the access pattern.
Applying these notations, the possibilities for a 2-of-3 multisig quorum looks like this:
While each self-managed key is generally thought of as being similar to one another (the primary differences relating to their storage locations), agent-managed keys can be further differentiated based on the classification of the agent. In particular, it’s common to distinguish a key held by a professional institution specializing in key agency, from a connection, which describes a close friend or family member tasked with managing one of the keys. With the launch of our Connections feature, Unchained offers support for both approaches.
It can be useful to delineate between these types of agent-managed keys. Professional institutions are generally seen as having more expertise in key management than connections, because of thoughtfully-designed guardrails and procedures. Meanwhile, connections might have an advantage in situations where institutional procedures are seen as cumbersome obstacles, such as during a time-sensitive transaction.
A couple of the most important metrics for examining a multisig quorum arrangement are whether or not it will provide sovereign access, and/or an agent failsafe. Sovereign access means that the bitcoin can be accessed entirely by self-managed keys, without the help of any key agent. An agent failsafe means that the bitcoin can still be recovered even if all self-managed keys are lost, because there are enough agent-managed keys in the arrangement to approve the withdrawal of funds.
Sovereign access could be desirable if you want to be able to access your bitcoin independently from third-party involvement, but it could be undesirable if you are concerned about the possibility of an attacker coercing you to give up funds. An agent failsafe could be desirable if you are concerned about losing all of your self-managed keys, but could be undesirable if you are concerned that your key agents might maliciously collude to access your bitcoin without your permission.
It’s worth noting that the disadvantages shown for each of the two traits can be mitigated with certain techniques. If an arrangement includes sovereign access, and the self-managed keys are sufficiently separated geographically, then a coercive attack is less likely to result in the loss of funds. If an arrangement includes an agent failsafe, prudence in how you select key agents can create a very low likelihood of collusion against you. It’s possible to have key agents that aren’t aware of each other’s existence. You can also split key agent duties across both professional institutions and connections, so that collusion might require multiple types of betrayals—both an institutional/governmental betrayal, as well as a personal betrayal.
The category of center quorums is interesting, because it leads to a choice between an arrangement with sovereign access, or an arrangement with an agent failsafe. There are no arrangements which allow for both traits, or neither trait.
Let’s take a closer look at the simplest examples of center quorums, 2-of-3 and 3-of-5.
The most widely recommended multisig quorum is 2-of-3, because it includes the least number of total keys and the least managerial complexity, while successfully protecting against single points of failure. It also offers a variety of arrangement options to meet many different goals. The 3S/0A arrangement can be set up entirely on your own, without any key agents, which has tradeoffs we compared in an earlier article. 2S/1A is a great way to establish a collaborative custody partnership, without giving up sovereign access. 1S/2A and 0S/3A are approaches to minimize your key-holding responsibilities, without trusting a single bitcoin custodian.
At the cost of more keys and more complexity, 3-of-5 quorums have the benefit of removing not only single points of failure, but also “double points of failure” (for example, any two keys can be lost and the funds recovered). It’s the smallest quorum capable of achieving this, just as 4-of-7 is the smallest quorum capable of removing “triple points of failure,” and so forth. In practice, most people only need protection from single points of failure to successfully protect their bitcoin indefinitely.
There are some interesting 3-of-5 arrangements to consider, such as 3S/2A, which enables sovereign access but also a path to recovery if a majority of self-managed keys are lost. 2S/3A enables an agent failsafe of 3 different agents, but also the ability to work with just one of them plus your own two self-managed keys.
Left-of-center quorums are unique because less than a majority of keys in the quorum are needed to spend funds. As a result, this category can produce the most access patterns and key combinations, with the least number of total keys. It’s also the only category capable of arrangements which feature both sovereign access and an agent failsafe.
Let’s take a closer look at the simplest examples of left-of-center quorums, 2-of-4 and 2-of-5.
The access patterns offered by 2-of-4 quorum arrangements are not much different than 2-of-3 quorum arrangements, with one exception: 2S/2A. This arrangement is special, because it reveals 2-of-4 as the smallest multisig quorum capable of three unique access patterns. In a similar way, 3-of-6 is the smallest quorum to allow four unique access patterns, and so forth.
The 2S/2A arrangement is also the least complex way to have both sovereign access and an agent failsafe. This might be an attractive option to you if you like the idea of being able to access your bitcoin without relying on assistance from agents, but would also like the possibility of assistance from agents in the event of completely losing your self-managed keys.
When comparing 2-of-5 quorums to 2-of-4, we find that there are no new access pattern sets. The main difference is that there are more combinations of keys which can produce any given access pattern, which is true to an even greater extent for 2-of-6, 2-of-7, and so on. This could be relevant and desirable if you have a reason to prioritize a particular access pattern over another.
Right-of-center quorums are unique because a supermajority of keys in the quorum are needed to spend funds. Therefore, this category produces the least access patterns and key combinations. It’s the only category capable of arrangements which feature neither sovereign access nor an agent failsafe.
Let’s take a closer look at the simplest examples of right-of-center quorums, 3-of-4 and 4-of-5.
The arrangements within 3-of-4 multisig quorums can provide many of the same access pattern sets as 3-of-5, although 2S/2A provides a unique profile. It is the least complex way to prevent both sovereign access and an agent failsafe. This might be attractive to someone who is concerned about the possibility of a coercive attack on their self-managed keys, and therefore wants key agents to be involved in a withdrawal process, but simultaneously wants to prevent the possibility of key agent collusion. Both of these concerns are related to the threat of theft, which is the type of protection prioritized by right-of-center quorums, rather than the threat of lost access.
A 4-of-5 quorum introduces an additional key beyond 3-of-4, and also requires that another key from the group must approve withdrawals. This creates an even greater challenge to move funds, and increases the risk of losing access completely. If any two of the keys in the quorum become lost or destroyed, the bitcoin would be inaccessible forever. While this fact is also true for other quorums such as 2-of-3, if there are more total keys that could become lost or destroyed (such as five in this case), the danger is amplified. Right-of-center quorums like 4-of-6, which are positioned further from the edge of the multisig pyramid, can help mitigate this.
As we’ve shown above, multisig wallets can offer many different quorums and key arrangements to choose from, resulting in highly customizable bitcoin custody. The options can feel overwhelming at first, but if you understand the relevant tradeoffs, you can prioritize the features you care about most, narrowing down the decision.
Some helpful questions to ask yourself include:
Upon considering these questions, most individuals are likely to find that one of the arrangements available within a 2-of-3 quorum aligns with their objectives. However, some people may also lean toward a 3-of-5 quorum for added customizability, a 2-of-4 quorum to have sovereign access alongside an agent failsafe, a 3-of-4 quorum to lock funds down for years on end, or a 4-of-6 quorum to mimic a 3-of-4 but with a bit more protection against key loss.
If some of these multisig quorum arrangements interest you, we invite you book a free consultation with the Unchained team! We'd love to help you think through the various options and tradeoffs, and work with you build the perfect bitcoin security setup for your needs.
