How to use multi-signature (multisig) in Nault
Multi-signature is a way for multiple participants to own one private key each and combining them in a way so that only one common account is used to store the funds. Each participant only needs to know their particular key. Then by exchanging safe cryptographic data between the participants, a block signature is produced that can publish the corresponding block to the network.
A demo video can be found here
============================
Table of Contents
- Table of Contents
- Introduction
- Generate a Multisig Address
- Create a New Transaction Block
- Sign the Transaction Using Multisig
- Publish the Multisig Transaction
- Troubleshooting
============================
Introduction
The most common approach is to enforce at least 50% of the participants to take part, while the current Nano implementation requires 100%. It’s more secure but also involves a higher risk since it’s a higher chance that one of the keys goes missing and funds locked forever. This type of implementation, also called M of M, will probably change in the future to the less risky M of N. It will require a new multisig library to be developed.
The multisig procedure involves some manual steps and is aimed at advanced users with high security in mind:
- A multisig address is created by combining normal Nano addresses
- The address is used in the Nault “block explorer” to create SEND, RECEIVE or CHANGE blocks
- A signature is generated (online or offline) for the block using private keys from the same amount of participants as you decided when you created the multisig address
- Finally, the block is processed on the public Nano network
============================
Generate a Multisig Address
-
Visit the Multi Signature screen under Advanced Tools.
- Add the addresses you want to participate with. Each one must have a known private key that will be used during the block signing. Any Nano account can be used, even if they have funds in them, but if you want to start with new fresh key/address pairs you can create them in the Keypair Generator.
-
Press Generate Multisig and make a note of the generated Multisig Address. The private keys are sensitive information that should never be shared.
============================
Create a New Transaction Block
-
Paste your multisig address either on the multisig page or in the bottom left search bar. It will take you to the account detail page where you can see any incoming transaction or create new ones.
- Depending on how you got to the Account Detail page, you may need to expand the “Advanced Options” and “Enable Remote Signing / Multisig”.
-
You can “Create New Block” to SEND funds or to CHANGE representative. You can also receive incoming transactions in the list by using the SIGN BLOCK button. Both will create an Unsigned Block that you copy to the next step. Either by text or QR depending on where you will do the signing.
-
The signing step can be offline for maximum security. In that case, you (or your participants) can run the Nault desktop app on another machine and go to either the Remote Signing screen, the Multi Signature screen or scan from a QR directly.
-
If using Remote Signing screen: Use the “Sign Block”
-
If using Multi Signature screen: Use the “Multisig for Participants”
============================
Sign the Transaction Using Multisig
If you own all keys, you can use multiple tabs/browser screens and the “Multi-Tab Mode” (requires the web version):
- Enter the number of participants and copy the browser URL or use the “Copy Signing Link”. Open the same URL in all tabs.
- Enter one private key in each tab, doesn’t matter which one as long as all belong to the multisig address you are about to sign.
- Check “Multi-Tab Mode” and press “Start Multi-Signing”.
-
If it went well it will display a QR code and data for the signed block you can copy to the final step.
If you are multiple participants on different machines (web version or desktop app):
-
Enter the number of participants and copy the browser URL or use the “Copy Signing Link”. Share it with your participants who will enter it in the Multi Signature screen as “Multisig for Participants”.
- Each participant will enter their private key and press “Start Multi-Signing”.
- For each step all participants will copy the output data and give it to the others. They will in turn paste it as input data, one string for each participant. Then proceed with the next step.
-
When all three steps are done it will display a QR code and data for the signed block that any of the participants can copy to the final step.
============================
Publish the Multisig Transaction
-
Use the signed block from the previous step and paste it in the Remote Signing screen as “Process Block”
-
Once you have manually confirmed that the details are correct, press “Confirm & Process”
-
The block can now be validated on the network
============================
Troubleshooting
The signing fails: Wrong block hash
- Make sure you use the same signing link for all participants, who must sign the same block.
The signing fails: Wrong private key
- Make sure you use the same signing link for all participants. It must be the same block you try to sign. Plus the private keys must match the multisig account you are signing for.
Nault doesn’t work, any other tools I can use to recover my multisig funds?
Yes, the multisig account and signing is compatible with the following
I’m missing private keys for my multisig, how to recover?
- Sorry but you simply can’t. There were several warnings in place to make sure you saved ALL private keys for the multisig you created and funded.