 To create a two-of-two multi-sig wallet, you need two master public keys. Can you explain, for example, a wallet software like maybe Electrum, how it creates the addresses for multi-sig wallet? Is there a master public key for the multi-sig wallet combined of the two underlying master public keys? So a great question. So the way multi-sig works, native multi-sig on Bitcoin has excellent security characteristics and the reason for that is because the keys that are used in multi-sig scripts in Bitcoin are generated and used completely independently of each other. So the actual separation of controls is implemented inside the Bitcoin script. In Bitcoin, when you create a script that says it takes two of two keys and here are the public keys that are authorized to spend this particular unspent transaction output or Bitcoin chunk, if you like, the Bitcoin system will enforce that and it needs to see two signatures that correspond to those two public keys. It doesn't know how you store or how you generate it or how you keep those public keys and the system doesn't care. A number of different companies have implemented this in a variety of ways. Now, given that you can create private keys in a variety of ways from random numbers one by one or most likely as hierarchical deterministic wallets which are backed up by a mnemonic phrase and that's the secure way of doing it, the best way to do a multi-sig wallet is to generate one mnemonic phrase and a hierarchical deterministic wallet for one of the signers and generate a completely different mnemonic phrase for the other signer and you would do that perhaps using two different hardware wallets that generated and stored that seed and enabled you to generate signatures for those necessary public keys. What the wallet that's constructing it will do is it will take the master public key from each of the separate hardware wallets or mnemonic phrase seeds or whatever it is you've generated and it will generate public keys for subsequent transactions and the each pairing of public keys will generate an address based on a multi-sig script and that address will be a three address so it combines the two public keys together with a script that says two out of two and these two public keys and then produces a script-based address which starts with a three in bitcoin and that that is your multi-sig address. Now in order to spend from that multi-sig address you have to present a valid script with signatures from the two public keys that were identified in that script. Now a couple of things to watch out for. Some companies do actually generate both public keys from the same seed that's not particularly secure. I would generate two separate wallets either both as hardware wallets or you could have one as a hardware wallet one as a mobile wallet for example and generate your multi-sig address from that. Another very very important caution don't generate two of two multi-sigs it's far too dangerous if you lose access to one of the keys you're done there's nothing you can do your funds are lost forever even if you have the best backup procedures why if you want to do it for multi factor multi-sig where you control all of the keys but on different devices or wallets or multi-party multi-sig in any case you can always generate a third mnemonic phrase that you keep locked in a safe and then do a two of three multi-sig where the two online keys you use are the ones that you use on a regular basis but you have one more mnemonic phrase that can generate the third set of keys stored somewhere securely just in case as an extra backup I would never use a two of two. If you enjoyed this video please subscribe like and share all my work is shared for free so if you want to support it join me on patreon