Now open source: friendly multi-signatures for Ethereum 🔑

Today we are open sourcing one of the first building blocks for our decentralized identity system, solidity-sigutils.

Signed messages are an increasingly important tool used by decentralized applications. They enable complex access management and delegation patterns and have greater flexibility than raw transactions. Wallet applications such as MetaMask and Toshi support signing transactions via their web3 provider which contracts can verify using ecrecover().

In the context of identity management, signed messages play a crucial role in building more secure and accessible wallets. Conventionally, anyone with a user’s private key has full control over their wallet. This is a security vulnerability: any malicious actor with access to the user’s private key can steal all funds.

To improve security, it makes sense to require multi-factor approval from more than one device for some or all transactions. A so-called “multisig identity” often involves a proxy contract that accepts signed transactions from a whitelist of keys. To perform a multisig transaction:

1. Sign: The user signs a transaction message with their private key from multiple devices.
2. Concatenate: The user concatenates the message signatures into a single multi-signature.
3. Verify: The user sends the transaction message and concatenated signatures to their proxy contract, which verifies that enough valid signatures have been provided using solidity-sigutils.
4. Execute: The proxy contract forwards the transaction to the designated contract.

Signed messages inherit the security of Ethereum’s web3.personal.sign() and ecrecover(). One important benefit over raw transactions is that users can work with trust-less intermediaries without sharing their private keys. For example, signed messages enable complex transaction funding strategies like gas relays which pay for transaction costs on a user’s behalf. Additionally, identity contracts may choose to use signed messages to implement advanced functionalities such as account recovery logic that does not rely on centralized authorities.

solidity-sigutils provides a friendly interface to support the emerging community standards around Ethereum multi-signatures, such as EIP 191 and ERC 1077. It is one part of the Distributed Systems smart contract system, and has a number of uses across a wide range of decentralized applications. We hope you find it useful and contribute! 😊

Interested in joining our team? Check our careers page or drop us a line at careers@distributedsystems.com 🚩