Research Paper · 2026
Multisig Digital Bearer Instruments:
Trustless Digital Cash
Abstract
A trustless bearer instrument for Bitcoin allows value to transfer directly between parties without network connectivity, fees, or custodial dependency at each hop. We propose a system that inverts the key distribution of all prior multisignature bearer schemes: the bearer holds the two keys constituting the spending threshold of a 2-of-3 multisignature script, while the issuer holds one sub-threshold key that is deleted before the instrument is funded. Transfer is key handover requiring no on-chain transaction, no network connection, and no fee. Only two on-chain transactions occur across the instrument's lifetime regardless of the number of transfers.
Core Properties
Two on-chain events
Fund and sweep — no matter how many times the instrument changes hands.
Online or fully offline
Transfer by key handover. Works with or without network — no fee, no confirmation latency either way.
Issuer lockout
Issuer key deleted before funding. Enforced by Bitcoin consensus — not policy.
Cryptographic receipt
Nostr-based proof of receiver possession before sender keys are deleted.
HD wallet backup
Bearer keys are derived from a standard HD wallet seed phrase. Lose your device — recover your funds with your seed words, just like any Bitcoin wallet.
Encrypted
AES-256-GCM encryption at rest, hardware-backed key storage, NaCl sealed transfer, and memory-zeroed key material. Security enforced by hardware and Bitcoin consensus — not software policy.
Resources
A working implementation on Bitcoin Signet demonstrates the core security properties on live hardware. Batch issuance confirmed in block 297,032 on 2026-03-24 and a full peer-to-peer transfer — including Nostr receipt, key deletion, and on-chain sweep — confirmed in block 297,198 on 2026-03-26. Both transactions are verifiable on the Bitcoin Signet explorer. The alpha application at kagikai.app provides access to the proof-of-concept implementation.