Algorand Multisignature Wallet

Pablo Yabo
Jul 24 · 5 min read

Overview

A multisig wallet is a very useful feature, enabling ways to transfer and manage funds involving multiple parties. For instance, the implementation of a vault type lock with a 2 of 2 wallets requires 2 separate private keys to move funds or more complex approval mechanisms such as 3 signatures of 5 signers requiring any 3 keys out of 5. Multisignature wallets are popular among exchanges as they use them to improve the general security. Likewise, big projects use this technology to manage treasury funds.

Multisig Wallet in Bitcoin

In Bitcoin, multisignature wallets are implemented at the protocol layer through a specific script opcode to verify signatures that must be used to spend the funds. When users want to create a multisig wallet, they need to set it up by specifying the list of addresses and the threshold (the number of signers to approve a transaction). This results in a special public address (distinguished by the ‘3’ at the start) and the redeem script. The address is used to receive funds and the redeem script to transfer them. The signatures required to spend funds are collected off-chain and then broadcasted thus composing the transaction.

Multisig Wallet in Ethereum

Concerning multisignature wallets, Ethereum has a completely different approach to Bitcoin. In Ethereum, the premise of a general-purpose blockchain is taken to the limits where you can create the equivalent of a multisig by writing the code as there is no core implementation for it. This approach prioritizes flexibility and allows for the collection of signatures on-chain. Any signer can realize that his or her signature is required by just monitoring the blockchain.

The problem of this approach comes with the added layers of potential security holes since the security depends on the smart contract implementation. After the 2 infamous hacks of Parity’s multisignature wallet, security concerns drastically increased. Since then, a larger percentage of the security community now believes that it is very hard to build a robust blockchain using the general-purpose approach without implementing key features at the core-level.

In addition to this, the costs of using multisig transactions on Ethereum are higher since it requires multiple expensive smart contract transactions. For example, a transaction requiring 2 signatures costs about 10x the cost of a single normal transaction (21,000 gas vs. about 200,000). There are some optimizations but these add more complexities and involves the collection of signatures off-chain ending up with a similar solution to Bitcoin implementation but with the complexities of a smart contract.

Multisig Account in Algorand

Algorand approach to multisigs differs slightly from Bitcoin’s. The multisignature account is created off-chain specifying the public keys and the threshold that make up the multisignature account. After the setup, users get a public address indistinguishable from any other address so, unlike bitcoin, no one can tell if the address is a multisig account. To send funds, the transaction must contain the number of signatures specified in the threshold field.

This implementation is not exposed to the security issues of Ethereum’s approach since it is part of the core. Algorand’s network capabilities and very low fees enable the exchange of signatures on-chain. One of the parties can create and sign a transaction and publish it on the blockchain. The other parties will see the transaction proposal and will apply the other signatures until the transaction reaches the threshold and it’s broadcasted. This type of usage adds Ethereum visibility but without the security issues that could arise on a smart contract. The implementation involves the creation of 2 multisig accounts for each one needed. The first account is the fund account and the other is used to exchange messages. The last multisig must have a threshold of 1 of N to allow any participant to send messages. Using this approach, the parties can know when their signature is required by simply watching the blockchain and paying negligible fees.

Check Algorand Multisig here for more information.

Algorand Multisig Account Example

We wrote several tools to help to interact with Algorand blockchain, you can download them from this repository. I use them on this example:

  1. Create a multisig account
$ node apps/generate_address.js —multisig —size 3 —req 2
Account #1: BPVJ474GYE24CKUJYAZHWWQG3IXUWIFUCC6RIJZJ77NHM24KMZDJUJTJBM
Mnemonic: xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx
— — — — — — — — — — — — — — — — — — — — -
Account #2: B2VDBPOVH7U74RAU5RYONNJEEQE4BVKQ2XCY6LC6J57DCHUYZWVVGZH3TU
Mnemonic: yyy yyy yyy yyy yyy yyy yyy yyyy yyy yyy yyy yyy yyy yyy yyy yyy
— — — — — — — — — — — — — — — — — — — — -
Account #3: T2BMVL5RKH3RCOWCWRXGRXIDYXDAV5YKDHMRNF7HMVZBKOSU3MXYULFEZA
Mnemonic: zzz zzz zzz zzz zzz zzz zzz zzz zzz zzz zzz zzz zzz zzz zzz zzz zzz
— — — — — — — — — — — — — — — — — — — — -
Multi-sig Account: GHKSZK7CMAWHUGFZDGOZ6JS5YGAY5TCRMW3URPUBELYVP7MPPFOZ3EC3T4

2. Then, build a transaction with the multisig address as from and use a to that you control. In this example, I am using one of the addresses used for the multisig. In node-api-token you should use your token (located in algod.token file in the data dir), in node-url the URL of your node (mine is in localhost), and I am using mainnet for genesis-id and genesis-hash:

$ node apps/build.js —from GHKSZK7CMAWHUGFZDGOZ6JS5YGAY5TCRMW3URPUBELYVP7MPPFOZ3EC3T4 —to BPVJ474GYE24CKUJYAZHWWQG3IXUWIFUCC6RIJZJ77NHM24KMZDJUJTJBM —amount 100000 —fee 1000 —first-round +1 —genesis-hash wGHE2Pwdvd7S12BL5FaOP20EGYesN73ktiC1qzkkit8= —genesis-id mainnet-v1.0 —output test-multisig.tx —fixed-fee —node-url http://127.0.0.1:8080 —node-api-token {your API-token}Generated transaction ID: YECIDLIXGHIFNSUXJUWQYLQPUY6LHMS6NXNQDGMZWU56TS2XT7MA

3. Sign transactions twice (2 of 3 multisig):

$ node apps/sign.js —multisig-addresses BPVJ474GYE24CKUJYAZHWWQG3IXUWIFUCC6RIJZJ77NHM24KMZDJUJTJBM,B2VDBPOVH7U74RAU5RYONNJEEQE4BVKQ2XCY6LC6J57DCHUYZWVVGZH3TU,T2BMVL5RKH3RCOWCWRXGRXIDYXDAV5YKDHMRNF7HMVZBKOSU3MXYULFEZA —multisig-threshold 2 —input test-multisig.tx -output test-multisig.tx.sigEnter mnemonic: xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx xxx
Loading /home/pablo/tools/algorand-tools/test-multisig.tx…
Processing 1 of 1…
Saving /home/pablo/tools/algorand-tools/test-multisig.tx.sig…
$ node apps/sign.js —input test-multisig.tx.sig -output test-multisig.tx.sigEnter mnemonic: yyy yyy yyy yyy yyy yyy yyy yyyy yyy yyy yyy yyy yyy yyy yyy yyy
Loading /home/pablo/tools/algorand-tools/test-multisig.tx.sig…
Processing 1 of 1…
Saving /home/pablo/tools/algorand-tools/test-multisig.tx.sig…

4. Broadcast transaction:

$ node apps/send.js —node-url http://127.0.0.1:8080 —node-api-token {your API-token} —input test-multisig.tx.sigSending transaction YECIDLIXGHIFNSUXJUWQYLQPUY6LHMS6NXNQDGMZWU56TS2XT7MA
YECIDLIXGHIFNSUXJUWQYLQPUY6LHMS6NXNQDGMZWU56TS2XT7MA: Successfully sent [From:GHKSZK7CMAWHUGFZDGOZ6JS5YGAY5TCRMW3URPUBELYVP7MPPFOZ3EC3T4 / To:BPVJ474GYE24CKUJYAZHWWQG3IXUWIFUCC6RIJZJ77NHM24KMZDJUJTJBM / Amount:100000 / Fee:1000 / fr:810553]

You can check the transaction here:

https://algoexplorer.io/tx/YECIDLIXGHIFNSUXJUWQYLQPUY6LHMS6NXNQDGMZWU56TS2XT7MA

Conclusion

Even though Algorand multisig is implemented on the core similar to Bitcoin, the almost instant transactions and insignificant fees allow developers to create an entirely different family of multisignature wallets and use cases. Additionally, when we take into account the very lightweight nodes, we can create signing devices running a node even in a Raspberry Pi. In the future, Algorand will add smart contract support enabling complex payment workflows without compromising the basic security functionalities.

At Randlabs.io we are leveraging this technology to build a multisig account and much more. Make sure to keep posted! @pipaman

Pablo Yabo

Written by

Coding next blockchain technologies at Algo.Capital, Randlabs.io and Coinfabrik

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade