A Multi-Signature Security Method
No need to say that when a crypto wallet’s key is stored locally by one person, it can be easily compromised. The more secure option here would be using multiple keys that would allow for higher security. That way if one of the public keys is stolen, funds will still be safe: a scammer will need more keys to be able to operate the account. That’s a solution provided by a Multi-Signature security method.
What is the Multi-Signature security method?
The multi-Signature security method (or multisig, for short) is a security solution where numerous signatures are combined into a single one to confirm a transaction. It’s like a bank vault that requires more than one key to be opened. That’s why multisig wallets are also called “vaults”.
This security method is commonly used for managing group finances. As an example, let’s take a wallet used by a family: a mother, a father, and a son. If a son wants to buy cool NFTs, he would have his mother’s or father’s transaction approval. In the case of a single wallet user, one could confirm this transaction in a browser extension and in a mobile wallet or via an authenticator app.
Generally speaking, the Multi-Signature security method benefits better security and more complex spending policies. Let’s dive deeper into it.
Intro to multisig keys on NEAR
To confirm transactions, blockchains rely on key pairs — an association of one public key with one private key kept in your browser’s local storage (keystore). In NEAR Protocol the public key represents a user identity and the private key represents the user’s digital signature and is often associated with the generated seed phrase.
One NEAR account can be associated with numerous keypairs, some of which may give full access to the account, they are called “FullAccess” keys. Other keys, “FunctionCall” keys, allow smart contracts or DApps to complete only certain types of operations (ex: use not more than 25 NEAR from the account). The private key is required anytime you want to sign a transaction with the account.
In multisig wallets, multiple signatures (multiple keys) are combined into a single private key that matches a public one. That way party members are not aware of each other private keys.
More about signature combinations
The number of signatures needed to confirm a transaction may vary from 2 out of 3 (2-of-3) to 3-of-5, 5-of-7, etc. The setup depends on the users’ choice, their number, and the required level of security: the more confirmation keys are there in the wallet, the more secure it is. However, the risk of losing all the funds with the loss of one confirmation key is higher.
For example, for a shared wallet with the funds for a weekend or evening event, users may set up a 1-of-5 multisig wallet so everybody can buy the necessary chores. Note, that this kind of wallet might be compromised with only one stolen key. For business aims, it is recommended to use at least 2-of-3 multisig wallets.
Also, in case one person should gain more rights to run the wallet, it is possible to reward them with numerous confirmation keys. For instance, a CEO of the project has 2 confirmation keys while two other employees have one key each.
What are multisig algorithms used in MyNearWallet?
MyNearWallet is using a multi-signature algorithm for email-based 2fa. It’s a 2-of-2 confirmation type that enables better security than a simple verification via a seed phrase.
George Goshanov, MyNearWallet CEO, explains its main principles:
To enable 2fa, a user has to pay 4 NEAR (~20$) in order to create and activate a Multisig contract. This is the price for storing the contract code on the network, it gets locked on the account. Transactions are sent to the network through this contract only with 2 confirmations (1 from a user, another from a server). The server confirms a transaction only when it receives a code from the user’s mail. That’s why it’s email-based.
This method is secure, but it has a number of pros. The price sets a high entry barrier for many users. The contract itself requires a lot of steps to proceed, so, it might work slowly when the network is overloaded.
That’s why MyNearWallet team is working on the MPC (multiparty computation) security method to implement in the nearest future. It has no contract, so, it doesn’t require network storage and is free for users. The signature is generated off-chain, therefore, it does not depend on the network load. We see it as a reliable solution for our wallet.
Learn, how you can enable 2fa in MyNearWallet in this article.
For better privacy and easier account recovery, MyNearWallet is planning to add an MPC security method soon. Stay tuned to learn more about it!
· What is the Multi-Signature security method?
· Intro to multisig keys on NEAR
· More about signature combinations
· What are multisig algorithms used in MyNearWallet?
