Q&A - eosio.msig What Does Multi-Sig Do On An EOS Blockchain?

2년 전

Alexandre gives an introduction to why multi-signature (msig) signing is a useful and powerful feature of the EOS blockchain that we should all know about. It helps to make things easier AND more secure.
Still have more questions? Join us on Telegram


So today we're going to talk about msig. About the eosio.msig account; multi signature.

Let's picture this. You're going out to the park and you want to gather signatures for a petition. So you have one sheet of paper, and then you go to the people, you walk to them, and then you say "write your name here." And you gather the signatures. So that's very good, but you need to walk, and you need to have a single piece of paper.

In the EOS world, let's say we want to have a transaction be signed by multiple parties. So what you can do, is you can  craft the transaction and then you put it on a USB key. So it's just a JSON file that says transfer from Alice to Bob a million bucks, whatever. And let's say that requires two signatures, because both the mother and father of Alice needs to sign, or something like that.

And so you'll take that JSON file, put it on a USB key, you'll bring that to the computer of Alice's mom and you'll say "please sign this." And you can take her signature - it's just a string of text there - and you can put it inside the USB key on the transaction, whatever stitch it there. And then you can walk to her father's computer and  say "please sign that transaction" (a million dollars remember) and then you'll collect that second transaction.

But that's really annoying, right? It's really physical, or you could do that by email. Send the transaction by email and copy/paste, and bring it back, it's all a little bit annoying. The msig contract allows you to do that on chain. You can take that transaction, you can send it to the msig contract, it's going to save the transaction on the blockchain, and you can require a few permissions to be gathered around. So you could say "I want those two persons to sign" and then you'll send them sort of a link, or whatever a pointer, to that proposed transaction. It's going to be under your namespace, and then it can go, and they can sign a transaction. They're going to say "I approve of that remote transaction." That's what's on chain.

And once you've gathered sufficient signatures, or approvals, anyone - you or whoever - can  submit that transaction to the blockchain to be executed. This is a nice feature of the chain. It's just one contract.

Some of you clever people might have noticed that msig is a privileged account. So the truth is that the signatures are not gathered on chain, but only the approvals. The signatures  are just discarded. And the way the contract is laid out is it saves the fact that this person gave its approval. And once approvals are given, the msig contract is able to execute the transaction without checking the signatures at that point. And because of the way the code is laid out, that's legit. And privileged accounts allow you to do that.

I've heard people  say "oh the msig allows you to impersonate and sign things on behalf of others." This is not true. The way that msig contract is laid out does not allow you to do that. There's something called SUDO that's in the works that could allow you to do impersonation. But msig on its own is a general purpose and a generic way for you to submit transactions to the chain and have other people from the comfort of their homes sign your transaction and approve it.

So I think it's a great security feature. I think it's also a great feature of EOS. The fact that we have that as a native contract is a great feature of the chain.

This article was originally posted on eoscanada.com
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  trending

I'm wondering if this could support an escrow service. Can a party create the transaction but withhold their own signature until a secondary party signs? Or can someone revoke their signing of the transaction after having done so?


If one were to use this for an escrow service between Party A and Party B, here's how I think it would look:
Escrow X says "I'll hold the EOS until all criteria of the transfer are met by both parties"
The msig would need all 3 to sign - Party A, Party B, and Escrow X.
So in this scenario, Party A sends EOS into Escrow X, Party B sends whatever they were supposed to Party A.
Both Party A and Party B are happy, they both sign the transaction of the msig, and report their approval to Escrow X. Then Escrow X also signs the transaction, and the EOS gets transferred over to Party B.

There are cleaner ways of setting this up, but yes it could be used for escrow.