Standard bitcoin transactions involve payment to an address which requires a signature from one private key to spend. With multi-signature addresses, M of N transactions are possible. In this episode we will create a multi-signature address which requires two of three signatures to spend. This could be useful for securing bitcoin in multiple locations reducing the "all or nothing" risk of loosing a private key.
One example use of this is in securing some amount of bitcoin offline. You might first generate three private keys and from them generate a 2 of 3 multisig address. At this point, the address is worthless. Then you might print out those private keys and the redeem script onto three separate pieces of paper and destroy any digital copy. Next you might send two of those pieces of paper to two different friends of yours and keep the third in a safe place yourself. Remember, there is no value on the multisig address yet so if they get lost in transit or for some reason you believe the papers didn't make it to their destinations safely, you just start over. With our keys safely in three separate locations, you might transfer some bitcoin to the multisig address, loading up your offline wallet.
Some time goes by and you might want to gain access to your bitcoin. You create a spend transaction sending the value to some other online wallet. This transaction isn't valid yet because nobody has signed it so it is safe to send via email to one of your friends. They pull out the piece of paper you sent them, type in the private key adding their signature to the transaction. The transaction is still not yet valid so they email it back to you without worry. You then might decide to add your signature to the transaction making it valid. Again, the transaction would be safe to email because any attempt to change the transaction redirecting it to some other address would invalidate the whole thing. After deciding this is still what you wanted, you might decide to transmit this previously completely offline transaction on the network which would spend the funds away from the multisig address.
This is very similar to how many online wallet provider's "vault" features work. However, doing this yourself removes the requirement to trust a possibly disinterested third party. As with anything you do yourself, however, there wouldn't be a third party to blame if you messed things up. (I'm not responsible for any bitcoin you loose trying to get this working!) There are risks in either strategy.
The software used in this demo is available here: