What is Multisign?
Have you ever heard of multisign? Do you know what multisign even is? Well, some of you do, and some of you don’t. I will try to explain this very simple and easy, and I will show you how to implement this in XRPL ledger since I am working mostly with XRPL.
Definition
Normal way to sign anything is that we need to sign object with one key. But with multisign method, we may have only a partial key. So we need someone else to sign object with us. So in cryptocurrency world, multisign is a method of signing transaction.
XRPL Multisign
When you create a wallet on XRPL network, you will get an address and a secret. You can look at this as public (address) and private (secret) key. In order to sign transaction and publish transaction to network, you will need to sign transaction with secret of and address that is initiator of transaction.
You can however, enable multisign. You will need to specify who will have partial key, what is their weight, and quorum. In order to successfully submit transaction to network, sum of signature weight must be equal or higher than the quorum. Lets check following example
Lets say, that these are our signers, and that quorum is set to 2.
So, we need transaction to be signed with Address A and Address B. So we need two signers. But actually, it is possible for transaction to be signed only by Address C since its weight is set to 2.
What we saw above, that is actually a SignerListSet on XRPL network. SignerListSet transaction will define quorum, who are signers for your account and what is their weight. This is our SignerListSet transaction
{
"Flags": 0,
"TransactionType": "SignerListSet",
"Account": "rhGNgU8hB3kyEawsGb6RqTA4qErmN2G5td",
"Fee": "10",
"SignerQuorum": 2,
"SignerEntries": [
{
"SignerEntry": {
"Account": "rELJBDnZZE1xucaZiTJ7LrXsaLFc2KmRze",
"SignerWeight": 2
}
},
{
"SignerEntry": {
"Account": "rfLPheyQesqHQMAxfzTqEQs7kPbWqzFpi1",
"SignerWeight": 1
}
},
{
"SignerEntry": {
"Account": "rNL6XjbXp5ESDm5o5KPeC9BGETyxETmkye",
"SignerWeight": 1
}
}
]
}We can sign these transaction and submit it to XRPL network, and we have multisign enabled. However, we still have our secret enabled. So, we can still sign transactions only with our secret key. Lets implement this in NodeJS, but first, lets check our account on XRPL explorer (testnet)
As we can see, there is only one transaction (Payment) and that is all. Now, lets generate signers, sign transaction and submit it to network.
const rippleLib = require("ripple-lib");
const xrpl = new rippleLib.RippleAPI({
server: 'wss://s.altnet.rippletest.net:51233'
});
const addresses = {
mine: {
address: 'rhGNgU8hB3kyEawsGb6RqTA4qErmN2G5td',
secret: 'ssN1CwAU3xjCW6UkNX9Kang4zQxyZ',
},
accountA: {
address: 'rNL6XjbXp5ESDm5o5KPeC9BGETyxETmkye',
secret: 'ss8G7HP9EKz2FB4mLPAi2FMm1eyih',
weight: 1
},
accountB: {
address: 'rfLPheyQesqHQMAxfzTqEQs7kPbWqzFpi1',
secret: 'ssHtwmGFyRoKsm5SVFNcs7yE3QeNk',
weight: 1,
},
accountC: {
address: 'rELJBDnZZE1xucaZiTJ7LrXsaLFc2KmRze',
secret: 'ssFRuMNe1FDFbaQJzRN2bPuRKgHwy',
weight: 2,
}
}
xrpl.on('connected', async () => {
const preparedSettings = await xrpl.prepareSettings(addresses.mine.address, {
signers: {
weights: ['accountA', 'accountB', 'accountC'].map(key => {
return {
address: addresses[key].address,
weight: addresses[key].weight
}
}),
threshold: 2
}
});
const signedSigners = xrpl.sign(preparedSettings.txJSON, addresses.mine.secret);
await xrpl.submit(signedSigners.signedTransaction);
})
xrpl.connect();All these accounts are testnet accounts. Lets check again our account on XRPL explorer
You can see, that new transaction was added (SignerListSet), and also, that Signers are defined in upper left corner, under XRP balance section. Quorum is set to 2, and we have maximum of 4 weights.
Now, lets create one multisigned payment transaction that is signed with Address A and with Address B. How this works is that you sign one transaction with two keys. So you have two signatures. Which one to submit to network? Well, answer is neither. You need to combine both signatures so that you get only one signature out, like this:
const preparedPayment = await xrpl.preparePayment(addresses.mine.address, {
source: {
address: addresses.mine.address,
maxAmount: {
currency: 'XRP',
value: 10
}
},
destination: {
address: 'rhmeuRdZubpYV3qFMKmFCXrgd6hH3GHbH9',
amount: {
currency: 'XRP',
value: 10
}
}
}, {
signersCount: 2
});
const signedTransaction = xrpl.combine(['accountA', 'accountB'].map(key => {
return xrpl.sign(preparedPayment.txJSON, addresses[key].secret, {
signAs: addresses[key].address
}).signedTransaction;
}));
xrpl.submit(signedTransaction);Have you notices that I provided number of signers in preparePayment method? When numbers of signers is provided, this library will automatically calculate fee. Be aware that fee is a little bit higher for multisign transaction. Multisign fee is calculated like fee * (N + 1) where N is number of signers.
On this image, we can see details about multisigned transaction. As you can see, this transaction was signed with two signers. And as we talked about, multisign transaction fee is a little bit higher that normal transaction. We can deduct from this fee that normal fee is 12 drops, ergo, multisign transaction fee with two signers is 12 * 3. 36 drops.
Note: Multisign or better yet SignerListSet counts as 1 object on XRPL ledger with the MultiSignReserve amendment, so that means that your base reserve is 20 XRP, and that this count as additional 5 XRP (Owner reserve)
Why should I use multisign?
Maybe the real question is why not? It is additional layer of security (if you disable your master key). This means that if someone hacks your account, he will not be able to initiate transaction and steal your funds, because he will need signature from someone else also.
Save each multisign secret in different location.
What happens if you lose your secret key and don’t have multisign enabled? What then? Well, your funds will also be lost. Sorry. But with multisign, that is not true. With multisign, you can recover your funds. In above example, if you lost access to even one key, you can still sign transactions with other two keys, so your funds are quite safe. However, be sure, to not save all multisign secrets in one place, because obviously, that would be a dumb way to save them :)
As we all know, 2020 was weird year. Very weird. We probably all work from home. So are our bosses. However, how to operate with funds? With hardware wallets? That would mean that one person would have complete control over the funds. Do we want that? If answer is yes, then so be it. If no, then you can start reading this story from the beginning :)
Conclusion
Multisign is a method of signing one transaction with multiple signatures. To enable multisign you need to specify which address can be a signer for transactions and what is its weight. Apart from user also need to specify quorum. If quorum is met (sum of weights), then transaction can be successfully submitted to network.
Here are some useful links about multisign
- XRPL Multisign: https://xrpl.org/multi-signing.html
- BTC Multisign: https://en.bitcoin.it/wiki/Multisignature
- XRPL SetUp Multisign: https://xrpl.org/set-up-multi-signing.html
- GateHub Multisign: https://gatehub.net/blog/blockchain-security-with-multisignature/
And here is nice video made by Wietse Wind about XRPL MultiSigning tool that he made. Enjoy
