What Is Multisig And What It’s For: a Simple Explanation
Multisig is similar to Google Authenticator, Steam Guard, or SMS verification code, but for cryptocurrency wallets. Transactions need to be signed with more than one key, optionally from different devices.
This post explains how multisig works, how to use it, and what to replace it with if you don’t want to deploy contracts.
How Do Private Keys Work?
First, let’s remember the basics. A cryptocurrency wallet or account is a pair of public and private keys:
- The public key is a unique identifier for the account, like a phone number or bank card number;
- The private key is the password for account management.
When creating a new account, the network generates a random private key and obtains a public key from it.
When the account holder makes any transaction with their address, they send instructions to the blockchain node signed with their private key. The node, using cryptographic functions, can verify that the signature was created based on a private key that matches the public key of the desired address.
Roughly speaking, the node uses the signature to verify that it is the person who has the key to the address that wants to operate on the address.
Bottom line: users can manage funds at the corresponding address if they have a private key. If another user receives the key, they will also have access to the address. Private keys should therefore be stored on a secure device, preferably not connected to the internet.
How Does Multisig Work?
A multisig is a smart contract that will only operate if the operation has been signed by a few of previously assigned keys. The number of signatures required is called a threshold value.
It works like this:
- Alice, Bob, and Eve have created a multisig contract based on their public keys with a threshold value of 2 and deposited 100 tez on it.
- Alice and Bob want to send 10 tez to Eve.
- Alice asks the octez client to prepare the transaction code for the signature and hands it to Bob.
- Alice and Bob sign the code with their keys.
- Alice initiates a contract transaction and hands her both signatures.
- The contract verifies that the signatures match the public keys attached to it and sends 10 tez to Eve.
Multisig is needed to keep the funds very secure. For example, if the hackers gain access to one private key from the multisig, they will not be able to withdraw funds from it. When the owners of the other keys find out that one key has been stolen, they will close the vulnerability: remove the compromised key from the contract storage and add a new key in its place.
It is also useful to use the multisig for securing funds of one person. For example, the user may store one key in a notepad, another on a desktop, and a third on a smartphone. If a hacker gains access to the desktop without access to the smartphone and notepad, they cannot withdraw funds from the address. And if the user loses their smartphone, they can still manage the address using the keys on the desktop and notepad.
How to Use Multisig on Tezos?
The Attic Labs team developed the TzSign application for deploying and working with multisig contracts. We were able to originate the contract, but then received the error “Contract not found.” while trying to manage it in the app.
The second way is to self-deploy the contract via an octez client (yep, tezos client has been renamed). We followed the directions from Tezos Gitlab, and everything worked out fine.
Publishing a Multisig Contract:
octez-client deploy multisig MULTISIG_NAME transferring 1 from PUB_KEY1 with threshold X on public keys PUB_KEY1 PUB_KEY2 PUB_KEY9000 –burn-cap 1
- MULTISIG_NAME: Contract alias in a particular octez client relieving you from the need to enter the multisig address every time;
- transfer 1 from PUB_KEY1: deposit 1 tez to contract address from address PUB_KEY1. These means will be initially controlled by the multisig;
- threshold X: signatures threshold;
- PUB_KEY1, PUB_KEY2, PUB_KEY9000: addresses which will manage the contract. There can be as many as you want, you can specify aliases of imported private keys or just addresses of the tz format.
Preparing a transaction:
octez-client prepare multisig transaction on MULTISIG_NAME transferring X to PUB_KEY2
The octez client will respond with bytes to sign: these are the instructions to be signed and transmitted to the multisig contract to perform the transaction.
PUB_KEY1_SIGNATURE=$(octez-client sign bytes ‘BYTES’ for PUB_KEY1 | cut -d ‘ ‘ -f 2)
- PUB_KEY1_SIGNATURE: internal variable of the terminal, to which it will assign the signature value;
- BYTES: the value of Bytes to sign. Don’t forget single quotes.
These signatures must be made on behalf of a threshold number of addresses. If bytes need to be signed on another machine, remove the variable assignment:
octez-client sign bytes ‘BYTES’ for PUB_KEY1
The client will produce a line with a signature that has to be transferred to the transaction’s initiator.
Sending the transaction:
octez-client from multisig contract MULTISIG_NAME transfer X to PUB_KEY1 on behalf of PUB_KEY2 with signatures “$PUB_KEY1_SIGNATURE” “$PUB_KEY2_SIGNATURE”
Result: a test transaction of 0.4 tez from our multisig was successful.
Off-chain Multisig: the Shamir Scheme
A Shamir secret partitioning scheme, or simply the Shamir scheme, is the division of a secret message into several parts, from a certain number of which the original message can be reconstructed.
To securely store a private key, it can be used as follows:
- Split the private key into several parts.
- Write each part to a different storage medium.
- If you need to use a key, read the needed number of parts and recover the key from them.
Many online cryptography services provide free applications for working with the Shamir scheme. We used iancoleman.io and split down the link to the multisig contract on TzKT.
Subscribe and never miss a thing from the world of Tezos!
- Telegram channel
- Twitter in Ukrainian
- Twitter in Russian
- Twitter in English
- YouTube channel
- hub at ForkLog
Christmas and New Year-themed NFTs: Buy a Gift for tez!