Accounts that require two or more keys to sign a transaction (requiring a certain permission), commonly referred to as multisignature accounts, are generally used to store funds securely and are without a doubt a very exciting EOS feature. But how do multisignature accounts work, how do you sign transactions with different keys and how can you set up a multisignature account yourself? We will explain all aspects of multisignature accounts on EOS in this article.
Structure of a default EOS account
Every user has one or more accounts on the EOS blockchain. EOS accounts are human-readable identifiers that are stored on the blockchain and they are required to push any (valid) transaction to the EOS blockchain.
EOS accounts are 12 characters long and can contain the letters a-z and the digits 1–5. These account names replace the long and clumsy wallet addresses that are used in most cryptocurrencies.
Furthermore, every EOS account has permissions. Permissions can be seen as requirements which need to be fulfilled in order for a transaction to go through. Each permission has certain actions associated with it. A default EOS account has 2 native permissions:
- Owner: shows ownership of the account and is needed to make any changes to the ownership the account. The key for this permission is best kept (safely) offline, as it is not needed to do most things on the EOS network.
- Active: used for transferring funds, voting for producers and making other high-level account changes.
Besides these 2 native permissions you can create new, custom, permissions that fit your needs.
Each permission has one key associated with it. Each key associated with a permission has a certain weight, and each permission has a certain weight threshold which needs to be met before a transaction requiring that permission is accepted.
To help you understand all of this information we have included the above image, which visualizes the permissions structure of a default EOS account. As you can see, the owner permission has a default threshold of 1, and 1 key with a weight of 1 associated with it. The same goes for the activepermission which has a default threshold of 1, and 1 key with a weight of 1 associated with it. This means that only the (private) key associated with the owner or active permission is required to perform any transaction requiring the owner or active permission.
The (private) key associated with the owner permission is often referred to as the owner key, whereas the (private) key associated with the active permission is often referred to as the active key.
How multisignature EOS accounts work
Now you are familiar with (the structure of) default EOS accounts, it’s time to learn about multisignature EOS accounts. Multisignature EOS accounts function similar to default EOS accounts, the main difference between the two is the permissions structure. In a default EOS account all permissions have a threshold of 1 and only have 1 key with a weight of 1 associated with it, whereas the permissions in a multisignature EOS account have a threshold of 2 or higher and have multiple keys with (possibly) varying weights associated with them. This also means that multiple keys will have to sign any transaction from the multisignature EOS account.
An example of a possible permissions structure in a multisignature EOS account can be seen in the image above. Just like the default account described earlier, this account has both the owner and active permission.
However, the owner permission in this multisignature account has a threshold of 3 and has 3 keys associated with it: The active key from John’s account, which has a weight of 2, the active key from Bob’s account, which has a weight of 1 and the active key from Stacy’s account, which also has a weight of 1. This means that to execute any transaction requiring the ownerpermission both John’s active key and either Bob’s or Stacy’s active key would have to sign the transaction before it is executed.
The active permission in this multisignature account has a threshold of 2 and has 3 keys associated with it. The active key from John’s account, which has a weight of 1, the active key from Bob’s account, which has a weight of 1 and the active key from Stacy’s account, which also has a weight of 1. This means that to execute any transaction requiring the active permission (any combination) of 2 of the active keys would have to sign the transaction before it is executed.
Creating a multisignature EOS account
Keep in mind that changing the permissions structure of your account might render your account inaccessible and unrecoverable, proceed with caution.
In this example we will create an account which can be shared with a friend. It will have the following permissions structure:
In this example the owner permission has a threshold of 2 and has 2 keys with a weight of 1 associated with it The active key of your own account and the active key of your friend’s account. This means that in order to perform any transaction requiring the owner permission both you and your friend would have to sign the transaction with the active key before it is executed.
The active permission has a threshold of 1 and has 2 keys with a weight of 1 associated with it. The active key of your own account and the active key of your friend’s account. This means that in order to perform any transaction requiring the active permission either you or your friend would have to sign the transaction with the active key before it is executed.
Updating the active permission
We will first update the active permission, fill in the blanks using the correct information and click ‘Update’ after, then sign the transaction using Scatter. Feel free to use any permissions structure you like, just make sure you are very careful.
Updating the owner permission
After you are done updating the active permission it is time to update the owner permission. Fill in the correct information again and click “Update”.
Creating, signing and pushing multisignature transactions
Creating a multisignature transaction
The first step of creating a multisignature transaction
Fill in the correct information in the blanks and click “Send”. The sender account will be automatically filled in. After clicking “Send” you will automatically get prompted to the “Create Transaction” page, where we will create the transaction.
Creating the multisignature transaction
Fill in the correct information in the blanks. You will have to use the active permission as the transfer action requires the active permission. After you have filled in the information click “Create JSON”, sign the transaction and download the JSON file.
Signing a multisignature transaction
Signing the multisignature transaction
After you have signed the transaction make sure all other (necessary) parties sign the transaction and collect the signatures. To do so send them the JSON file of the transaction (not the signature JSON file you just downloaded. In this example you could immediately push the transaction as the threshold for the active permission has been met, but usually others would have to sign the transaction first.
Pushing a multisignature transaction
Pushing a multisignature transaction
Start by loading the transaction JSON file and add in all signature files afterwards. After you have done so click “Push Transaction” and verify the submission.
If everything went well the transaction goes through and you have created, signed and pushed your first multisignature transaction, congratulations!
EOS Block Producer name: eosamsterdam
BOS Block Producer name: amsterdambos
WAX Guild name: amsterdamwax